Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection issues, MBAM won't update and cannot enable windows firewall and more


  • This topic is locked This topic is locked
22 replies to this topic

#1 Scott Stoef

Scott Stoef

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 30 April 2015 - 05:25 PM

We recently started to have issues with our primary home computer.  It started off as the browsers running extremely slow, and then the other day our credit card was compromised.  I also found out that when my wife did our online banking, she would logoff and when we went to log back in the next day the user account was set to my daughters account who doesn't use the computer. That instantly got me thinking something was wrong.  I tried to update my Malwarebytes, but it said there was no update, but I recently updated it on another computer earlier in the day so I know that was not correct. I restarted the computer in safe mode and successfully updated MBAM and did a search but it didn't find anything.  I'm running Norton Security Suite, but have turned off the firewall and antivirus, but whatever I have will not allow me to turn on Windows firewall either.  Whatever I have it being very intrusive and I cannot figure it out with my current suite of tools. Help is urgently requested.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Stoeffler (administrator) on STOEFFLER-PC on 30-04-2015 18:14:56
Running from C:\Users\Stoeffler\Downloads
Loaded Profiles: Stoeffler & Sandy & Branden & Kayla & Scott & UpdatusUser & Guest (Available profiles: Stoeffler & Sandy & Branden & Kayla & Scott & UpdatusUser & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Dropbox, Inc.) C:\Users\Sandy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2596712 2009-10-01] (Symantec Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\...\Run: [Artisan 830(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\...\Run: [EPSON Artisan 830 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-24] (SUPERAntiSpyware)
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\...\Run: [GoogleChromeAutoLaunch_8CE7D2F3A1E2F70A14F5555CC4BA72F8] => "C:\Users\Stoeffler\AppData\Local\Vosteran\Application\vosteran.exe" --auto-launch-at-startup --profile-directory="Default"
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\...\MountPoints2: {109be081-514b-11e2-84f3-806e6f6e6963} - D:\SETUP.EXE
HKU\S-1-5-21-102675289-2823336768-2379624390-1003\...\Run: [EPSON Artisan 830 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-102675289-2823336768-2379624390-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-102675289-2823336768-2379624390-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-102675289-2823336768-2379624390-1004\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-102675289-2823336768-2379624390-1006\...\Run: [EPSON Artisan 830 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-102675289-2823336768-2379624390-1006\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-102675289-2823336768-2379624390-1006\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
AppInit_DLLs-x32: C:/PROGRA~3/{0AF2E~1/171~1.0/fori.dll => C:\ProgramData\{0AF2E231-5A70-33B7-EBF6-43353B7490BB}\1.7.1.0\fori.dll [649216 2015-01-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2012-12-29]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Stoeffler\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-03-14]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-02-07]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Stoeffler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-07-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Sandy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll No File
GroupPolicyUsers\S-1-5-21-102675289-2823336768-2379624390-1004\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-102675289-2823336768-2379624390-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-102675289-2823336768-2379624390-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-102675289-2823336768-2379624390-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-102675289-2823336768-2379624390-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-102675289-2823336768-2379624390-1004 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-102675289-2823336768-2379624390-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-102675289-2823336768-2379624390-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2012-12-29] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\IPS\IPSBHO.DLL [2012-08-10] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2012-12-29] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-09] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2012-12-29] ()
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2012-12-29] ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-102675289-2823336768-2379624390-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-102675289-2823336768-2379624390-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-102675289-2823336768-2379624390-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Stoeffler\AppData\Roaming\Mozilla\Firefox\Profiles\690qopn9.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2015-04-30]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://my.yahoo.com/
CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ir_15_04&cd=2XzuyEtN2Y1L1QzutDtDtCyBtAtCzz0F0DtAzyyC0C0E0AyDtN0D0Tzu0StCtCtBtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyByCyC0CyC0B0BtDtGyEtByCtBtGtDtD0E0CtGyCyEzz0EtGtAyC0DtB0DtD0AyBtD0D0EtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzyEtC0AyDzztCtGtBtD0C0BtGyEtBtBtCtGzy0C0D0CtGyCtA0C0FzytCyD0Azy0FyB0D2Q&cr=204670277&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26]
CHR Extension: (WOT) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-26]
CHR Extension: (YouTube) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26]
CHR Extension: (No Name) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-26]
CHR Extension: (Google Search) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26]
CHR Extension: (Bookmark Manager) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-11]
CHR Extension: (Google Wallet) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR Extension: (Gmail) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-01-26] (SUPERAntiSpyware.com)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 GEARSecurity; %SystemRoot%\System32\GEARSec.exe [X]
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{0F55B9ED-801B-40CA-8C00-3603CBF5A6CC}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20150418.001\BHDrvx64.sys [1639128 2015-04-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20150429.001\IDSvia64.sys [671448 2015-03-28] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150429.019\ENG64.SYS [129752 2015-01-26] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150429.019\EX64.SYS [2137304 2015-01-26] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2015-04-30] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
U2 V2iMount; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-30 18:12 - 2015-04-30 18:12 - 00058800 _____ () C:\Users\Stoeffler\Desktop\FRST.txt
2015-04-30 18:12 - 2015-04-30 18:12 - 00041789 _____ () C:\Users\Stoeffler\Desktop\Addition.txt
2015-04-30 18:10 - 2015-04-30 18:14 - 00041791 _____ () C:\Users\Stoeffler\Downloads\Addition.txt
2015-04-30 18:09 - 2015-04-30 18:15 - 00025411 _____ () C:\Users\Stoeffler\Downloads\FRST.txt
2015-04-30 18:09 - 2015-04-30 18:14 - 00000000 ____D () C:\FRST
2015-04-30 18:07 - 2015-04-30 18:07 - 02101248 _____ (Farbar) C:\Users\Stoeffler\Downloads\FRST64.exe
2015-04-30 17:20 - 2015-04-30 17:20 - 00000000 __SHD () C:\Users\Stoeffler\AppData\Local\EmieUserList
2015-04-30 17:20 - 2015-04-30 17:20 - 00000000 __SHD () C:\Users\Stoeffler\AppData\Local\EmieSiteList
2015-04-30 17:20 - 2015-04-30 17:20 - 00000000 __SHD () C:\Users\Stoeffler\AppData\Local\EmieBrowserModeList
2015-04-30 17:16 - 2015-04-30 18:09 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS
2015-04-30 17:16 - 2015-04-30 18:09 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat
2015-04-29 21:53 - 2015-04-29 22:19 - 00000000 ____D () C:\NPE
2015-04-29 21:50 - 2015-04-29 21:50 - 03060320 ____N (Symantec Corporation) C:\Users\Stoeffler\Downloads\NPE (2).exe
2015-04-29 21:50 - 2015-04-29 21:50 - 03060320 ____N (Symantec Corporation) C:\Users\Stoeffler\Downloads\NPE (1).exe
2015-04-29 21:49 - 2015-04-29 21:49 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2015-04-29 21:49 - 2015-04-29 21:49 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat
2015-04-29 21:47 - 2015-04-29 21:47 - 00000000 ____D () C:\Users\Stoeffler\AppData\Roaming\Mozilla
2015-04-26 12:49 - 2015-04-26 12:49 - 23314194 _____ () C:\Users\Sandy\Downloads\FreebieTheGivingTreeACommonCoreUnitSample.zip
2015-04-19 19:46 - 2015-04-23 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-19 19:46 - 2015-04-19 19:46 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-19 19:46 - 2015-04-19 19:46 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-19 19:43 - 2015-04-19 19:43 - 00243312 _____ () C:\Users\Scott\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-19 17:55 - 2015-04-19 17:58 - 00002219 _____ () C:\Users\Scott\Downloads\software_removal_tool.log
2015-04-19 17:14 - 2015-04-19 18:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-14 21:56 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 21:56 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 21:56 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 21:56 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 21:56 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 21:56 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 21:56 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 21:56 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 21:56 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 21:56 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 21:56 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 21:56 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 21:56 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 21:56 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 21:56 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 21:56 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 21:56 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 21:56 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 21:56 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 21:56 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 21:56 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 21:56 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 21:56 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 21:56 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 21:56 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 21:56 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 21:56 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 21:56 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 21:56 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 21:55 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 21:55 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 21:55 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 21:55 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 21:55 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 21:55 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 21:55 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 21:55 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 21:55 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 21:55 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 21:55 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 21:55 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 21:55 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 21:55 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 21:55 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 21:55 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 21:55 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 21:55 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 21:55 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 21:55 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 21:55 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 21:55 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 21:55 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 21:55 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 21:55 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 21:55 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 21:55 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 21:55 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 21:55 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 21:55 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 21:55 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 21:55 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 21:55 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 21:55 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 21:55 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 21:55 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 21:55 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 21:55 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 21:55 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 21:55 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 21:55 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 21:55 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 21:55 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 21:55 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 21:55 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 21:55 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 21:55 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 21:55 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 21:55 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 21:55 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 21:55 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 21:55 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 21:55 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 21:55 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 21:55 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 21:55 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 21:55 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 21:55 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 21:55 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 21:55 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 21:55 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 21:55 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 21:55 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 21:55 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 21:55 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 21:55 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 21:55 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 21:55 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 21:55 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 21:55 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 21:55 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 21:55 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 21:55 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 21:55 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 21:55 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 21:55 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 21:55 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 21:55 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 21:55 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 21:55 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 21:55 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 21:55 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 21:55 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 21:55 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 21:55 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 21:55 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 21:55 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 21:54 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 21:54 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 21:54 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-11 20:11 - 2015-04-11 20:11 - 01387672 _____ () C:\Users\Scott\Downloads\EPIPR_ART835_NA (4).EXE
2015-04-04 03:00 - 2015-04-04 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-30 18:02 - 2012-12-28 17:10 - 01379535 _____ () C:\Windows\WindowsUpdate.log
2015-04-30 17:24 - 2013-11-30 18:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-30 17:22 - 2013-07-09 20:45 - 00000000 ___RD () C:\Users\Stoeffler\Dropbox
2015-04-30 17:22 - 2013-07-09 19:53 - 00000000 ____D () C:\Users\Stoeffler\AppData\Roaming\Dropbox
2015-04-30 17:16 - 2013-12-28 17:24 - 00000000 ____D () C:\Users\Stoeffler\AppData\Local\NPE
2015-04-30 17:10 - 2009-07-14 00:45 - 00023584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-30 17:10 - 2009-07-14 00:45 - 00023584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-30 17:03 - 2015-01-25 23:03 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-30 17:03 - 2013-11-30 18:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-30 17:02 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-30 17:02 - 2009-07-14 00:51 - 00043774 _____ () C:\Windows\setupact.log
2015-04-29 22:34 - 2013-01-01 04:16 - 00004096 ___SH () C:\VSNAP.IDX
2015-04-29 22:19 - 2013-12-31 14:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-29 21:25 - 2012-12-29 00:19 - 00427900 _____ () C:\Windows\PFRO.log
2015-04-29 21:25 - 2012-12-28 17:10 - 00000000 ____D () C:\Users\Stoeffler
2015-04-29 19:35 - 2013-11-30 18:34 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-29 19:05 - 2013-03-20 20:33 - 00000000 ____D () C:\Users\Sandy\AppData\Local\CrashDumps
2015-04-29 19:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Registration
2015-04-29 19:01 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-29 18:53 - 2013-07-09 19:57 - 00000000 ___RD () C:\Users\Sandy\Dropbox
2015-04-29 18:53 - 2013-07-09 19:50 - 00000000 ____D () C:\Users\Sandy\AppData\Roaming\Dropbox
2015-04-26 22:51 - 2013-01-19 12:38 - 00000000 ____D () C:\ProgramData\Norton
2015-04-23 20:21 - 2013-10-09 07:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 18:58 - 2013-07-09 19:57 - 00001021 _____ () C:\Users\Sandy\Desktop\Dropbox.lnk
2015-04-22 18:58 - 2013-07-09 19:54 - 00000000 ____D () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-19 19:59 - 2012-12-31 00:02 - 00000000 ____D () C:\Users\Scott\AppData\Local\Mozilla
2015-04-19 18:20 - 2012-12-30 15:34 - 00000000 ____D () C:\Users\Stoeffler\AppData\Local\Adobe
2015-04-19 17:24 - 2013-01-28 18:18 - 00000000 ____D () C:\HEGames
2015-04-19 17:24 - 2013-01-26 20:33 - 00000670 _____ () C:\Windows\hegames.ini
2015-04-19 17:14 - 2012-12-29 23:36 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-19 17:06 - 2015-01-25 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-19 17:06 - 2015-01-25 23:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-19 17:06 - 2013-10-24 15:27 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-17 22:10 - 2013-09-07 19:12 - 00000000 ____D () C:\Users\Scott\AppData\Local\CrashDumps
2015-04-16 00:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 04:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 03:44 - 2014-12-10 04:34 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 03:44 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 03:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 03:26 - 2012-12-30 23:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:24 - 2014-01-17 18:16 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:24 - 2009-07-14 01:13 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 03:20 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:07 - 2012-12-28 17:48 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 03:07 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-14 09:37 - 2015-01-25 23:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2015-01-25 23:03 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2013-10-24 15:27 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 20:56 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-11 20:14 - 2014-08-25 20:56 - 00004125 _____ () C:\Users\Scott\Downloads\AdjPrg_Log.log
 
==================== Files in the root of some directories =======
 
2012-12-29 15:12 - 2012-12-29 15:12 - 14794312 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
 
Some content of TEMP:
====================
C:\Users\Sandy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsvgxpw.dll
C:\Users\Stoeffler\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp29tpru.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-24 00:04
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:13 AM

Posted 01 May 2015 - 01:13 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 01 May 2015 - 04:07 PM

Hi Jurgen!  Thank you so much for helping me out.  Here is the output from the log:

17:00:20.0426 0x15ac  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04

17:00:35.0161 0x15ac  ============================================================
17:00:35.0161 0x15ac  Current date / time: 2015/05/01 17:00:35.0161
17:00:35.0161 0x15ac  SystemInfo:
17:00:35.0162 0x15ac  
17:00:35.0162 0x15ac  OS Version: 6.1.7601 ServicePack: 1.0
17:00:35.0162 0x15ac  Product type: Workstation
17:00:35.0162 0x15ac  ComputerName: STOEFFLER-PC
17:00:35.0162 0x15ac  UserName: Stoeffler
17:00:35.0162 0x15ac  Windows directory: C:\Windows
17:00:35.0162 0x15ac  System windows directory: C:\Windows
17:00:35.0162 0x15ac  Running under WOW64
17:00:35.0162 0x15ac  Processor architecture: Intel x64
17:00:35.0162 0x15ac  Number of processors: 2
17:00:35.0162 0x15ac  Page size: 0x1000
17:00:35.0162 0x15ac  Boot type: Normal boot
17:00:35.0162 0x15ac  ============================================================
17:00:50.0012 0x15ac  KLMD registered as C:\Windows\system32\drivers\75341396.sys
17:00:53.0050 0x15ac  System UUID: {5684EFC3-702E-001D-C8A8-19A1DF075453}
17:00:59.0151 0x15ac  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
17:01:00.0330 0x15ac  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:01:00.0409 0x15ac  ============================================================
17:01:00.0409 0x15ac  \Device\Harddisk0\DR0:
17:01:00.0517 0x15ac  MBR partitions:
17:01:00.0517 0x15ac  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:01:00.0517 0x15ac  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
17:01:00.0517 0x15ac  \Device\Harddisk1\DR1:
17:01:00.0518 0x15ac  MBR partitions:
17:01:00.0518 0x15ac  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
17:01:00.0518 0x15ac  ============================================================
17:01:01.0048 0x15ac  C: <-> \Device\Harddisk0\DR0\Partition2
17:01:01.0161 0x15ac  F: <-> \Device\Harddisk1\DR1\Partition1
17:01:01.0562 0x15ac  ============================================================
17:01:01.0562 0x15ac  Initialize success
17:01:01.0562 0x15ac  ============================================================
17:01:23.0060 0x1560  ============================================================
17:01:23.0060 0x1560  Scan started
17:01:23.0060 0x1560  Mode: Manual; SigCheck; TDLFS; 
17:01:23.0060 0x1560  ============================================================
17:01:23.0060 0x1560  KSN ping started
17:01:25.0362 0x1560  KSN ping finished: true
17:02:21.0096 0x1560  ================ Scan system memory ========================
17:02:21.0096 0x1560  System memory - ok
17:02:21.0097 0x1560  ================ Scan services =============================
17:02:21.0378 0x1560  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:02:28.0542 0x1560  !SASCORE - ok
17:02:39.0467 0x1560  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:02:40.0953 0x1560  1394ohci - ok
17:02:41.0082 0x1560  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:02:41.0147 0x1560  ACPI - ok
17:02:41.0206 0x1560  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:02:41.0720 0x1560  AcpiPmi - ok
17:02:41.0894 0x1560  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:02:41.0961 0x1560  adp94xx - ok
17:02:42.0071 0x1560  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:02:42.0138 0x1560  adpahci - ok
17:02:42.0252 0x1560  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:02:42.0394 0x1560  adpu320 - ok
17:02:42.0691 0x1560  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:02:48.0232 0x1560  AeLookupSvc - ok
17:02:48.0680 0x1560  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
17:02:49.0061 0x1560  AFD - ok
17:02:49.0149 0x1560  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
17:02:49.0335 0x1560  agp440 - ok
17:02:49.0460 0x1560  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
17:02:49.0990 0x1560  ALG - ok
17:02:50.0188 0x1560  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:02:50.0349 0x1560  aliide - ok
17:02:50.0538 0x1560  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:02:50.0643 0x1560  amdide - ok
17:02:50.0783 0x1560  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:02:51.0214 0x1560  AmdK8 - ok
17:02:51.0302 0x1560  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:02:51.0578 0x1560  AmdPPM - ok
17:02:51.0652 0x1560  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:02:51.0762 0x1560  amdsata - ok
17:02:51.0887 0x1560  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:02:51.0976 0x1560  amdsbs - ok
17:02:52.0044 0x1560  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:02:52.0116 0x1560  amdxata - ok
17:02:52.0438 0x1560  AntiLog32 - ok
17:02:52.0619 0x1560  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
17:02:52.0785 0x1560  AppID - ok
17:02:52.0894 0x1560  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:02:53.0094 0x1560  AppIDSvc - ok
17:02:53.0247 0x1560  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
17:02:53.0508 0x1560  Appinfo - ok
17:02:54.0412 0x1560  [ 650D03E40F93FAE323CB841F80368E5C, F67B97CFDCE2EE9294977725268EFDB0DD724BD16E7ED5BFCA45375AA8EBA5BB ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:02:54.0651 0x1560  Apple Mobile Device - ok
17:02:54.0777 0x1560  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:02:54.0852 0x1560  arc - ok
17:02:54.0960 0x1560  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:02:55.0095 0x1560  arcsas - ok
17:02:57.0061 0x1560  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:02:58.0226 0x1560  aspnet_state - ok
17:02:58.0491 0x1560  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:02:58.0690 0x1560  AsyncMac - ok
17:02:58.0860 0x1560  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:02:58.0919 0x1560  atapi - ok
17:02:59.0464 0x1560  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:03:01.0209 0x1560  AudioEndpointBuilder - ok
17:03:01.0627 0x1560  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:03:01.0745 0x1560  AudioSrv - ok
17:03:02.0097 0x1560  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:03:03.0729 0x1560  AxInstSV - ok
17:03:04.0075 0x1560  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:03:04.0359 0x1560  b06bdrv - ok
17:03:04.0589 0x1560  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:03:04.0777 0x1560  b57nd60a - ok
17:03:04.0979 0x1560  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:03:05.0179 0x1560  BDESVC - ok
17:03:05.0344 0x1560  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:03:05.0905 0x1560  Beep - ok
17:03:06.0261 0x1560  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
17:03:06.0476 0x1560  BFE - ok
17:03:07.0689 0x1560  [ 94F802E61A988F7CCEFAABC88D2A1618, 300FFB444517D22D91972B2EC57FCB9A56FD40CC901B2F1C8E352D4545180522 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20150418.001\BHDrvx64.sys
17:03:10.0315 0x1560  BHDrvx64 - ok
17:03:10.0845 0x1560  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
17:03:15.0164 0x1560  BITS - ok
17:03:15.0273 0x1560  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:03:15.0331 0x1560  blbdrive - ok
17:03:15.0848 0x1560  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:03:15.0963 0x1560  Bonjour Service - ok
17:03:16.0118 0x1560  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:03:16.0216 0x1560  bowser - ok
17:03:16.0318 0x1560  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:03:17.0728 0x1560  BrFiltLo - ok
17:03:17.0761 0x1560  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:03:17.0828 0x1560  BrFiltUp - ok
17:03:17.0984 0x1560  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
17:03:18.0155 0x1560  Browser - ok
17:03:18.0351 0x1560  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:03:18.0736 0x1560  Brserid - ok
17:03:18.0820 0x1560  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:03:18.0929 0x1560  BrSerWdm - ok
17:03:19.0021 0x1560  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:03:19.0124 0x1560  BrUsbMdm - ok
17:03:19.0177 0x1560  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:03:19.0243 0x1560  BrUsbSer - ok
17:03:19.0438 0x1560  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:03:19.0513 0x1560  BTHMODEM - ok
17:03:19.0735 0x1560  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
17:03:19.0900 0x1560  bthserv - ok
17:03:20.0328 0x1560  [ 56685951208AC81CF923B9B08BEDF3B7, F5FF438B9A54AD8D54E82DE60E1771C9685A95D5E590D69EB1E4E78D3B9B7769 ] ccSet_N360      C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys
17:03:20.0542 0x1560  ccSet_N360 - ok
17:03:20.0568 0x1560  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:03:20.0731 0x1560  cdfs - ok
17:03:20.0906 0x1560  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
17:03:20.0971 0x1560  cdrom - ok
17:03:21.0026 0x1560  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:03:21.0108 0x1560  CertPropSvc - ok
17:03:21.0235 0x1560  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:03:21.0333 0x1560  circlass - ok
17:03:21.0576 0x1560  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
17:03:21.0691 0x1560  CLFS - ok
17:03:22.0128 0x1560  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:03:22.0403 0x1560  clr_optimization_v2.0.50727_32 - ok
17:03:22.0592 0x1560  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:03:22.0707 0x1560  clr_optimization_v2.0.50727_64 - ok
17:03:22.0874 0x1560  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:03:23.0452 0x1560  clr_optimization_v4.0.30319_32 - ok
17:03:23.0528 0x1560  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:03:26.0591 0x1560  clr_optimization_v4.0.30319_64 - ok
17:03:26.0669 0x1560  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:03:26.0820 0x1560  CmBatt - ok
17:03:26.0893 0x1560  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:03:26.0954 0x1560  cmdide - ok
17:03:27.0164 0x1560  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
17:03:27.0274 0x1560  CNG - ok
17:03:27.0344 0x1560  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:03:27.0442 0x1560  Compbatt - ok
17:03:27.0496 0x1560  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:03:27.0542 0x1560  CompositeBus - ok
17:03:27.0577 0x1560  COMSysApp - ok
17:03:27.0640 0x1560  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:03:27.0742 0x1560  crcdisk - ok
17:03:27.0872 0x1560  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:03:27.0961 0x1560  CryptSvc - ok
17:03:28.0225 0x1560  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:03:28.0388 0x1560  DcomLaunch - ok
17:03:28.0503 0x1560  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:03:28.0607 0x1560  defragsvc - ok
17:03:28.0702 0x1560  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:03:28.0835 0x1560  DfsC - ok
17:03:29.0069 0x1560  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:03:29.0219 0x1560  Dhcp - ok
17:03:29.0282 0x1560  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
17:03:29.0378 0x1560  discache - ok
17:03:29.0579 0x1560  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:03:29.0657 0x1560  Disk - ok
17:03:29.0801 0x1560  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:03:29.0869 0x1560  Dnscache - ok
17:03:29.0960 0x1560  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:03:30.0269 0x1560  dot3svc - ok
17:03:30.0443 0x1560  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
17:03:30.0545 0x1560  DPS - ok
17:03:30.0671 0x1560  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:03:30.0823 0x1560  drmkaud - ok
17:03:31.0128 0x1560  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:03:31.0247 0x1560  DXGKrnl - ok
17:03:31.0404 0x1560  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
17:03:31.0513 0x1560  EapHost - ok
17:03:32.0439 0x1560  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:03:32.0626 0x1560  ebdrv - ok
17:03:33.0007 0x1560  [ 47A68B3DBBB34D4FE61DE221A8536627, BC61CE4BD4F3A12C75BA6EB9D239F24CD3F54495DE9D6C901F4DAF5D92E8366B ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:03:33.0109 0x1560  eeCtrl - ok
17:03:33.0175 0x1560  efavdrv - ok
17:03:33.0230 0x1560  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] EFS             C:\Windows\System32\lsass.exe
17:03:33.0278 0x1560  EFS - ok
17:03:33.0774 0x1560  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:03:33.0967 0x1560  ehRecvr - ok
17:03:34.0020 0x1560  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
17:03:34.0346 0x1560  ehSched - ok
17:03:34.0635 0x1560  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:03:34.0684 0x1560  elxstor - ok
17:03:34.0942 0x1560  [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
17:03:34.0991 0x1560  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic ( 1 )
17:03:35.0546 0x1560  Detect skipped due to KSN trusted
17:03:35.0546 0x1560  EpsonBidirectionalService - ok
17:03:35.0630 0x1560  [ B9773081AAF65E6D553496BA0CADCBB3, 3A77A12544755BFA1ABAA6DC53E5F03522627F57EF7092E3CC54C6431C75076A ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:03:35.0661 0x1560  EraserUtilRebootDrv - ok
17:03:35.0717 0x1560  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:03:35.0786 0x1560  ErrDev - ok
17:03:36.0178 0x1560  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
17:03:36.0516 0x1560  EventSystem - ok
17:03:36.0692 0x1560  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:03:36.0850 0x1560  exfat - ok
17:03:36.0938 0x1560  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:03:37.0102 0x1560  fastfat - ok
17:03:37.0469 0x1560  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
17:03:37.0604 0x1560  Fax - ok
17:03:37.0862 0x1560  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:03:37.0989 0x1560  fdc - ok
17:03:38.0173 0x1560  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
17:03:38.0284 0x1560  fdPHost - ok
17:03:38.0327 0x1560  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:03:38.0436 0x1560  FDResPub - ok
17:03:38.0468 0x1560  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:03:38.0487 0x1560  FileInfo - ok
17:03:38.0512 0x1560  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:03:38.0562 0x1560  Filetrace - ok
17:03:38.0611 0x1560  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:03:38.0660 0x1560  flpydisk - ok
17:03:38.0771 0x1560  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:03:38.0797 0x1560  FltMgr - ok
17:03:39.0029 0x1560  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
17:03:39.0168 0x1560  FontCache - ok
17:03:39.0234 0x1560  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:03:39.0268 0x1560  FontCache3.0.0.0 - ok
17:03:39.0287 0x1560  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:03:39.0307 0x1560  FsDepends - ok
17:03:39.0355 0x1560  [ 8DE1B4F579F8F8897409856F3BB7A7D2, F6F6B2450951E875C3C236F7798F960FD4433EE6B0C57132CB3D32126BEE34E0 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
17:03:39.0450 0x1560  fssfltr - ok
17:03:39.0898 0x1560  [ 7B4C82899A967A7EB22DAB502770AE8E, 209FB59669070FCAAACB24B0CE81C375362BF1C519B15FDB5AA3EC2C87E2069B ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:03:39.0988 0x1560  fsssvc - ok
17:03:40.0030 0x1560  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:03:40.0043 0x1560  Fs_Rec - ok
17:03:40.0085 0x1560  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:03:40.0147 0x1560  fvevol - ok
17:03:40.0167 0x1560  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:03:40.0182 0x1560  gagp30kx - ok
17:03:40.0224 0x1560  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:03:40.0237 0x1560  GEARAspiWDM - ok
17:03:40.0254 0x1560  GEARSecurity - ok
17:03:40.0286 0x1560  [ 022807B149127B8FAA3DBEB13A7D9B41, 0D871B7AC3FB37BB5664C0DFE3D4084FB1457BF4FD9E1C338F3CB2F0801EEBD2 ] GenericMount    C:\Windows\system32\DRIVERS\GenericMount.sys
17:03:40.0310 0x1560  GenericMount - ok
17:03:40.0643 0x1560  [ 33F0619AFBA455581916B1E3DC84B109, 7973BE26FDBFA396823A5B3B54B0B353E876715891C83619A906BBB03F52C589 ] GenericMount Helper Service C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
17:03:40.0696 0x1560  GenericMount Helper Service - ok
17:03:40.0862 0x1560  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:03:40.0941 0x1560  gpsvc - ok
17:03:41.0223 0x1560  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:03:41.0355 0x1560  gupdate - ok
17:03:41.0456 0x1560  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:03:41.0470 0x1560  gupdatem - ok
17:03:41.0629 0x1560  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:03:41.0769 0x1560  hcw85cir - ok
17:03:41.0904 0x1560  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:03:41.0968 0x1560  HdAudAddService - ok
17:03:42.0004 0x1560  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:03:42.0104 0x1560  HDAudBus - ok
17:03:42.0166 0x1560  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:03:42.0230 0x1560  HidBatt - ok
17:03:42.0286 0x1560  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:03:42.0393 0x1560  HidBth - ok
17:03:42.0427 0x1560  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:03:42.0456 0x1560  HidIr - ok
17:03:42.0543 0x1560  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
17:03:42.0612 0x1560  hidserv - ok
17:03:42.0724 0x1560  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:03:42.0816 0x1560  HidUsb - ok
17:03:42.0863 0x1560  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:03:42.0991 0x1560  hkmsvc - ok
17:03:43.0096 0x1560  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:03:43.0211 0x1560  HomeGroupListener - ok
17:03:43.0289 0x1560  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:03:43.0407 0x1560  HomeGroupProvider - ok
17:03:43.0540 0x1560  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:03:43.0621 0x1560  HpSAMD - ok
17:03:43.0868 0x1560  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:03:44.0046 0x1560  HTTP - ok
17:03:44.0100 0x1560  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:03:44.0125 0x1560  hwpolicy - ok
17:03:44.0269 0x1560  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:03:44.0337 0x1560  i8042prt - ok
17:03:44.0440 0x1560  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:03:44.0502 0x1560  iaStorV - ok
17:03:44.0825 0x1560  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:03:44.0915 0x1560  idsvc - ok
17:03:45.0151 0x1560  [ 4A2CAA578E0A829A15CD76CEC66A1E41, 4F01D251EC8EE2AC99C7540C8D4636EFF89B3F72EDE26412EE741E01EE3B8E02 ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20150429.001\IDSvia64.sys
17:03:45.0193 0x1560  IDSVia64 - ok
17:03:45.0322 0x1560  IEEtwCollectorService - ok
17:03:45.0428 0x1560  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:03:45.0555 0x1560  iirsp - ok
17:03:45.0798 0x1560  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
17:03:45.0916 0x1560  IKEEXT - ok
17:03:45.0951 0x1560  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:03:45.0963 0x1560  intelide - ok
17:03:46.0007 0x1560  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:03:46.0037 0x1560  intelppm - ok
17:03:46.0076 0x1560  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:03:46.0140 0x1560  IPBusEnum - ok
17:03:46.0189 0x1560  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:03:46.0261 0x1560  IpFilterDriver - ok
17:03:46.0445 0x1560  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:03:46.0518 0x1560  iphlpsvc - ok
17:03:46.0559 0x1560  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:03:46.0668 0x1560  IPMIDRV - ok
17:03:46.0688 0x1560  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:03:46.0805 0x1560  IPNAT - ok
17:03:47.0151 0x1560  [ 7FAE5B6CDB18B0B2E81F32869F595022, D873A7EE94749E1700E8F6B8BB7B485AE1B0B83388D63BE06335720498D4794F ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:03:47.0249 0x1560  iPod Service - ok
17:03:47.0291 0x1560  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:03:47.0715 0x1560  IRENUM - ok
17:03:47.0762 0x1560  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:03:47.0788 0x1560  isapnp - ok
17:03:47.0824 0x1560  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:03:47.0909 0x1560  iScsiPrt - ok
17:03:47.0939 0x1560  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:03:47.0974 0x1560  kbdclass - ok
17:03:48.0037 0x1560  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:03:48.0109 0x1560  kbdhid - ok
17:03:48.0138 0x1560  keycrypt - ok
17:03:48.0156 0x1560  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] KeyIso          C:\Windows\system32\lsass.exe
17:03:48.0216 0x1560  KeyIso - ok
17:03:48.0247 0x1560  [ 063C09DB965E3DFD6F4F08416F6DB8F5, 0BE015C59288397536B3941BA55EFE0CF06714BC43FF3A33A1D844B4E0F16097 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:03:48.0327 0x1560  KSecDD - ok
17:03:48.0375 0x1560  [ 1FA627E63195BF3BF636BFEF0D7190D4, 794456605303F4916E81BE899E0B05CB070094E719ADA8BE8072A761E35CA8E9 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:03:48.0442 0x1560  KSecPkg - ok
17:03:48.0471 0x1560  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:03:48.0538 0x1560  ksthunk - ok
17:03:48.0671 0x1560  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:03:48.0774 0x1560  KtmRm - ok
17:03:48.0926 0x1560  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:03:49.0034 0x1560  LanmanServer - ok
17:03:49.0158 0x1560  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:03:49.0288 0x1560  LanmanWorkstation - ok
17:03:50.0484 0x1560  [ A97EEB81F05BCE3D7AA6C81F04EF39A4, 5FE994FD8CA68BD9182C058F2A3C97AADF529BD10BE6E14E4825DB1F934D7F77 ] LiveUpdate      C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:03:50.0683 0x1560  LiveUpdate - ok
17:03:50.0800 0x1560  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:03:50.0884 0x1560  lltdio - ok
17:03:51.0046 0x1560  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:03:51.0146 0x1560  lltdsvc - ok
17:03:51.0168 0x1560  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:03:51.0223 0x1560  lmhosts - ok
17:03:51.0318 0x1560  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:03:51.0349 0x1560  LSI_FC - ok
17:03:51.0393 0x1560  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:03:51.0447 0x1560  LSI_SAS - ok
17:03:51.0479 0x1560  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:03:51.0500 0x1560  LSI_SAS2 - ok
17:03:51.0525 0x1560  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:03:51.0541 0x1560  LSI_SCSI - ok
17:03:51.0572 0x1560  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:03:51.0609 0x1560  luafv - ok
17:03:51.0823 0x1560  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:03:51.0895 0x1560  MBAMProtector - ok
17:03:52.0565 0x1560  [ 516E29AD03BDF610CC36A95AE692FE42, 09F913B169AD775FF587AE59AEC5DD2A2D8646803F48BF616C74EEC0DE3BE7A2 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
17:03:52.0693 0x1560  MBAMScheduler - ok
17:03:52.0858 0x1560  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
17:03:52.0929 0x1560  MBAMService - ok
17:03:52.0980 0x1560  [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
17:03:53.0005 0x1560  MBAMWebAccessControl - ok
17:03:53.0059 0x1560  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:03:53.0076 0x1560  Mcx2Svc - ok
17:03:53.0098 0x1560  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:03:53.0123 0x1560  megasas - ok
17:03:53.0138 0x1560  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:03:53.0180 0x1560  MegaSR - ok
17:03:53.0396 0x1560  Microsoft SharePoint Workspace Audit Service - ok
17:03:53.0446 0x1560  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
17:03:53.0522 0x1560  MMCSS - ok
17:03:53.0568 0x1560  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
17:03:53.0645 0x1560  Modem - ok
17:03:53.0691 0x1560  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:03:53.0775 0x1560  monitor - ok
17:03:53.0892 0x1560  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:03:53.0923 0x1560  mouclass - ok
17:03:54.0009 0x1560  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:03:54.0070 0x1560  mouhid - ok
17:03:54.0174 0x1560  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:03:54.0220 0x1560  mountmgr - ok
17:03:54.0283 0x1560  [ 269BDB3CB77EB77BABE2862BEAB1F208, EC693365C73D59244CB77E181042128A9901BA5C1109CD4F1B9A2008DF1F9582 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:03:54.0319 0x1560  MozillaMaintenance - ok
17:03:54.0359 0x1560  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:03:54.0374 0x1560  mpio - ok
17:03:54.0431 0x1560  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:03:54.0496 0x1560  mpsdrv - ok
17:03:54.0694 0x1560  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:03:54.0807 0x1560  MpsSvc - ok
17:03:54.0869 0x1560  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:03:55.0019 0x1560  MRxDAV - ok
17:03:55.0055 0x1560  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:03:55.0112 0x1560  mrxsmb - ok
17:03:55.0170 0x1560  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:03:55.0243 0x1560  mrxsmb10 - ok
17:03:55.0273 0x1560  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:03:55.0324 0x1560  mrxsmb20 - ok
17:03:55.0355 0x1560  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:03:55.0394 0x1560  msahci - ok
17:03:55.0433 0x1560  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:03:55.0499 0x1560  msdsm - ok
17:03:55.0541 0x1560  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
17:03:55.0574 0x1560  MSDTC - ok
17:03:55.0617 0x1560  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:03:55.0720 0x1560  Msfs - ok
17:03:55.0737 0x1560  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:03:55.0822 0x1560  mshidkmdf - ok
17:03:55.0849 0x1560  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:03:55.0922 0x1560  msisadrv - ok
17:03:55.0982 0x1560  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:03:56.0075 0x1560  MSiSCSI - ok
17:03:56.0079 0x1560  msiserver - ok
17:03:56.0152 0x1560  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:03:56.0227 0x1560  MSKSSRV - ok
17:03:56.0280 0x1560  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:03:56.0346 0x1560  MSPCLOCK - ok
17:03:56.0359 0x1560  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:03:56.0407 0x1560  MSPQM - ok
17:03:56.0501 0x1560  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:03:56.0547 0x1560  MsRPC - ok
17:03:56.0562 0x1560  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:03:56.0614 0x1560  mssmbios - ok
17:03:56.0632 0x1560  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:03:56.0676 0x1560  MSTEE - ok
17:03:56.0776 0x1560  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:03:56.0836 0x1560  MTConfig - ok
17:03:56.0905 0x1560  [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
17:03:56.0975 0x1560  MTsensor - ok
17:03:56.0996 0x1560  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
17:03:57.0031 0x1560  Mup - ok
17:03:57.0361 0x1560  [ 1BF9D6476061B31CD7FC2BF848529A56, 95B585543240E823D7850ADEEEA7A4738EF9E18A4B07D921F145F6EF466F0271 ] N360            C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccSvcHst.exe
17:03:57.0398 0x1560  N360 - ok
17:03:57.0490 0x1560  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
17:03:57.0578 0x1560  napagent - ok
17:03:57.0701 0x1560  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:03:57.0797 0x1560  NativeWifiP - ok
17:03:57.0948 0x1560  [ 54F4B358F41C664CBDE4507D67EED1CD, CDCA0A778AF596933CD7CBF1119FCA551ECC03CBBD4F1E8213C3FD2FECA902F2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150430.036\ENG64.SYS
17:03:57.0991 0x1560  NAVENG - ok
17:03:58.0395 0x1560  [ A74D67EEEB3938FD2FA3B65B24C32C44, 4D780B70B57E23A3A155794C4DEEBD856E32D35B789BDF4673AAC8FC3AC4367B ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150430.036\EX64.SYS
17:03:58.0466 0x1560  NAVEX15 - ok
17:03:58.0686 0x1560  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:03:58.0727 0x1560  NDIS - ok
17:03:58.0764 0x1560  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:03:58.0842 0x1560  NdisCap - ok
17:03:58.0878 0x1560  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:03:59.0104 0x1560  NdisTapi - ok
17:03:59.0217 0x1560  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:03:59.0307 0x1560  Ndisuio - ok
17:03:59.0387 0x1560  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:03:59.0468 0x1560  NdisWan - ok
17:03:59.0530 0x1560  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:03:59.0574 0x1560  NDProxy - ok
17:03:59.0618 0x1560  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:03:59.0673 0x1560  NetBIOS - ok
17:03:59.0742 0x1560  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:03:59.0799 0x1560  NetBT - ok
17:03:59.0856 0x1560  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] Netlogon        C:\Windows\system32\lsass.exe
17:03:59.0875 0x1560  Netlogon - ok
17:04:00.0032 0x1560  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
17:04:00.0126 0x1560  Netman - ok
17:04:00.0221 0x1560  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:04:00.0336 0x1560  NetMsmqActivator - ok
17:04:00.0359 0x1560  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:04:00.0376 0x1560  NetPipeActivator - ok
17:04:00.0454 0x1560  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
17:04:00.0530 0x1560  netprofm - ok
17:04:00.0586 0x1560  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:04:00.0627 0x1560  NetTcpActivator - ok
17:04:00.0644 0x1560  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:04:00.0664 0x1560  NetTcpPortSharing - ok
17:04:00.0748 0x1560  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:04:00.0825 0x1560  nfrd960 - ok
17:04:00.0976 0x1560  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:04:01.0099 0x1560  NlaSvc - ok
17:04:02.0091 0x1560  [ 4AD196A3CFA4D546068E24477A720948, BE22C23E77CAB44108D9B5E83E83A44E17EEFFA0A9C99966B3ABD0BFA8F72727 ] Norton Ghost    C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
17:04:02.0267 0x1560  Norton Ghost - ok
17:04:02.0295 0x1560  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:04:02.0403 0x1560  Npfs - ok
17:04:02.0447 0x1560  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
17:04:02.0544 0x1560  nsi - ok
17:04:02.0577 0x1560  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:04:02.0643 0x1560  nsiproxy - ok
17:04:02.0981 0x1560  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:04:03.0095 0x1560  Ntfs - ok
17:04:03.0223 0x1560  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
17:04:03.0403 0x1560  Null - ok
17:04:06.0061 0x1560  [ 8E6247F418B4C8AE9EEB0B532CABCC21, 42AD2588CBC8C9478F289955AB1391C65788D0564CCA7E0F9A41B8498A8BA117 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:04:06.0567 0x1560  nvlddmkm - ok
17:04:06.0742 0x1560  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:04:06.0797 0x1560  nvraid - ok
17:04:06.0863 0x1560  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:04:06.0883 0x1560  nvstor - ok
17:04:07.0221 0x1560  [ 41B97DCE2B2D113B831EB197F02A7398, 3168C646327E5C72741A326C12AD46A73234DA6A67DC21F66FF1D195A971FBFE ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:04:07.0268 0x1560  nvsvc - ok
17:04:07.0645 0x1560  [ A3A25E0509F67473B960DAF214828BE3, F2EC38B82DF46E5765FD8976AA5A7043637AC716F56B17D6DC7524E774602DE3 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:04:07.0700 0x1560  nvUpdatusService - ok
17:04:07.0749 0x1560  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:04:07.0786 0x1560  nv_agp - ok
17:04:07.0834 0x1560  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:04:07.0917 0x1560  ohci1394 - ok
17:04:08.0042 0x1560  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:04:08.0108 0x1560  ose - ok
17:04:09.0171 0x1560  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:04:09.0371 0x1560  osppsvc - ok
17:04:09.0499 0x1560  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:04:09.0627 0x1560  p2pimsvc - ok
17:04:09.0750 0x1560  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
17:04:09.0835 0x1560  p2psvc - ok
17:04:09.0891 0x1560  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:04:09.0951 0x1560  Parport - ok
17:04:09.0979 0x1560  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:04:09.0992 0x1560  partmgr - ok
17:04:10.0071 0x1560  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:04:10.0153 0x1560  PcaSvc - ok
17:04:10.0175 0x1560  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
17:04:10.0199 0x1560  pci - ok
17:04:10.0262 0x1560  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:04:10.0286 0x1560  pciide - ok
17:04:10.0361 0x1560  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:04:10.0399 0x1560  pcmcia - ok
17:04:10.0658 0x1560  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:04:10.0683 0x1560  pcw - ok
17:04:10.0884 0x1560  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:04:10.0985 0x1560  PEAUTH - ok
17:04:11.0914 0x1560  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:04:12.0144 0x1560  PerfHost - ok
17:04:12.0479 0x1560  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
17:04:12.0575 0x1560  pla - ok
17:04:12.0741 0x1560  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:04:12.0833 0x1560  PlugPlay - ok
17:04:12.0864 0x1560  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:04:12.0922 0x1560  PNRPAutoReg - ok
17:04:13.0031 0x1560  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:04:13.0055 0x1560  PNRPsvc - ok
17:04:13.0227 0x1560  [ 520D48ECB54A33821C95EE496A4235AF, 3C7984E480F134E303E6AD03A3837515F3E03A4727F1AD184BD1D8C71D68FFEF ] Point64         C:\Windows\system32\DRIVERS\point64.sys
17:04:13.0319 0x1560  Point64 - ok
17:04:13.0421 0x1560  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:04:13.0571 0x1560  PolicyAgent - ok
17:04:13.0705 0x1560  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
17:04:13.0820 0x1560  Power - ok
17:04:13.0875 0x1560  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:04:13.0960 0x1560  PptpMiniport - ok
17:04:13.0983 0x1560  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:04:14.0068 0x1560  Processor - ok
17:04:14.0154 0x1560  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:04:14.0278 0x1560  ProfSvc - ok
17:04:14.0306 0x1560  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:04:14.0318 0x1560  ProtectedStorage - ok
17:04:14.0370 0x1560  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:04:14.0438 0x1560  Psched - ok
17:04:14.0558 0x1560  [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:04:14.0585 0x1560  PSI_SVC_2 - ok
17:04:14.0710 0x1560  [ 788CB65D49D1162C5EE6814AFE5B0A70, 74072698692C8237F5041BB111C4E24B6583456FDA084895EA00B677B6FF64FC ] PSI_SVC_2_x64   C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
17:04:14.0736 0x1560  PSI_SVC_2_x64 - ok
17:04:14.0975 0x1560  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:04:15.0053 0x1560  ql2300 - ok
17:04:15.0095 0x1560  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:04:15.0149 0x1560  ql40xx - ok
17:04:15.0221 0x1560  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
17:04:15.0293 0x1560  QWAVE - ok
17:04:15.0341 0x1560  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:04:15.0421 0x1560  QWAVEdrv - ok
17:04:15.0471 0x1560  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:04:15.0521 0x1560  RasAcd - ok
17:04:15.0609 0x1560  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:04:15.0706 0x1560  RasAgileVpn - ok
17:04:15.0793 0x1560  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
17:04:15.0902 0x1560  RasAuto - ok
17:04:15.0994 0x1560  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:04:16.0096 0x1560  Rasl2tp - ok
17:04:16.0190 0x1560  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
17:04:16.0257 0x1560  RasMan - ok
17:04:16.0285 0x1560  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:04:16.0341 0x1560  RasPppoe - ok
17:04:16.0371 0x1560  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:04:16.0424 0x1560  RasSstp - ok
17:04:16.0455 0x1560  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:04:16.0513 0x1560  rdbss - ok
17:04:16.0538 0x1560  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:04:16.0572 0x1560  rdpbus - ok
17:04:16.0589 0x1560  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:04:16.0647 0x1560  RDPCDD - ok
17:04:16.0666 0x1560  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:04:16.0730 0x1560  RDPENCDD - ok
17:04:16.0753 0x1560  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:04:16.0852 0x1560  RDPREFMP - ok
17:04:16.0980 0x1560  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:04:17.0233 0x1560  RdpVideoMiniport - ok
17:04:17.0272 0x1560  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:04:17.0350 0x1560  RDPWD - ok
17:04:17.0404 0x1560  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:04:17.0427 0x1560  rdyboost - ok
17:04:17.0490 0x1560  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:04:17.0553 0x1560  RemoteAccess - ok
17:04:17.0601 0x1560  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:04:17.0685 0x1560  RemoteRegistry - ok
17:04:17.0708 0x1560  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:04:17.0780 0x1560  RpcEptMapper - ok
17:04:17.0844 0x1560  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
17:04:17.0885 0x1560  RpcLocator - ok
17:04:17.0980 0x1560  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
17:04:18.0030 0x1560  RpcSs - ok
17:04:18.0046 0x1560  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:04:18.0100 0x1560  rspndr - ok
17:04:18.0198 0x1560  [ 333224D4D25F9BCCA488E08345083E1C, 368CA50C6791849A029F0E55036D0F2952922D5D17BE3C35D1195C6AFED0D94F ] RTL8187         C:\Windows\system32\DRIVERS\rtl8187.sys
17:04:18.0261 0x1560  RTL8187 - ok
17:04:18.0290 0x1560  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] SamSs           C:\Windows\system32\lsass.exe
17:04:18.0591 0x1560  SamSs - ok
17:04:18.0673 0x1560  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:04:18.0700 0x1560  SASDIFSV - ok
17:04:18.0812 0x1560  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:04:18.0845 0x1560  SASKUTIL - ok
17:04:18.0884 0x1560  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:04:18.0913 0x1560  sbp2port - ok
17:04:19.0214 0x1560  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:04:19.0357 0x1560  SCardSvr - ok
17:04:19.0461 0x1560  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:04:19.0574 0x1560  scfilter - ok
17:04:19.0705 0x1560  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
17:04:20.0106 0x1560  Schedule - ok
17:04:20.0153 0x1560  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:04:20.0210 0x1560  SCPolicySvc - ok
17:04:20.0288 0x1560  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:04:20.0360 0x1560  SDRSVC - ok
17:04:20.0392 0x1560  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:04:20.0455 0x1560  secdrv - ok
17:04:20.0489 0x1560  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
17:04:20.0600 0x1560  seclogon - ok
17:04:20.0665 0x1560  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
17:04:20.0739 0x1560  SENS - ok
17:04:20.0760 0x1560  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:04:20.0848 0x1560  SensrSvc - ok
17:04:20.0884 0x1560  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:04:20.0954 0x1560  Serenum - ok
17:04:21.0058 0x1560  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:04:21.0125 0x1560  Serial - ok
17:04:21.0144 0x1560  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:04:21.0174 0x1560  sermouse - ok
17:04:21.0236 0x1560  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
17:04:21.0338 0x1560  SessionEnv - ok
17:04:21.0374 0x1560  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:04:21.0427 0x1560  sffdisk - ok
17:04:21.0445 0x1560  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:04:21.0479 0x1560  sffp_mmc - ok
17:04:21.0515 0x1560  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:04:21.0587 0x1560  sffp_sd - ok
17:04:21.0633 0x1560  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:04:21.0684 0x1560  sfloppy - ok
17:04:21.0791 0x1560  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:04:21.0860 0x1560  SharedAccess - ok
17:04:21.0910 0x1560  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:04:21.0971 0x1560  ShellHWDetection - ok
17:04:21.0993 0x1560  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:04:22.0007 0x1560  SiSRaid2 - ok
17:04:22.0014 0x1560  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:04:22.0041 0x1560  SiSRaid4 - ok
17:04:22.0060 0x1560  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:04:22.0317 0x1560  Smb - ok
17:04:22.0484 0x1560  [ 7FAFC1228C561C2FDF8A2576AD0B614D, 6F6F6357B277E5E1D1EB40E3A5AE232B2F0CCF16D21AC487CF63AA3CAF3E1AF6 ] SMR430          C:\Windows\System32\drivers\SMR430.SYS
17:04:24.0587 0x1560  SMR430 - ok
17:04:24.0691 0x1560  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:04:24.0730 0x1560  SNMPTRAP - ok
17:04:24.0829 0x1560  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:04:24.0875 0x1560  spldr - ok
17:04:25.0046 0x1560  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
17:04:25.0122 0x1560  Spooler - ok
17:04:25.0568 0x1560  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:04:25.0839 0x1560  sppsvc - ok
17:04:25.0893 0x1560  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:04:25.0969 0x1560  sppuinotify - ok
17:04:26.0173 0x1560  [ 2FD9346F9D76CB4192D37329CFA47A82, 4CD75B4006147D469116F3CBC10528928A592510DA8037D709CB198D89853CAB ] SRTSP           C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS
17:04:26.0209 0x1560  SRTSP - ok
17:04:26.0229 0x1560  [ 0E76CEF892C45734F7AED09FDDF35D4D, C25AF31E411AC3A090859C883132B9AE6A80C8D791168FF219BC0895E35A0359 ] SRTSPX          C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS
17:04:26.0242 0x1560  SRTSPX - ok
17:04:26.0401 0x1560  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:04:26.0522 0x1560  srv - ok
17:04:26.0618 0x1560  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:04:26.0773 0x1560  srv2 - ok
17:04:26.0847 0x1560  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:04:27.0033 0x1560  srvnet - ok
17:04:27.0095 0x1560  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:04:27.0180 0x1560  SSDPSRV - ok
17:04:27.0215 0x1560  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:04:27.0264 0x1560  SstpSvc - ok
17:04:27.0303 0x1560  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:04:27.0322 0x1560  stexstor - ok
17:04:27.0402 0x1560  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
17:04:27.0893 0x1560  stisvc - ok
17:04:27.0931 0x1560  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:04:27.0944 0x1560  swenum - ok
17:04:28.0108 0x1560  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
17:04:28.0180 0x1560  swprv - ok
17:04:28.0185 0x1560  Symantec SymSnap VSS Provider - ok
17:04:28.0318 0x1560  [ 52DC0048D667757A8A2E4C87182890AC, 7B43DF6DADFDDBBC5402477FE832052ADB6A39B90111CDA89B5E01CE900F55C5 ] SymDS           C:\Windows\system32\drivers\N360x64\1406000.01B\SYMDS64.SYS
17:04:28.0348 0x1560  SymDS - ok
17:04:28.0435 0x1560  [ 599872BAD7CFB45C7CE47CDED4B726D8, 5B15B1B22C3ACA1BC56CAFCAFFC2E974C75C77C0AB7355FBA91F2147C0911499 ] SymEFA          C:\Windows\system32\drivers\N360x64\1406000.01B\SYMEFA64.SYS
17:04:28.0484 0x1560  SymEFA - ok
17:04:28.0545 0x1560  [ F19E5E37ED8134B9E5F6287F2D3A75D7, 5804D6DF529213CCF7CD2C345483940554CAA5C6EA065A1B09AA54D114C612F8 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:04:28.0564 0x1560  SymEvent - ok
17:04:28.0605 0x1560  [ ADF37F1A715D6C56C8E065FD8569A9A4, 33E895CB326F62D4D22E345563B0641EB88D23B2104A07E8CEBE5ED150882767 ] SymIRON         C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS
17:04:28.0623 0x1560  SymIRON - ok
17:04:28.0672 0x1560  [ 9CDCA70485BD6B9D230365F67C31F132, 137995F1F0124E3A10AAA25551F811602BB5FE8361AE8CBA899C6B98486F4CF3 ] SymNetS         C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS
17:04:28.0702 0x1560  SymNetS - ok
17:04:28.0732 0x1560  [ 2D9B2746F7DEA46D1572B84A06311566, 06A5DDF73FB2E8B5BB21B944F155235E9A6341925100F48E30339807080C586C ] symsnap         C:\Windows\system32\DRIVERS\symsnap.sys
17:04:28.0759 0x1560  symsnap - ok
17:04:29.0215 0x1560  [ EA1A479651CA2E0409C29D586C91901D, 37A9285F027E6129AB5BFF585C3E788B048B7D5ED463387B3047868DA29E8B6A ] SymSnapService  C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
17:04:29.0325 0x1560  SymSnapService - ok
17:04:29.0698 0x1560  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
17:04:29.0952 0x1560  SysMain - ok
17:04:30.0184 0x1560  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:04:30.0320 0x1560  TabletInputService - ok
17:04:30.0495 0x1560  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:04:30.0570 0x1560  TapiSrv - ok
17:04:30.0707 0x1560  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
17:04:30.0768 0x1560  TBS - ok
17:04:31.0109 0x1560  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:04:31.0225 0x1560  Tcpip - ok
17:04:31.0446 0x1560  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:04:31.0503 0x1560  TCPIP6 - ok
17:04:31.0545 0x1560  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:04:31.0594 0x1560  tcpipreg - ok
17:04:31.0761 0x1560  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:04:31.0809 0x1560  TDPIPE - ok
17:04:31.0925 0x1560  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:04:31.0960 0x1560  TDTCP - ok
17:04:32.0845 0x1560  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:04:32.0904 0x1560  tdx - ok
17:04:32.0983 0x1560  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:04:33.0031 0x1560  TermDD - ok
17:04:33.0127 0x1560  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
17:04:33.0202 0x1560  TermService - ok
17:04:33.0262 0x1560  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
17:04:33.0352 0x1560  Themes - ok
17:04:33.0381 0x1560  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:04:33.0442 0x1560  THREADORDER - ok
17:04:33.0496 0x1560  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
17:04:33.0574 0x1560  TrkWks - ok
17:04:33.0682 0x1560  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:04:33.0756 0x1560  TrustedInstaller - ok
17:04:33.0799 0x1560  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:04:33.0871 0x1560  tssecsrv - ok
17:04:33.0969 0x1560  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:04:34.0064 0x1560  TsUsbFlt - ok
17:04:34.0148 0x1560  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:04:34.0212 0x1560  tunnel - ok
17:04:34.0264 0x1560  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:04:34.0299 0x1560  uagp35 - ok
17:04:34.0387 0x1560  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:04:34.0448 0x1560  udfs - ok
17:04:34.0481 0x1560  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:04:34.0563 0x1560  UI0Detect - ok
17:04:34.0592 0x1560  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:04:34.0606 0x1560  uliagpkx - ok
17:04:34.0662 0x1560  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:04:34.0719 0x1560  umbus - ok
17:04:34.0767 0x1560  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:04:34.0858 0x1560  UmPass - ok
17:04:34.0891 0x1560  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
17:04:34.0946 0x1560  upnphost - ok
17:04:35.0023 0x1560  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:04:35.0116 0x1560  USBAAPL64 - ok
17:04:35.0178 0x1560  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:04:35.0255 0x1560  usbccgp - ok
17:04:35.0296 0x1560  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:04:35.0373 0x1560  usbcir - ok
17:04:35.0391 0x1560  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:04:35.0440 0x1560  usbehci - ok
17:04:35.0504 0x1560  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:04:35.0587 0x1560  usbhub - ok
17:04:35.0614 0x1560  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:04:35.0667 0x1560  usbohci - ok
17:04:35.0704 0x1560  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:04:36.0034 0x1560  usbprint - ok
17:04:36.0081 0x1560  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:04:36.0140 0x1560  usbscan - ok
17:04:36.0182 0x1560  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:04:36.0243 0x1560  USBSTOR - ok
17:04:36.0308 0x1560  [ C44D96B1CDDE705B23F55AB423CCA73D, AB9842E90DD3D686E66BDBE043EB0068272B611D6F63C818EB9D1B6FE2FE23BD ] USBTINSP        C:\Windows\system32\DRIVERS\tinspusb.sys
17:04:36.0371 0x1560  USBTINSP - ok
17:04:36.0397 0x1560  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:04:36.0451 0x1560  usbuhci - ok
17:04:36.0472 0x1560  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
17:04:36.0528 0x1560  UxSms - ok
17:04:36.0591 0x1560  [ CA4FC33FB22D92368A0B221092B46374, 2FB8C496216E5D11627F7832B3B8ABE486E71DF4EC28EABE33F89847BFC5E591 ] VaultSvc        C:\Windows\system32\lsass.exe
17:04:36.0656 0x1560  VaultSvc - ok
17:04:36.0677 0x1560  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:04:36.0689 0x1560  vdrvroot - ok
17:04:36.0731 0x1560  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
17:04:36.0803 0x1560  vds - ok
17:04:36.0831 0x1560  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:04:36.0874 0x1560  vga - ok
17:04:36.0942 0x1560  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:04:37.0005 0x1560  VgaSave - ok
17:04:37.0099 0x1560  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:04:37.0131 0x1560  vhdmp - ok
17:04:37.0174 0x1560  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:04:37.0199 0x1560  viaide - ok
17:04:37.0216 0x1560  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:04:37.0241 0x1560  volmgr - ok
17:04:37.0308 0x1560  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:04:37.0349 0x1560  volmgrx - ok
17:04:37.0412 0x1560  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:04:37.0442 0x1560  volsnap - ok
17:04:37.0500 0x1560  [ 8B7454930230DB4BC4BA35A467BE09AA, EDD5E20DB25915B148B53EF4D3A09A734E232F1C6BE7631F45E3692BC9777360 ] VProEventMonitor C:\Windows\system32\DRIVERS\vproeventmonitor.sys
17:04:37.0538 0x1560  VProEventMonitor - ok
17:04:37.0588 0x1560  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:04:37.0614 0x1560  vsmraid - ok
17:04:37.0782 0x1560  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
17:04:37.0899 0x1560  VSS - ok
17:04:37.0946 0x1560  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:04:37.0991 0x1560  vwifibus - ok
17:04:38.0011 0x1560  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:04:38.0052 0x1560  vwififlt - ok
17:04:38.0640 0x1560  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
17:04:38.0705 0x1560  W32Time - ok
17:04:38.0732 0x1560  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:04:38.0771 0x1560  WacomPen - ok
17:04:38.0839 0x1560  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:04:38.0898 0x1560  WANARP - ok
17:04:38.0918 0x1560  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:04:38.0955 0x1560  Wanarpv6 - ok
17:04:39.0192 0x1560  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:04:39.0256 0x1560  WatAdminSvc - ok
17:04:39.0546 0x1560  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
17:04:39.0646 0x1560  wbengine - ok
17:04:39.0773 0x1560  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:04:39.0828 0x1560  WbioSrvc - ok
17:04:40.0093 0x1560  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:04:40.0582 0x1560  wcncsvc - ok
17:04:40.0658 0x1560  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:04:40.0785 0x1560  WcsPlugInService - ok
17:04:40.0899 0x1560  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:04:40.0961 0x1560  Wd - ok
17:04:41.0205 0x1560  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:04:41.0259 0x1560  Wdf01000 - ok
17:04:41.0390 0x1560  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:04:41.0477 0x1560  WdiServiceHost - ok
17:04:41.0484 0x1560  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:04:41.0500 0x1560  WdiSystemHost - ok
17:04:41.0576 0x1560  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
17:04:41.0654 0x1560  WebClient - ok
17:04:41.0741 0x1560  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:04:41.0818 0x1560  Wecsvc - ok
17:04:41.0882 0x1560  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:04:41.0935 0x1560  wercplsupport - ok
17:04:41.0977 0x1560  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:04:42.0035 0x1560  WerSvc - ok
17:04:42.0089 0x1560  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:04:42.0143 0x1560  WfpLwf - ok
17:04:42.0177 0x1560  [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
17:04:42.0240 0x1560  WimFltr - ok
17:04:42.0285 0x1560  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:04:42.0310 0x1560  WIMMount - ok
17:04:42.0340 0x1560  WinDefend - ok
17:04:42.0364 0x1560  WinHttpAutoProxySvc - ok
17:04:42.0499 0x1560  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:04:42.0568 0x1560  Winmgmt - ok
17:04:42.0766 0x1560  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
17:04:42.0896 0x1560  WinRM - ok
17:04:43.0057 0x1560  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:04:43.0597 0x1560  WinUsb - ok
17:04:43.0857 0x1560  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:04:43.0914 0x1560  Wlansvc - ok
17:04:44.0400 0x1560  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:04:44.0573 0x1560  wlidsvc - ok
17:04:44.0637 0x1560  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:04:44.0861 0x1560  WmiAcpi - ok
17:04:44.0917 0x1560  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:04:45.0162 0x1560  wmiApSrv - ok
17:04:45.0193 0x1560  WMPNetworkSvc - ok
17:04:45.0223 0x1560  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:04:45.0289 0x1560  WPCSvc - ok
17:04:45.0314 0x1560  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:04:45.0395 0x1560  WPDBusEnum - ok
17:04:45.0441 0x1560  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:04:45.0518 0x1560  ws2ifsl - ok
17:04:45.0539 0x1560  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
17:04:45.0577 0x1560  wscsvc - ok
17:04:45.0595 0x1560  WSearch - ok
17:04:45.0982 0x1560  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:04:46.0117 0x1560  wuauserv - ok
17:04:46.0192 0x1560  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:04:46.0241 0x1560  WudfPf - ok
17:04:46.0312 0x1560  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:04:46.0355 0x1560  WUDFRd - ok
17:04:46.0386 0x1560  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:04:46.0423 0x1560  wudfsvc - ok
17:04:46.0462 0x1560  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:04:46.0561 0x1560  WwanSvc - ok
17:04:46.0712 0x1560  [ 64F88AF327AA74E03658AE32B48CCB8B, 52C8941D96F2EF89BBC4A4268DC59E5BC89AE2DAB199C13BBFF11C2606BE7FFA ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
17:04:46.0859 0x1560  yukonw7 - ok
17:04:46.0898 0x1560  ================ Scan global ===============================
17:04:47.0053 0x1560  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:04:47.0096 0x1560  [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll
17:04:47.0118 0x1560  [ EA32F4EA3AE06EDD122FBCD5A489E457, C6E464170121D1714A367CFC80C5EA15D42AD34909039FDB114EAD3B878A47F6 ] C:\Windows\system32\winsrv.dll
17:04:47.0145 0x1560  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:04:47.0170 0x1560  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
17:04:47.0186 0x1560  [ Global ] - ok
17:04:47.0186 0x1560  ================ Scan MBR ==================================
17:04:47.0201 0x1560  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:04:47.0985 0x1560  \Device\Harddisk0\DR0 - ok
17:04:48.0008 0x1560  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:04:48.0120 0x1560  \Device\Harddisk1\DR1 - ok
17:04:48.0120 0x1560  ================ Scan VBR ==================================
17:04:48.0131 0x1560  [ 4C7E01BEEEB12B834DB55AC96BAFE805 ] \Device\Harddisk0\DR0\Partition1
17:04:48.0134 0x1560  \Device\Harddisk0\DR0\Partition1 - ok
17:04:48.0138 0x1560  [ 4FA863FC4E7272C571CAC1A92934A398 ] \Device\Harddisk0\DR0\Partition2
17:04:48.0142 0x1560  \Device\Harddisk0\DR0\Partition2 - ok
17:04:48.0146 0x1560  [ AB61CB8AAF429C1B99F652158DCAF1ED ] \Device\Harddisk1\DR1\Partition1
17:04:48.0226 0x1560  \Device\Harddisk1\DR1\Partition1 - ok
17:04:48.0226 0x1560  ================ Scan generic autorun ======================
17:04:48.0423 0x1560  [ 1568FF282E268082C67CF0C3EBCC9179, B328A9B6B1B3D5FC618F4777F9F59C8C2A9882A13B27352F8B84AC3118E7FB07 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
17:04:48.0466 0x1560  EEventManager - ok
17:04:48.0626 0x1560  [ F80FFD4517C0B8025ECC54FBB30F88C4, 6CA7A9E037568D4F32C78A67A5D85A05A4CA858FA3D295ACB6ED508D44782264 ] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
17:04:48.0702 0x1560  FUFAXSTM - detected UnsignedFile.Multi.Generic ( 1 )
17:04:48.0861 0x1560  Detect skipped due to KSN trusted
17:04:48.0861 0x1560  FUFAXSTM - ok
17:04:49.0174 0x1560  [ 7F232F51427036F7AF6A6806257422EC, E9F29558511185265C5B6D54CB848FA5FAC44225164990100D5830D95D17F726 ] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
17:04:49.0338 0x1560  Norton Ghost 15.0 - ok
17:04:49.0418 0x1560  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
17:04:49.0443 0x1560  BCSSync - ok
17:04:49.0594 0x1560  [ 09E60B4FE341A94A300830C008907099, 5F07868953FAA8FFA9E6477F6BAC52DEEDF3EA4A3F8AF5B4E15878D8240223AB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
17:04:49.0633 0x1560  APSDaemon - ok
17:04:49.0746 0x1560  [ B793DDE01D181ED91F333BF10FE2FC50, F9BA0FD8EC0C0E9D7E5969BC9ED0D0322EDFC8E65B11F642A7118B41F5BF197F ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
17:04:50.0306 0x1560  IJNetworkScannerSelectorEX - ok
17:04:50.0452 0x1560  [ 0EF0822810009D58118CCDFD098FA9F4, 9FAA263057898BCDBCB0A064C463F48D149474AA339A3C4C47626CC118750D2D ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
17:04:50.0486 0x1560  iTunesHelper - ok
17:04:50.0539 0x1560  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
17:04:50.0575 0x1560  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
17:04:50.0924 0x1560  Detect skipped due to KSN trusted
17:04:50.0924 0x1560  QuickTime Task - ok
17:04:51.0383 0x1560  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:04:51.0877 0x1560  Sidebar - ok
17:04:51.0961 0x1560  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:04:54.0060 0x1560  mctadmin - ok
17:04:54.0375 0x1560  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:04:54.0547 0x1560  Sidebar - ok
17:04:54.0568 0x1560  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:04:54.0586 0x1560  mctadmin - ok
17:04:55.0049 0x1560  [ 6D9C544ECF1D56AFDA3C03C19E75FE8B, 8FD676300ED596EDCB33F334709245424613CAB30868A2866785A47CBF689199 ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE
17:04:55.0382 0x1560  Artisan 830(Network) - ok
17:04:55.0431 0x1560  [ 6D9C544ECF1D56AFDA3C03C19E75FE8B, 8FD676300ED596EDCB33F334709245424613CAB30868A2866785A47CBF689199 ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE
17:04:55.0461 0x1560  EPSON Artisan 830 Series - ok
17:04:59.0203 0x1560  [ 952E717574469A91BCC32B6B162BC2A0, 36F46C15CD9DBAC16D300DD3D731C95E2877A8D774B6CCEBF0EFB4D76D376944 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
17:04:59.0489 0x1560  SUPERAntiSpyware - ok
17:04:59.0621 0x1560  GoogleChromeAutoLaunch_8CE7D2F3A1E2F70A14F5555CC4BA72F8 - ok
17:04:59.0682 0x1560  [ 6D9C544ECF1D56AFDA3C03C19E75FE8B, 8FD676300ED596EDCB33F334709245424613CAB30868A2866785A47CBF689199 ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE
17:04:59.0729 0x1560  EPSON Artisan 830 Series - ok
17:04:59.0765 0x1560  [ 6D9C544ECF1D56AFDA3C03C19E75FE8B, 8FD676300ED596EDCB33F334709245424613CAB30868A2866785A47CBF689199 ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE
17:04:59.0799 0x1560  EPSON Artisan 830 Series - ok
17:04:59.0954 0x1560  [ EC58C1A9A3281CE0C8FCC05BDBFECB37, 3738BBC112346B32F686F1CB4B4AAD89B06AA1F8FB2D333BC2D2F554212A0A59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
17:04:59.0988 0x1560  iCloudServices - ok
17:05:00.0015 0x1560  [ 2D29BAC8469818E04AA9AA1CBB5D6FED, 5239A6238A442B4799B8266F45DE2A85902D85505AAE6FA864367335813F0342 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
17:05:00.0047 0x1560  ApplePhotoStreams - ok
17:05:00.0265 0x1560  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:05:00.0372 0x1560  Sidebar - ok
17:05:00.0393 0x1560  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:05:00.0452 0x1560  mctadmin - ok
17:05:00.0453 0x1560  Waiting for KSN requests completion. In queue: 3
17:05:09.0701 0x1560  AV detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\WSCStub.exe ( 20.6.0.0 ), 0x50000 ( disabled : updated )
17:05:09.0703 0x1560  FW detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\WSCStub.exe ( 20.6.0.0 ), 0x50010 ( disabled )
17:05:10.0401 0x1560  Win FW state via NFP2: enabled
17:05:10.0948 0x1560  ============================================================
17:05:10.0962 0x1560  Scan finished
17:05:10.0962 0x1560  ============================================================
17:05:11.0393 0x1e88  Detected object count: 0
17:05:11.0393 0x1e88  Actual detected object count: 0


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:13 AM

Posted 02 May 2015 - 05:04 AM

Hi Scott,
please do the following:

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKU\S-1-5-21-102675289-2823336768-2379624390-1001\...\Run: [GoogleChromeAutoLaunch_8CE7D2F3A1E2F70A14F5555CC4BA72F8] => "C:\Users\Stoeffler\AppData\Local\Vosteran\Application\vosteran.exe" 
    C:\Users\Stoeffler\AppData\Local\Vosteran
    AppInit_DLLs-x32: C:/PROGRA~3/{0AF2E~1/171~1.0/fori.dll => C:\ProgramData\{0AF2E231-5A70-33B7-EBF6-43353B7490BB}\1.7.1.0\fori.dll [649216 2015-01-25] ()
    C:\ProgramData\{0AF2E231-5A70-33B7-EBF6-43353B7490BB}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-102675289-2823336768-2379624390-1004 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/
    SearchScopes: HKU\S-1-5-21-102675289-2823336768-2379624390-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-102675289-2823336768-2379624390-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Toolbar: HKU\S-1-5-21-102675289-2823336768-2379624390-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Toolbar: HKU\S-1-5-21-102675289-2823336768-2379624390-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Toolbar: HKU\S-1-5-21-102675289-2823336768-2379624390-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ir_15_04&cd=
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
Step 3

Please download fss.pngFarbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 02 May 2015 - 04:54 PM

Here is the Fixlog file: 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015 01
Ran by Stoeffler at 2015-05-02 17:30:25 Run:1
Running from C:\Users\Stoeffler\Desktop
Loaded Profiles: Stoeffler & Sandy & Branden & Kayla & Scott & UpdatusUser & Guest (Available profiles: Stoeffler & Sandy & Branden & Kayla & Scott & UpdatusUser & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\...\Run: [GoogleChromeAutoLaunch_8CE7D2F3A1E2F70A14F5555CC4BA72F8] => "C:\Users\Stoeffler\AppData\Local\Vosteran\Application\vosteran.exe" 
C:\Users\Stoeffler\AppData\Local\Vosteran
AppInit_DLLs-x32: C:/PROGRA~3/{0AF2E~1/171~1.0/fori.dll => C:\ProgramData\{0AF2E231-5A70-33B7-EBF6-43353B7490BB}\1.7.1.0\fori.dll [649216 2015-01-25] ()
C:\ProgramData\{0AF2E231-5A70-33B7-EBF6-43353B7490BB}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-102675289-2823336768-2379624390-1004 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/
SearchScopes: HKU\S-1-5-21-102675289-2823336768-2379624390-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-102675289-2823336768-2379624390-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-102675289-2823336768-2379624390-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-102675289-2823336768-2379624390-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-102675289-2823336768-2379624390-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ir_15_04&cd=
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
*****************
 
Processes closed successfully.
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_8CE7D2F3A1E2F70A14F5555CC4BA72F8 => value deleted successfully.
"C:\Users\Stoeffler\AppData\Local\Vosteran" => File/Directory not found.
"C:/PROGRA~3/{0AF2E~1/171~1.0/fori.dll" => Value Data removed successfully.
C:\ProgramData\{0AF2E231-5A70-33B7-EBF6-43353B7490BB} => Moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-102675289-2823336768-2379624390-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found. 
HKU\S-1-5-21-102675289-2823336768-2379624390-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-102675289-2823336768-2379624390-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKU\S-1-5-21-102675289-2823336768-2379624390-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
HKU\S-1-5-21-102675289-2823336768-2379624390-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. 
Chrome StartupUrls deleted successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 17:31:17 ====


#6 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 02 May 2015 - 04:56 PM

Here is the FRST file: 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Stoeffler (administrator) on STOEFFLER-PC on 02-05-2015 17:45:09
Running from C:\Users\Stoeffler\Desktop
Loaded Profiles: Stoeffler & UpdatusUser (Available profiles: Stoeffler & Sandy & Branden & Kayla & Scott & UpdatusUser & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccsvchst.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Dropbox, Inc.) C:\Users\Sandy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2596712 2009-10-01] (Symantec Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\...\Run: [Artisan 830(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\...\Run: [EPSON Artisan 830 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-02-24] (SUPERAntiSpyware)
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\...\MountPoints2: {109be081-514b-11e2-84f3-806e6f6e6963} - D:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2012-12-29]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Stoeffler\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-03-14]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-02-07]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Stoeffler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-07-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Sandy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\20.6.0.27\buShell.dll [2013-05-28] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll No File
GroupPolicyUsers\S-1-5-21-102675289-2823336768-2379624390-1004\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-102675289-2823336768-2379624390-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-102675289-2823336768-2379624390-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2012-12-29] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\IPS\IPSBHO.DLL [2012-08-10] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2012-12-29] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-09] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2012-12-29] ()
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2012-12-29] ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Stoeffler\AppData\Roaming\Mozilla\Firefox\Profiles\690qopn9.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2015-05-02]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://my.yahoo.com/
CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ir_15_04&cd=2XzuyEtN2Y1L1QzutDtDtCyBtAtCzz0F0DtAzyyC0C0E0AyDtN0D0Tzu0StCtCtBtDtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyByCyC0CyC0B0BtDtGyEtByCtBtGtDtD0E0CtGyCyEzz0EtGtAyC0DtB0DtD0AyBtD0D0EtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzyEtC0AyDzztCtGtBtD0C0BtGyEtBtBtCtGzy0C0D0CtGyCtA0C0FzytCyD0Azy0FyB0D2Q&cr=204670277&ir="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26]
CHR Extension: (WOT) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-26]
CHR Extension: (YouTube) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-26]
CHR Extension: (Google Search) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-26]
CHR Extension: (Bookmark Manager) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-11]
CHR Extension: (Google Wallet) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-30]
CHR Extension: (Gmail) - C:\Users\Stoeffler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-01-26] (SUPERAntiSpyware.com)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 GEARSecurity; %SystemRoot%\System32\GEARSec.exe [X]
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{0F55B9ED-801B-40CA-8C00-3603CBF5A6CC}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20150418.001\BHDrvx64.sys [1639128 2015-04-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20150501.001\IDSvia64.sys [671448 2015-03-28] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150501.018\ENG64.SYS [129752 2015-01-26] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20150501.018\EX64.SYS [2137304 2015-01-26] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1406000.01B\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
U2 V2iMount; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-01 16:53 - 2015-05-01 16:53 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Stoeffler\Desktop\tdsskiller.exe
2015-04-30 18:12 - 2015-05-02 17:45 - 00022883 _____ () C:\Users\Stoeffler\Desktop\FRST.txt
2015-04-30 18:12 - 2015-04-30 18:12 - 00041789 _____ () C:\Users\Stoeffler\Desktop\Addition.txt
2015-04-30 18:10 - 2015-04-30 18:16 - 00041791 _____ () C:\Users\Stoeffler\Downloads\Addition.txt
2015-04-30 18:09 - 2015-05-02 17:45 - 00000000 ____D () C:\FRST
2015-04-30 18:09 - 2015-04-30 18:16 - 00059024 _____ () C:\Users\Stoeffler\Downloads\FRST.txt
2015-04-30 18:07 - 2015-04-30 18:07 - 02101248 _____ (Farbar) C:\Users\Stoeffler\Desktop\FRST64.exe
2015-04-30 17:20 - 2015-04-30 17:20 - 00000000 __SHD () C:\Users\Stoeffler\AppData\Local\EmieUserList
2015-04-30 17:20 - 2015-04-30 17:20 - 00000000 __SHD () C:\Users\Stoeffler\AppData\Local\EmieSiteList
2015-04-30 17:20 - 2015-04-30 17:20 - 00000000 __SHD () C:\Users\Stoeffler\AppData\Local\EmieBrowserModeList
2015-04-29 21:53 - 2015-04-29 22:19 - 00000000 ____D () C:\NPE
2015-04-29 21:50 - 2015-04-29 21:50 - 03060320 ____N (Symantec Corporation) C:\Users\Stoeffler\Downloads\NPE (2).exe
2015-04-29 21:50 - 2015-04-29 21:50 - 03060320 ____N (Symantec Corporation) C:\Users\Stoeffler\Downloads\NPE (1).exe
2015-04-29 21:49 - 2015-04-29 21:49 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2015-04-29 21:49 - 2015-04-29 21:49 - 00000020 _____ () C:\Windows\system32\Drivers\SMR410.dat
2015-04-29 21:47 - 2015-04-29 21:47 - 00000000 ____D () C:\Users\Stoeffler\AppData\Roaming\Mozilla
2015-04-26 12:49 - 2015-04-26 12:49 - 23314194 _____ () C:\Users\Sandy\Downloads\FreebieTheGivingTreeACommonCoreUnitSample.zip
2015-04-19 19:46 - 2015-04-23 20:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-19 19:46 - 2015-04-19 19:46 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-19 19:46 - 2015-04-19 19:46 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-19 19:43 - 2015-04-19 19:43 - 00243312 _____ () C:\Users\Scott\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-19 17:55 - 2015-04-19 17:58 - 00002219 _____ () C:\Users\Scott\Downloads\software_removal_tool.log
2015-04-19 17:14 - 2015-04-19 18:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-14 21:56 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 21:56 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 21:56 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 21:56 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 21:56 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 21:56 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 21:56 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 21:56 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 21:56 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 21:56 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 21:56 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 21:56 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 21:56 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 21:56 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 21:56 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 21:56 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 21:56 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 21:56 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 21:56 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 21:56 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 21:56 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 21:56 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 21:56 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 21:56 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 21:56 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 21:56 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 21:56 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 21:56 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 21:56 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 21:56 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 21:55 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 21:55 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 21:55 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 21:55 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 21:55 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 21:55 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 21:55 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 21:55 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 21:55 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 21:55 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 21:55 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 21:55 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 21:55 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 21:55 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 21:55 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 21:55 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 21:55 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 21:55 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 21:55 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 21:55 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 21:55 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 21:55 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 21:55 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 21:55 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 21:55 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 21:55 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 21:55 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 21:55 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 21:55 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 21:55 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 21:55 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 21:55 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 21:55 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 21:55 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 21:55 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 21:55 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 21:55 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 21:55 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 21:55 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 21:55 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 21:55 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 21:55 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 21:55 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 21:55 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 21:55 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 21:55 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 21:55 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 21:55 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 21:55 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 21:55 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 21:55 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 21:55 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 21:55 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 21:55 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 21:55 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 21:55 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 21:55 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 21:55 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 21:55 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 21:55 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 21:55 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 21:55 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 21:55 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 21:55 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 21:55 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 21:55 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 21:55 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 21:55 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 21:55 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 21:55 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 21:55 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 21:55 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 21:55 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 21:55 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 21:55 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 21:55 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 21:55 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 21:55 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 21:55 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 21:55 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 21:55 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 21:55 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 21:55 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 21:55 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 21:55 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 21:55 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 21:55 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 21:55 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 21:55 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 21:55 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 21:54 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 21:54 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 21:54 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-11 20:11 - 2015-04-11 20:11 - 01387672 _____ () C:\Users\Scott\Downloads\EPIPR_ART835_NA (4).EXE
2015-04-04 03:00 - 2015-04-04 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 17:47 - 2013-07-09 20:45 - 00000000 ___RD () C:\Users\Stoeffler\Dropbox
2015-05-02 17:47 - 2013-07-09 19:53 - 00000000 ____D () C:\Users\Stoeffler\AppData\Roaming\Dropbox
2015-05-02 17:45 - 2009-07-14 00:45 - 00023584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-02 17:45 - 2009-07-14 00:45 - 00023584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-02 17:38 - 2015-01-25 23:03 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 17:38 - 2013-11-30 18:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 17:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 17:37 - 2009-07-14 00:51 - 00043830 _____ () C:\Windows\setupact.log
2015-05-02 17:35 - 2012-12-28 17:10 - 01439734 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 17:34 - 2013-01-01 04:16 - 00004096 ___SH () C:\VSNAP.IDX
2015-05-02 17:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Registration
2015-05-02 17:31 - 2013-11-30 18:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-01 03:04 - 2014-01-17 18:16 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-01 03:04 - 2009-07-14 01:13 - 00774632 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-30 17:16 - 2013-12-28 17:24 - 00000000 ____D () C:\Users\Stoeffler\AppData\Local\NPE
2015-04-29 22:19 - 2013-12-31 14:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-29 21:25 - 2012-12-29 00:19 - 00427900 _____ () C:\Windows\PFRO.log
2015-04-29 21:25 - 2012-12-28 17:10 - 00000000 ____D () C:\Users\Stoeffler
2015-04-29 19:35 - 2013-11-30 18:34 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-29 19:05 - 2013-03-20 20:33 - 00000000 ____D () C:\Users\Sandy\AppData\Local\CrashDumps
2015-04-29 19:01 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-29 18:53 - 2013-07-09 19:57 - 00000000 ___RD () C:\Users\Sandy\Dropbox
2015-04-29 18:53 - 2013-07-09 19:50 - 00000000 ____D () C:\Users\Sandy\AppData\Roaming\Dropbox
2015-04-26 22:51 - 2013-01-19 12:38 - 00000000 ____D () C:\ProgramData\Norton
2015-04-23 20:21 - 2013-10-09 07:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 18:58 - 2013-07-09 19:57 - 00001021 _____ () C:\Users\Sandy\Desktop\Dropbox.lnk
2015-04-22 18:58 - 2013-07-09 19:54 - 00000000 ____D () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-19 19:59 - 2012-12-31 00:02 - 00000000 ____D () C:\Users\Scott\AppData\Local\Mozilla
2015-04-19 18:20 - 2012-12-30 15:34 - 00000000 ____D () C:\Users\Stoeffler\AppData\Local\Adobe
2015-04-19 17:24 - 2013-01-28 18:18 - 00000000 ____D () C:\HEGames
2015-04-19 17:24 - 2013-01-26 20:33 - 00000670 _____ () C:\Windows\hegames.ini
2015-04-19 17:14 - 2012-12-29 23:36 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-19 17:06 - 2015-01-25 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-19 17:06 - 2015-01-25 23:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-19 17:06 - 2013-10-24 15:27 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-17 22:10 - 2013-09-07 19:12 - 00000000 ____D () C:\Users\Scott\AppData\Local\CrashDumps
2015-04-16 00:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 04:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 03:44 - 2014-12-10 04:34 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 03:44 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 03:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 03:26 - 2012-12-30 23:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:20 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:07 - 2012-12-28 17:48 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 03:07 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-14 09:37 - 2015-01-25 23:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2015-01-25 23:03 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2013-10-24 15:27 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 20:56 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-11 20:14 - 2014-08-25 20:56 - 00004125 _____ () C:\Users\Scott\Downloads\AdjPrg_Log.log
 
==================== Files in the root of some directories =======
 
2012-12-29 15:12 - 2012-12-29 15:12 - 14794312 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
 
Some content of TEMP:
====================
C:\Users\Sandy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsvgxpw.dll
C:\Users\Stoeffler\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpry65nf.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-24 00:04
 
==================== End Of Log ============================

Finally here is the FSS file: 

 

Farbar Service Scanner Version: 17-01-2015
Ran by Stoeffler (administrator) on 02-05-2015 at 17:53:58
Running from "C:\Users\Stoeffler\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:13 AM

Posted 02 May 2015 - 05:12 PM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 02 May 2015 - 08:25 PM

Here is the ESET log.

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6af74cd3b3f2f54585878afc96bfe186
# engine=22145
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-26 01:16:46
# local_time=2015-01-26 08:16:46 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 47915097 173821656 0 0
# scanned=267044
# found=11
# cleaned=11
# scan_time=8999
sh=2707BE89CD8B0CF675180163D0BE9B65447DEAA1 ft=0 fh=0000000000000000 vn="JS/Astromenda.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Stoeffler\AppData\Local\Vosteran\Application\31.0.1650.23\Extensions\Vosteran.crx.vir"
sh=A89A768C4ECBE9EFFAE22162944E8A776C94153E ft=0 fh=0000000000000000 vn="JS/Astromenda.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Stoeffler\AppData\Local\Vosteran\Application\31.0.1650.23\Installer\chrome.7z.vir"
sh=E5A22D682B5B9C1F5AD1E1F7D98E685772BED8FC ft=0 fh=0000000000000000 vn="JS/Astromenda.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Stoeffler\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\background.js.vir"
sh=F2A8917500E1C6B9E4ADD5299BAF66B57DD4EB63 ft=0 fh=0000000000000000 vn="JS/Astromenda.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Stoeffler\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\bootstrap.js.vir"
sh=CE3159B58A6DFF52E43F2445A4E094B983DD0EBA ft=0 fh=0000000000000000 vn="JS/Astromenda.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Stoeffler\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\newtab.js.vir"
sh=FD7368BFE59CB6D2E4853110A8BDE09937D30BFA ft=0 fh=0000000000000000 vn="JS/Astromenda.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Stoeffler\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\opentab.js.vir"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Scott\Downloads\cbsidlm-cbsi176-SewArt-SEO-75871344.exe"
sh=713EF952AC6A358C8ABFA39550AA98592EC79D47 ft=1 fh=77e3e4d500a73749 vn="Win32/DownloadAdmin.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Scott\Downloads\cbsidlm-tr1_14-inSSIDer-SEO-10848357.exe"
sh=D49EBCDE73413B6EA935073695527B28B260E694 ft=1 fh=f274567522fdceb7 vn="Win32/DownloadAdmin.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Scott\Downloads\imagegrabber-setup.exe"
sh=F84F50B3BBE51202E61E9C1B9FC11C1652577DA7 ft=1 fh=2509db879238e891 vn="Win32/Tsingsoft.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Stoeffler\Downloads\MP3CutterJoinerFree [1].exe"
sh=A6C007A1B3ADF6B691CBA35C1B5E06CAB772AB35 ft=1 fh=aed2bdfc0ee55c76 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Stoeffler\Downloads\zafwSetupWeb_110_000_020.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6af74cd3b3f2f54585878afc96bfe186
# engine=23666
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-03 12:58:48
# local_time=2015-05-02 08:58:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 56251618 182158177 0 0
# scanned=245667
# found=1
# cleaned=0
# scan_time=6803
sh=61E2D0CFA951AB0010B338F099BC561D7DB8947C ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Stoeffler\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat.vir"


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:13 AM

Posted 03 May 2015 - 03:27 AM

No active malware or adware has been found.

Step 1

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 03 May 2015 - 09:33 AM

What exactly is the 'VBS/Kryptik.DY trojan' that was found by ESET?  What ever you had me do is causing the system to run much faster though!  Here is the MBAM log: 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 5/3/2015
Scan Time: 7:47:21 AM
Logfile: MBAM Log.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.03.02
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stoeffler
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 623630
Time Elapsed: 24 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:13 AM

Posted 03 May 2015 - 09:59 AM

Hi,

 

What exactly is the 'VBS/Kryptik.DY trojan' that was found by ESET?

 

I am sorry, there is no description Link. But the file is already quarantined.
 
However, I don't see any indication for active malware in your log. Are you experiencing still problems or symptoms?

 

Please delete this entry manually:

CHR StartupUrls: Default -> "hxxp://vosteran.com/?f=7&a=vst_ir_15_04&

https://support.google.com/chrome/answer/3296214

 

 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 03 May 2015 - 02:44 PM

I'm still checking things out but the horrible delay in doing anything (mouse, typing, etc.) seems to be gone now.  It appears to have stopped after we ran FRST64 the second time with the FIXLIST.txt file. Was there something you were seeing that pointed you to run the tool that way?  I know that trojan is quarantined, but I would feel much better having permanently deleted from the system.  How would I go about doing that?

 

 

My laptop was also experiencing the same issues as my desktop, I went ahead and set it back to factory defaults,but Chrome still isn't working very well.  Do you think going through these exact steps would help that computer out as well? 

 

Do you have a recommendation on the best antivirus software to use and how to setup the system to prevent things like this in the future? 



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:13 AM

Posted 03 May 2015 - 02:58 PM

Was there something you were seeing that pointed you to run the tool that way? Of course, that's my "job" :)  I know that trojan is quarantined, but I would feel much better having permanently deleted from the system.  How would I go about doing that? During the cleanup the quarantine will be deleted as well.

 

Do you think going through these exact steps would help that computer out as well? No.

 

Do you have a recommendation on the best antivirus software to use and how to setup the system to prevent things like this in the future? Yes. If we are done, I will give you some recommendation.

 

Please let me know, if there are any malware related issues left. Otherwise we will continue with the cleanup... :)


Edited by deeprybka, 03 May 2015 - 02:58 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:01:13 AM

Posted 03 May 2015 - 07:09 PM

So the only thing I'm still seeing and I don't think it is related to any malware is that I got a message from Norton on my wife's account that SVCHOST.EXE was consuing 148mb of memory.  Also when I try to logoff of the admin account, this is the one I used for all of our research and corrections, it says it is waiting for a background application to close.  It doesn't show it on the screen at first, but then all of a sudden if flashes something like Task Manager and then it logs off. Not sure sure what is causing that issue and if it could be related to what was causing my issues in the first place. 

 

I will try to logoff again and see if I can get the message to come up and respond if it isn't Task Manager. 

 

Other than that the computer is running MUCH BETTER!!!! You are AWESOME!!!!



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:13 AM

Posted 04 May 2015 - 05:12 AM

Please let me know if we can proceed. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users