Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with "My Music Life" Popup


  • This topic is locked This topic is locked
30 replies to this topic

#1 Owen6936

Owen6936

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 18 November 2015 - 04:48 AM

Hello, I'm running Windows 7 64bit, and have been plagued with the "My Music Life" popup.  It appears on the lower right hand corner of the screen almost like it is from the system tray.

 

I’ve researched the issue, ran Malware Bytes removal, Combo Fix tool, Kaspersky tool, JRT just about every one of your commonly recommended tools and I still cannot detect or find the source of this popup.

 

I’ve reset the Internet explorer browser back to defaults, cleared the DNS cache everything I can thing of.

 

Recently downloaded Microsoft’s Windows Defender Offline tool.  It found nothing.

 

Please help, I don’t know what to try next.

 

Thank you,

 

 

Owen Holman



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:00 PM

Posted 18 November 2015 - 11:24 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Owen6936

Owen6936
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 19 November 2015 - 08:27 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

 

Thank you for your help:  Below are the results of the Farbar Recovery Scan too.  Also Look Below for additional notes that I have from a tool I used before I heard back from you.

 

FRST.TXT:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015
Ran by SpaAdmin (administrator) on SPACONCEPTS-HP (19-11-2015 07:20:05)
Running from C:\Owen
Loaded Profiles: SpaAdmin (Available Profiles: spaconcepts & SpaAdmin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Oppoos.com) C:\Program Files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe
(HP) C:\Program Files (x86)\Hp\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TODO: <公司名>) C:\Program Files (x86)\Blazers\Watsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\ToolboxFX\bin\HPTLBXFX.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Updater.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-06-17] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{13FCB89C-EDBC-4DD6-8351-710E6FA2291C}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9938AA88-39D4-4596-9ED5-CBB775D721AB}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3765172505-1602192996-2999461644-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-3765172505-1602192996-2999461644-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3765172505-1602192996-2999461644-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3765172505-1602192996-2999461644-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3765172505-1602192996-2999461644-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-3765172505-1602192996-2999461644-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3765172505-1602192996-2999461644-1003 -> {D8557997-97C9-467E-A15E-DDF27437D3A5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-21] (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-29] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-13] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-21] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-29] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-13] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coIEPlg.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-21] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-21] (Google Inc.)
DPF: HKLM-x32 {FD3BEB0C-AB43-4253-9146-C371D48FBE0D} hxxp://10.1.10.200/web.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-11-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-07-21] ()
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2015-11-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2015-11-03] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-29]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-09-29]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-06-17] (Portrait Displays, Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-07-21] (WildTangent)
R2 GenieWifiService; C:\Program Files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe [51352 2015-03-05] (Oppoos.com)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-03] (SurfRight B.V.)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\N360.exe [282016 2015-09-24] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 Watsvc; C:\Program Files (x86)\Blazers\Watsvc.exe [107160 2015-04-16] (TODO: <公司名>)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
S3 FintekCIR; C:\Windows\system32\drivers\FintekCIR.sys [30248 2009-11-13] (Fintek)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20151113.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20151118.003\ENG64.SYS [138488 2015-11-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20151118.003\EX64.SYS [2148080 2015-11-15] (Symantec Corporation)
R3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-06-23] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-23] (n/a)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 07:19 - 2015-11-19 07:20 - 00000000 ____D C:\FRST
2015-11-18 10:03 - 2015-11-18 10:03 - 00000000 ____D C:\Users\SpaAdmin\AppData\Local\gic
2015-11-18 10:03 - 2015-11-18 10:03 - 00000000 ____D C:\Users\SpaAdmin\AppData\Local\cmsiex
2015-11-18 09:32 - 2015-11-18 09:32 - 00000000 ____D C:\Users\SpaAdmin\Documents\Genie Soft
2015-11-18 08:32 - 2015-11-18 08:36 - 00002640 _____ C:\Users\SpaAdmin\Desktop\Rkill.txt
2015-11-18 05:23 - 2015-11-18 05:23 - 00000000 ____D C:\Windows\Microsoft Antimalware
2015-11-17 20:23 - 2015-11-17 20:23 - 00000000 ____D C:\Users\SpaAdmin\AppData\LocalLow\Sun
2015-11-17 04:07 - 2015-11-03 11:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-16 22:06 - 2015-11-16 22:06 - 00000000 ____D C:\Users\SpaAdmin\AppData\Local\GWX
2015-11-16 22:06 - 2015-11-16 22:06 - 00000000 ____D C:\Users\SpaAdmin\AppData\Local\Apple
2015-11-16 22:05 - 2015-11-19 07:18 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSpaAdmin
2015-11-16 22:05 - 2015-11-19 07:18 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForSpaAdmin.job
2015-11-16 22:05 - 2015-11-19 07:18 - 00000000 ____D C:\Users\SpaAdmin\AppData\Roaming\Hewlett-Packard
2015-11-16 22:03 - 2015-11-16 22:03 - 00111448 _____ C:\Users\SpaAdmin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-16 22:02 - 2015-11-16 22:02 - 00000000 ____D C:\Users\SpaAdmin\AppData\Roaming\Hewlett-Packard Company
2015-11-16 22:02 - 2015-11-16 22:02 - 00000000 ____D C:\Users\SpaAdmin\AppData\Roaming\ATI
2015-11-16 22:02 - 2015-11-16 22:02 - 00000000 ____D C:\Users\SpaAdmin\AppData\Local\ATI
2015-11-16 22:01 - 2015-11-18 08:40 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{504052CA-EECE-4490-901A-8616E66E8ED9}
2015-11-16 22:01 - 2015-11-16 22:01 - 00001419 _____ C:\Users\SpaAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-16 22:01 - 2015-11-16 22:01 - 00000000 ____D C:\Users\SpaAdmin\AppData\Roaming\Apple Computer
2015-11-16 22:01 - 2015-11-16 22:01 - 00000000 ____D C:\Users\SpaAdmin\AppData\Roaming\Adobe
2015-11-16 22:01 - 2015-11-16 22:01 - 00000000 ____D C:\Users\SpaAdmin\AppData\Local\PDFC
2015-11-16 22:00 - 2015-11-16 22:05 - 00000000 ____D C:\Users\SpaAdmin\AppData\Local\Hewlett-Packard
2015-11-16 22:00 - 2015-11-16 22:01 - 00000000 ____D C:\Users\SpaAdmin
2015-11-16 22:00 - 2015-11-16 22:00 - 00000020 ___SH C:\Users\SpaAdmin\ntuser.ini
2015-11-16 22:00 - 2015-11-16 22:00 - 00000000 ____D C:\Users\SpaAdmin\AppData\Local\TouchSmartData
2015-11-16 22:00 - 2011-09-12 21:33 - 00000000 ____D C:\Users\SpaAdmin\AppData\Roaming\Macromedia
2015-11-16 22:00 - 2009-07-13 22:54 - 00000000 ___RD C:\Users\SpaAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-16 22:00 - 2009-07-13 22:49 - 00000000 ___RD C:\Users\SpaAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-11-16 18:15 - 2015-11-16 18:15 - 04383048 _____ (Google) C:\Users\spaconcepts\Downloads\chrome_cleanup_tool (2).exe
2015-11-16 18:15 - 2015-11-16 18:15 - 00000274 _____ C:\Users\spaconcepts\Downloads\debug.log
2015-11-16 16:30 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-16 16:30 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-16 16:30 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-16 16:30 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-16 16:30 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-16 16:30 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-16 16:30 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-16 16:30 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-16 16:30 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-16 16:30 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-16 16:30 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-16 16:30 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-16 16:30 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-16 16:30 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-16 16:30 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-16 16:30 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-16 16:28 - 2015-11-03 16:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-16 16:28 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-16 16:28 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-16 16:28 - 2015-10-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-16 16:28 - 2015-10-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-16 16:28 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-16 16:28 - 2015-10-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-16 16:28 - 2015-10-30 17:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-16 16:28 - 2015-10-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-16 16:28 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-16 16:28 - 2015-10-30 17:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-16 16:28 - 2015-10-30 17:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-16 16:28 - 2015-10-30 17:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-16 16:28 - 2015-10-30 17:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-16 16:28 - 2015-10-30 17:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-16 16:28 - 2015-10-30 17:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-16 16:28 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-16 16:28 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-16 16:28 - 2015-10-30 17:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-16 16:28 - 2015-10-30 17:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-16 16:28 - 2015-10-30 17:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-16 16:28 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-16 16:28 - 2015-10-30 16:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-16 16:28 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-16 16:28 - 2015-10-30 16:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-16 16:28 - 2015-10-30 16:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-16 16:28 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-16 16:28 - 2015-10-30 16:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-16 16:28 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-16 16:28 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-16 16:28 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-16 16:28 - 2015-10-30 16:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-16 16:28 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-16 16:28 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-16 16:28 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-16 16:28 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-16 16:28 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-16 16:28 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-16 16:28 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-16 16:28 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-16 16:28 - 2015-10-30 16:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-16 16:28 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-16 16:28 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-16 16:28 - 2015-10-30 16:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-16 16:28 - 2015-10-30 16:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-16 16:28 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-16 16:28 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-16 16:28 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-16 16:28 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-16 16:28 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-16 16:28 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-16 16:28 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-16 16:28 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-16 16:28 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-16 16:28 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-16 16:28 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-16 16:28 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-16 16:28 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-16 16:28 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-16 16:28 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-16 16:28 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-16 16:28 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-16 16:28 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-16 16:28 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-16 16:27 - 2015-10-19 19:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-16 16:27 - 2015-10-19 19:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-16 16:27 - 2015-10-19 19:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-16 16:27 - 2015-10-19 19:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-16 16:27 - 2015-10-19 19:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-16 16:27 - 2015-10-19 19:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-16 16:27 - 2015-10-19 19:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-16 16:27 - 2015-10-19 19:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-16 16:27 - 2015-10-19 19:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-16 16:27 - 2015-10-19 19:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-16 16:27 - 2015-10-19 19:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-16 16:27 - 2015-10-19 19:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-16 16:27 - 2015-10-19 19:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-16 16:27 - 2015-10-19 19:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-16 16:27 - 2015-10-19 19:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-16 16:27 - 2015-10-19 18:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-16 16:27 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-16 16:27 - 2015-10-19 18:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-16 16:27 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-16 16:27 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-16 16:27 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-16 16:27 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-16 16:27 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-16 16:27 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-16 16:27 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-16 16:27 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-16 16:27 - 2015-10-19 18:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-16 16:27 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-16 16:27 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-16 16:27 - 2015-10-19 18:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-16 16:27 - 2015-10-19 18:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-16 16:27 - 2015-10-19 18:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-16 16:27 - 2015-10-19 18:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-16 16:27 - 2015-10-19 18:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-16 16:27 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-16 16:27 - 2015-10-19 18:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-16 16:27 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-16 16:27 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 17:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-16 16:27 - 2015-10-19 17:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-16 16:27 - 2015-10-19 17:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-16 16:27 - 2015-10-19 17:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-16 16:27 - 2015-10-19 17:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-16 16:27 - 2015-10-19 17:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 17:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 17:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-16 16:27 - 2015-10-19 17:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-16 16:27 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-16 16:27 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-16 16:27 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-16 16:26 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-16 16:26 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-16 16:26 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-16 16:26 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-16 16:26 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-16 16:26 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-16 16:26 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-16 16:26 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-16 16:26 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-16 16:13 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-16 16:13 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-16 16:13 - 2015-10-01 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-16 16:13 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-16 16:02 - 2015-11-17 03:52 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForspaconcepts.job
2015-11-16 16:02 - 2015-11-16 16:02 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForspaconcepts
2015-11-11 17:19 - 2015-11-11 17:20 - 00030208 _____ C:\Users\spaconcepts\Downloads\updated blank front fesk schedule template (1) (1).xls
2015-11-02 14:03 - 2015-11-03 12:43 - 00030208 _____ C:\Users\spaconcepts\Documents\updated blank front fesk schedule template (1).xls
2015-11-02 12:38 - 2015-11-02 14:02 - 00030208 _____ C:\Users\spaconcepts\Downloads\updated blank front fesk schedule template (1).xls
2015-11-02 11:48 - 2015-11-02 11:48 - 00030208 _____ C:\Users\spaconcepts\Downloads\updated blank front fesk schedule template.xls
2015-10-28 17:04 - 2015-10-28 17:04 - 00017631 _____ C:\Users\spaconcepts\Documents\NOV 2-8 FD SCHED.xlsx
2015-10-22 10:39 - 2015-10-22 10:39 - 00000000 ____D C:\Users\spaconcepts\AppData\LocalLow\Oracle

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 07:20 - 2015-06-16 08:22 - 00000000 ____D C:\Owen
2015-11-19 07:16 - 2009-07-13 23:13 - 00825032 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-19 07:15 - 2015-09-21 19:19 - 01282994 _____ C:\Windows\WindowsUpdate.log
2015-11-19 07:15 - 2015-09-21 19:16 - 00001916 _____ C:\Windows\setupact.log
2015-11-19 07:14 - 2012-11-13 07:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-19 07:10 - 2015-02-19 19:22 - 00000441 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-11-19 07:10 - 2011-09-12 21:35 - 00000000 ____D C:\ProgramData\PDFC
2015-11-19 07:09 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-18 12:25 - 2012-11-13 07:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-18 12:11 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-18 12:11 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-18 12:07 - 2012-05-07 10:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-18 10:08 - 2015-06-16 08:42 - 00000000 ____D C:\AdwCleaner
2015-11-18 08:51 - 2014-04-04 17:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-18 03:18 - 2009-07-13 22:45 - 00437848 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-18 03:09 - 2012-03-01 10:11 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B6FD2F67-EEA6-4676-944D-7FDAF13EE1B1}
2015-11-17 20:16 - 2012-11-13 07:58 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-17 09:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2015-11-17 03:52 - 2015-09-21 19:16 - 00216344 _____ C:\Windows\PFRO.log
2015-11-17 03:49 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-17 03:26 - 2011-02-11 11:15 - 00817154 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-16 22:07 - 2012-03-12 08:31 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-16 22:01 - 2009-07-13 22:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-16 21:56 - 2012-03-23 14:54 - 00000000 ____D C:\Users\spaconcepts\AppData\Local\CrashDumps
2015-11-16 18:04 - 2015-09-21 20:17 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-16 18:04 - 2014-04-04 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 18:04 - 2014-04-04 17:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-16 17:51 - 2015-04-05 02:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-16 17:50 - 2011-09-12 21:39 - 00000000 ____D C:\ProgramData\Norton
2015-11-16 17:50 - 2011-09-12 21:23 - 00000000 ____D C:\ProgramData\RoxioNow
2015-11-16 17:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-11-16 17:50 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-16 17:49 - 2012-03-10 15:37 - 00000000 ____D C:\Users\spaconcepts\AppData\Roaming\SoftGrid Client
2015-11-16 16:12 - 2013-10-24 08:01 - 00000000 ____D C:\ProgramData\Recovery
2015-11-16 15:55 - 2015-04-17 08:12 - 00000000 ____D C:\Users\spaconcepts\AppData\Local\cmsiex
2015-11-16 15:54 - 2012-03-01 10:00 - 00000000 ____D C:\Users\spaconcepts
2015-11-11 19:19 - 2013-11-22 09:02 - 00002148 _____ C:\Users\spaconcepts\Desktop\Spa Concepts Ashley Ridge.lnk
2015-11-11 19:19 - 2012-05-21 16:22 - 00000000 ____D C:\Users\spaconcepts\AppData\Roaming\ICAClient
2015-11-10 15:07 - 2012-05-07 10:19 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 15:07 - 2012-05-07 10:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 15:07 - 2011-09-12 21:28 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-29 07:47 - 2013-10-11 10:47 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-11 21:59

==================== End of FRST.txt ============================

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-11-2015
Ran by SpaAdmin (2015-11-19 07:21:01)
Running from C:\Owen
Windows 7 Home Premium Service Pack 1 (X64) (2012-03-01 16:00:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3765172505-1602192996-2999461644-500 - Administrator - Disabled)
Guest (S-1-5-21-3765172505-1602192996-2999461644-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3765172505-1602192996-2999461644-1002 - Limited - Enabled)
SpaAdmin (S-1-5-21-3765172505-1602192996-2999461644-1003 - Administrator - Enabled) => C:\Users\SpaAdmin
spaconcepts (S-1-5-21-3765172505-1602192996-2999461644-1000 - Limited - Enabled) => C:\Users\spaconcepts

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Presentation Server Client (HKLM-x32\...\{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}) (Version: 10.00.52110 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
EPSON TMNet WinConfig Ver.3.00 (HKLM-x32\...\{7D71A905-493D-4BA5-B77E-1F4905AAB4E9}) (Version: 3.00.0000 - SEIKO EPSON CORPORATION)
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Genie Wifi (HKLM-x32\...\Genie Wifi) (Version: 1.0.0.1132 - oppoos.com)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{750E9D0F-B188-4A7E-ADD2-84B7ED7D32F6}) (Version: 5.1.4281.27332 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LaserJet Professional M1530 MFP Series (HKLM-x32\...\{74280B5D-A0AF-46c5-9C85-D9EA078262F1}) (Version:  - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP LJ M1530 MFP Series HP Scan (HKLM-x32\...\{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}) (Version: 1.0.302.0 - Hewlett-Packard Co.)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.04.022 - Portrait Displays, Inc.)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Canvas (HKLM-x32\...\{27710506-32B1-49B3-B95B-B7C65FA6FA15}) (Version: 5.1.4267.27011 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Touch Browser (HKLM-x32\...\{4E575BFF-51A0-474E-A3BA-C0FCF82E6A78}) (Version: 5.1.4227.17815 - Hewlett-Packard)
HP TouchSmart Ben10 Comic Book Reader (HKLM-x32\...\{9EFD323B-6ADB-4B3A-9253-EA1A75E00F25}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart eBay (HKLM-x32\...\{F12C6162-10D4-444A-9182-05CC3DB2456E}) (Version: 1.0.4098.28440 - Hewlett-Packard)
HP TouchSmart Get Updated! (HKLM-x32\...\{2B720998-2E26-4DD6-8AC8-A1FCA4B58384}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart Paint Blast (HKLM-x32\...\{FBB0C095-4FF0-4AF6-8CD5-A80A390FB101}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 4.0.0.4 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1514E}) (Version: 3.0.4276.30236 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.4214 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{B2AA0F22-E167-4C4A-BAE2-E0025028E61B}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppFaxDrvM1530 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityM1530 (x32 Version: 000.002.00001 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
hppM1530LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
hppSendFaxM1530 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM1530 (x32 Version: 001.012.00948 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 006.015.01163 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6349.0 - IDT)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.131 - PandoraTV)
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4763.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.4.24 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - PhotoScape)
PingPlotter Standard 3.20.1s (HKLM-x32\...\PingPlotter Standard) (Version: 3.20.1s - Nessoft, LLC)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SDK (x32 Version: 2.26.005 - Portrait Displays, Inc.) Hidden
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.0 - SumatraPDF)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1514D}) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.13 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

11-11-2015 22:06:11 Scheduled Checkpoint
12-11-2015 03:00:40 Windows Update
16-11-2015 17:04:47 Windows Backup
16-11-2015 18:06:32 After Screen Blinking Crash Repair
17-11-2015 03:21:00 Windows Modules Installer
18-11-2015 03:00:30 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-09-21 21:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F17353D-E4AF-4338-B779-07413FF398AA} - System32\Tasks\HPCeeScheduleForSpaAdmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {0F447D5F-09AF-4AE4-BE3D-CF1BF76FD2FE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)
Task: {322A8D35-12E0-42EA-917B-46798740A675} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-06-22] (CyberLink)
Task: {3F54DF29-59A2-4767-ACC0-ACB3F0946347} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {4325C367-82E2-4C7E-B27C-B51214410099} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {48289166-09CD-4C1D-97AC-CBA724FF335F} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {4B4FF725-C13A-4849-A0DB-328D766A33AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5208716E-68C3-408D-B1BC-5A0BCD6264A8} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {5C3AB8AD-53A1-4B29-B46D-087B5F075676} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
Task: {682BF332-8AD0-4F09-A155-2147FA5138CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {69DE3683-58E3-46FD-8DCA-98DA146B7080} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7BD54637-429D-433A-9D02-30EFB036653F} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {88EB79A7-89EC-4A42-B880-DADA4795968A} - System32\Tasks\HPCeeScheduleForSPACONCEPTS-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {A727B090-A83E-47E7-AD3E-B4952C0A5D12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AE46D5F9-8ECE-458F-AFC6-547CB3383494} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {B9454FA7-9A27-4C50-AC83-9E8DA44F689C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2011-05-30] (CyberLink)
Task: {CCC0ED8F-9049-463F-BD5F-77F424223364} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-29] (Microsoft Corporation)
Task: {CF83A60B-26BC-42D1-AFFF-3F9825748273} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D016E960-A72D-4856-9F6F-022CD4E8D752} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D7E2DC51-D001-4E8E-BF0B-F6CB745E2D97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe [2014-01-14] (Hewlett-Packard)
Task: {D8C89EDF-D49C-4EFC-92E4-B905C47341A5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E208FA15-2CFC-4D84-B5C4-7E4C51FB8830} - System32\Tasks\HPCeeScheduleForspaconcepts => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {ECE76A3E-DFA8-4100-B891-F6F4474D7640} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
Task: {F00B4E09-24CC-4A40-BF90-021738C7C99B} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {F5D3D3FE-11D2-42EA-B83B-9DD49EE531AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {FE01DBA9-B829-4D84-BB85-41B82AD66DB7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-07] (Microsoft Corporation)
Task: {FECA3C39-982C-478F-B350-4BDAE50BB005} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CNC9C3QF57 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSpaAdmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSPACONCEPTS-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForspaconcepts.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-16 12:01 - 2015-10-07 18:28 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-29 07:46 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-06-30 01:14 - 2011-06-30 01:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-14 15:20 - 2011-03-14 15:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-05-05 17:38 - 2011-05-05 17:38 - 00011776 _____ () C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\Serenity.Receiver.AutoDiscovery.dll
2015-03-05 01:42 - 2015-03-05 01:42 - 00050840 _____ () C:\Program Files (x86)\Genie Soft\Genie Wifi\MGCommon.dll
2010-10-25 13:36 - 2010-10-25 13:36 - 00119864 _____ () C:\Program Files (x86)\Hp\ToolboxFX\bin\nativeutils.dll
2011-09-12 21:31 - 2011-02-15 12:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3765172505-1602192996-2999461644-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\SpaAdmin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3FA153EB-3CEE-4577-A165-C2B4E35194A6}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{1F0807A7-DD42-4106-BA4A-91FAC4A1EF0B}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{5343363F-0F30-4B99-902D-BC23F1131E21}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{DEC14622-F0FA-479E-81CA-76510B42898F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{FF24F551-8C29-4F72-9390-754563D8C7DD}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{DA0EE73E-7EF9-4DCA-B8B4-4DF8CF403530}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\HPTouchSmartPhoto.exe
FirewallRules: [{02298504-3E21-4FB8-B163-000AEFD11D8B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Photo\PhotoAgent.exe
FirewallRules: [{E010D27A-C9FD-450A-8822-D8E8F355B61D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartMusic.exe
FirewallRules: [{F3F94DB8-E42C-4A42-99F5-A571E4F26A63}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartPhoto.exe
FirewallRules: [{F232FC5A-F976-46D9-A1ED-A430F578A796}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\HPTouchSmartVideo.exe
FirewallRules: [{974AD39F-85D3-48B3-AEFA-CF49F34FADE5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\TSMAgent.exe
FirewallRules: [{360839BE-0161-4C63-BE40-F045330816BF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Video\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{DF1E9B12-8977-4885-988E-F5C3ECEDD264}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{E4DBF7AC-4643-4001-A0BA-FF3241129E68}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{AAC43C1B-8EF4-421F-8146-8231F53C5624}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{A21081FE-A881-478C-93C9-00CB15D6C259}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{2A1D3AA0-AE8F-4776-9A2B-E49A7F6E0CDB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{914BB571-C9D7-4AE6-B421-811AAFD4C6C6}] => (Allow) LPort=2869
FirewallRules: [{D67243D0-9F4E-42CA-8E78-A07F843F2C7F}] => (Allow) LPort=1900
FirewallRules: [{347C7123-A0FC-496B-B848-3B40159D4776}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{48737B7D-0C6B-4EB0-84F8-3DCAEA1BF064}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{AA4FF7A6-F826-4DD1-A940-C3605D534919}] => (Allow) C:\Program Files (x86)\EPSON\TMNet WinConfig V3\TMNetConfig.exe
FirewallRules: [{B36FC5D2-23C4-4F5E-AB20-36123BE2F322}] => (Allow) C:\Program Files (x86)\EPSON\TMNet WinConfig V3\TMNetConfig.exe
FirewallRules: [TCP Query User{2BA39849-19C0-409D-A8AE-46744151347D}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{FA3A67B7-5DDC-4185-864D-BEF819796959}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{A65754D1-6705-4ED5-9BBB-9A96C5FD888A}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{798488A1-37E9-410A-9850-286F78B2017B}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{E842BF72-0FDB-4EC2-9F92-F2ED22BD665B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{9CB012C0-B8BE-48FD-9FF6-AF86B1DB3AB9}] => (Allow) C:\Users\spaconcepts\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{6BD8BF52-B213-415D-BCC1-672885DD95A9}C:\users\spaconcepts\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\spaconcepts\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{F213B7A7-705E-41F9-8CD1-C0BB1A1D0EDD}C:\users\spaconcepts\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\spaconcepts\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{8C4E4EF9-F56E-44BD-887B-3C0603D8827A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C0E41445-7828-46F3-A771-92130324F9C6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{98A15E5E-B69B-4488-B0FF-BC228395A1B6}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{9A06468D-FE8E-4F89-AA43-712CB8F927D2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{32DC9F26-9257-4F86-9617-58712CCE47F8}] => (Allow) C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe
FirewallRules: [{C9238F7A-E5C5-4ECC-A7F2-286C01765D48}] => (Allow) C:\Program Files (x86)\Mobogenie3\mobogenieP2sp.exe
FirewallRules: [{5472AF3D-3ED4-4484-84CD-02EF3C748EEA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2015 07:10:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461
Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461
Exception code: 0xc0000005
Fault offset: 0x0000000000007be2
Faulting process id: 0xc9c
Faulting application start time: 0xHPAuto.exe0
Faulting application path: HPAuto.exe1
Faulting module path: HPAuto.exe2
Report Id: HPAuto.exe3

Error: (11/18/2015 10:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461
Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461
Exception code: 0xc0000005
Fault offset: 0x0000000000007be2
Faulting process id: 0xad0
Faulting application start time: 0xHPAuto.exe0
Faulting application path: HPAuto.exe1
Faulting module path: HPAuto.exe2
Report Id: HPAuto.exe3

Error: (11/18/2015 09:21:49 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (11/18/2015 08:31:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461
Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461
Exception code: 0xc0000005
Fault offset: 0x0000000000007be2
Faulting process id: 0xc40
Faulting application start time: 0xHPAuto.exe0
Faulting application path: HPAuto.exe1
Faulting module path: HPAuto.exe2
Report Id: HPAuto.exe3

Error: (11/18/2015 03:18:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461
Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461
Exception code: 0xc0000005
Fault offset: 0x0000000000007be2
Faulting process id: 0x9a4
Faulting application start time: 0xHPAuto.exe0
Faulting application path: HPAuto.exe1
Faulting module path: HPAuto.exe2
Report Id: HPAuto.exe3

Error: (11/17/2015 01:56:46 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (11/17/2015 03:52:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461
Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time stamp: 0x4d5cc461
Exception code: 0xc0000005
Fault offset: 0x0000000000007be2
Faulting process id: 0x738
Faulting application start time: 0xHPAuto.exe0
Faulting application path: HPAuto.exe1
Faulting module path: HPAuto.exe2
Report Id: HPAuto.exe3

Error: (11/17/2015 03:20:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x81000101).

Error: (11/17/2015 03:20:44 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{cb45f844-ddbe-11e0-bfa2-806e6f6e6963} - 000000000000012C,0x0053c008,00000000004DDB20,0,00000000004DEB30,4096,[0]).  hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (11/17/2015 03:10:30 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

System errors:
=============
Error: (11/19/2015 07:12:23 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/19/2015 07:11:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/19/2015 07:10:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Auto service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/18/2015 00:51:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/18/2015 00:08:03 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/18/2015 00:05:48 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/18/2015 11:06:43 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/18/2015 11:05:00 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/18/2015 10:35:00 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/18/2015 10:13:40 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

CodeIntegrity:
===================================
  Date: 2015-09-21 22:38:48.341
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-21 22:38:48.247
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-21 22:38:48.154
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-21 22:38:48.060
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-04 17:46:52.000
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-04 17:46:51.875
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD A4-3400 APU with Radeon™ HD Graphics
Percentage of memory in use: 47%
Total physical RAM: 3570.79 MB
Available physical RAM: 1864.17 MB
Total Virtual: 7139.78 MB
Available Virtual: 4911.29 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.7 GB) (Free:847.6 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:14.71 GB) (Free:1.82 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 971E543C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=916.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Additional Notes:

I did run the TDSSKiller process before I heard back from you.  It did find something and the results are below:

08:37:02.0830 0x0dcc  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
08:37:09.0320 0x0dcc  ============================================================
08:37:09.0320 0x0dcc  Current date / time: 2015/11/18 08:37:09.0320
08:37:09.0320 0x0dcc  SystemInfo:
08:37:09.0320 0x0dcc 
08:37:09.0320 0x0dcc  OS Version: 6.1.7601 ServicePack: 1.0
08:37:09.0320 0x0dcc  Product type: Workstation
08:37:09.0320 0x0dcc  ComputerName: SPACONCEPTS-HP
08:37:09.0320 0x0dcc  UserName: SpaAdmin
08:37:09.0320 0x0dcc  Windows directory: C:\Windows
08:37:09.0320 0x0dcc  System windows directory: C:\Windows
08:37:09.0320 0x0dcc  Running under WOW64
08:37:09.0320 0x0dcc  Processor architecture: Intel x64
08:37:09.0320 0x0dcc  Number of processors: 2
08:37:09.0320 0x0dcc  Page size: 0x1000
08:37:09.0320 0x0dcc  Boot type: Normal boot
08:37:09.0320 0x0dcc  ============================================================
08:37:11.0145 0x0dcc  KLMD registered as C:\Windows\system32\drivers\49226729.sys
08:37:13.0017 0x0dcc  System UUID: {90F0FB94-A6AC-94E7-0991-73E028810A79}
08:37:16.0917 0x0dcc  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:37:16.0932 0x0dcc  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:37:17.0494 0x0dcc  ============================================================
08:37:17.0494 0x0dcc  \Device\Harddisk0\DR0:
08:37:17.0494 0x0dcc  MBR partitions:
08:37:17.0494 0x0dcc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:37:17.0494 0x0dcc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72968000
08:37:17.0494 0x0dcc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7299A800, BlocksNum 0x1D6B800
08:37:17.0494 0x0dcc  \Device\Harddisk2\DR2:
08:37:17.0494 0x0dcc  MBR partitions:
08:37:17.0494 0x0dcc  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
08:37:17.0494 0x0dcc  ============================================================
08:37:17.0541 0x0dcc  C: <-> \Device\Harddisk0\DR0\Partition2
08:37:17.0603 0x0dcc  D: <-> \Device\Harddisk0\DR0\Partition3
08:37:17.0619 0x0dcc  G: <-> \Device\Harddisk2\DR2\Partition1
08:37:17.0619 0x0dcc  ============================================================
08:37:17.0619 0x0dcc  Initialize success
08:37:17.0619 0x0dcc  ============================================================
08:42:58.0713 0x15bc  Deinitialize success

 

Thank you again for your help!

 

Owen Holman
 



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:00 PM

Posted 19 November 2015 - 12:33 PM

Hello Owen,
 

Additional Notes:
I did run the TDSSKiller process before I heard back from you.  It did find something and the results are below:


please run the tool according to the instructions below and post or attach the log.
attachlogs.png

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Owen6936

Owen6936
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 19 November 2015 - 05:34 PM

Hello Owen,
 

Additional Notes:
I did run the TDSSKiller process before I heard back from you.  It did find something and the results are below:


please run the tool according to the instructions below and post or attach the log.
attachlogs.png

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif

16:29:58.0107 0x0244 TDSS rootkit removing tool 3.1.0.6 Nov 16 2015 12:17:23

16:30:00.0960 0x0244 ============================================================

16:30:00.0960 0x0244 Current date / time: 2015/11/19 16:30:00.0960

16:30:00.0960 0x0244 SystemInfo:

16:30:00.0960 0x0244

16:30:00.0960 0x0244 OS Version: 6.1.7601 ServicePack: 1.0

16:30:00.0960 0x0244 Product type: Workstation

16:30:00.0960 0x0244 ComputerName: SPACONCEPTS-HP

16:30:00.0960 0x0244 UserName: SpaAdmin

16:30:00.0960 0x0244 Windows directory: C:\Windows

16:30:00.0960 0x0244 System windows directory: C:\Windows

16:30:00.0960 0x0244 Running under WOW64

16:30:00.0960 0x0244 Processor architecture: Intel x64

16:30:00.0960 0x0244 Number of processors: 2

16:30:00.0960 0x0244 Page size: 0x1000

16:30:00.0960 0x0244 Boot type: Normal boot

16:30:00.0960 0x0244 ============================================================

16:30:05.0882 0x0244 KLMD registered as C:\Windows\system32\drivers\29358005.sys

16:30:06.0924 0x0244 System UUID: {90F0FB94-A6AC-94E7-0991-73E028810A79}

16:30:08.0000 0x0244 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:30:08.0040 0x0244 ============================================================

16:30:08.0040 0x0244 \Device\Harddisk0\DR0:

16:30:08.0060 0x0244 MBR partitions:

16:30:08.0060 0x0244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

16:30:08.0060 0x0244 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72968000

16:30:08.0060 0x0244 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7299A800, BlocksNum 0x1D6B800

16:30:08.0060 0x0244 ============================================================

16:30:08.0140 0x0244 C: <-> \Device\Harddisk0\DR0\Partition2

16:30:08.0290 0x0244 D: <-> \Device\Harddisk0\DR0\Partition3

16:30:08.0290 0x0244 ============================================================

16:30:08.0290 0x0244 Initialize success

16:30:08.0290 0x0244 ============================================================

16:31:40.0590 0x1aac ============================================================

16:31:40.0590 0x1aac Scan started

16:31:40.0590 0x1aac Mode: Manual; SigCheck; TDLFS;

16:31:40.0590 0x1aac ============================================================

16:31:40.0590 0x1aac KSN ping started

16:31:54.0127 0x1aac KSN ping finished: true

16:31:54.0837 0x1aac ================ Scan system memory ========================

16:31:54.0837 0x1aac System memory - ok

16:31:54.0837 0x1aac ================ Scan services =============================

16:31:55.0027 0x1aac [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

16:31:55.0127 0x1aac 1394ohci - ok

16:31:55.0167 0x1aac [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys

16:31:55.0187 0x1aac ACPI - ok

16:31:55.0197 0x1aac [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

16:31:55.0267 0x1aac AcpiPmi - ok

16:31:55.0387 0x1aac [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:31:55.0417 0x1aac AdobeFlashPlayerUpdateSvc - ok

16:31:55.0467 0x1aac [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

16:31:55.0487 0x1aac adp94xx - ok

16:31:55.0537 0x1aac [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys

16:31:55.0557 0x1aac adpahci - ok

16:31:55.0587 0x1aac [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

16:31:55.0607 0x1aac adpu320 - ok

16:31:55.0647 0x1aac [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

16:31:55.0682 0x1aac AeLookupSvc - ok

16:31:55.0752 0x1aac [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

16:31:55.0832 0x1aac AESTFilters - ok

16:31:55.0882 0x1aac [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys

16:31:55.0952 0x1aac AFD - ok

16:31:55.0982 0x1aac [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys

16:31:56.0002 0x1aac agp440 - ok

16:31:56.0022 0x1aac [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe

16:31:56.0102 0x1aac ALG - ok

16:31:56.0162 0x1aac [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys

16:31:56.0182 0x1aac aliide - ok

16:31:56.0222 0x1aac [ 2FDCB3E855076CE97CCB58E2CF8F2A09, 81D1738401C97F68A0F01A9036F4C7F245B8A375BF2240683A7B30C7C46531AB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

16:31:56.0282 0x1aac AMD External Events Utility - ok

16:31:56.0312 0x1aac [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys

16:31:56.0332 0x1aac amdide - ok

16:31:56.0352 0x1aac [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

16:31:56.0362 0x1aac AmdK8 - ok

16:31:56.0652 0x1aac [ 9920704BF815A5B42DA5264F013AAEB7, 0E9310A634ABD6506BBC31824BF8C253F83232A689518CF941AC729DCE1EB7CF ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

16:31:56.0892 0x1aac amdkmdag - ok

16:31:56.0922 0x1aac [ 0D1055A47A8F5DC1CAA2701831293EBB, 49D70AE849CABAD4FA2EA58ADD8344ED232D3D541D5E8E7A4417161A62F9E2CE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

16:31:56.0962 0x1aac amdkmdap - ok

16:31:56.0982 0x1aac [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

16:31:56.0992 0x1aac AmdPPM - ok

16:31:57.0022 0x1aac [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys

16:31:57.0042 0x1aac amdsata - ok

16:31:57.0062 0x1aac [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

16:31:57.0082 0x1aac amdsbs - ok

16:31:57.0092 0x1aac [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys

16:31:57.0102 0x1aac amdxata - ok

16:31:57.0122 0x1aac [ 2FBB00A7616106B95104574C6CD640C2, 06DE79B42EBBBBA01DAB289D4280E131D780066CD7E4499229CD5EB1E597A017 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys

16:31:57.0142 0x1aac amd_sata - ok

16:31:57.0142 0x1aac [ 87D0D7645CB0D53220649BD5FE15D93E, 195B25BC640BE5D802F530FAA68D3325A6C076DE8A7E56833372C3B2B53B673B ] amd_xata C:\Windows\system32\drivers\amd_xata.sys

16:31:57.0162 0x1aac amd_xata - ok

16:31:57.0202 0x1aac [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys

16:31:57.0282 0x1aac AppID - ok

16:31:57.0312 0x1aac [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll

16:31:57.0342 0x1aac AppIDSvc - ok

16:31:57.0362 0x1aac [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo C:\Windows\System32\appinfo.dll

16:31:57.0412 0x1aac Appinfo - ok

16:31:57.0442 0x1aac [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys

16:31:57.0462 0x1aac arc - ok

16:31:57.0492 0x1aac [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys

16:31:57.0512 0x1aac arcsas - ok

16:31:57.0582 0x1aac [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

16:31:57.0612 0x1aac aspnet_state - ok

16:31:57.0632 0x1aac [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

16:31:57.0787 0x1aac AsyncMac - ok

16:31:57.0817 0x1aac [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys

16:31:57.0827 0x1aac atapi - ok

16:31:57.0887 0x1aac [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:31:57.0927 0x1aac AudioEndpointBuilder - ok

16:31:57.0947 0x1aac [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll

16:31:57.0977 0x1aac AudioSrv - ok

16:31:58.0007 0x1aac [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll

16:31:58.0087 0x1aac AxInstSV - ok

16:31:58.0127 0x1aac [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

16:31:58.0167 0x1aac b06bdrv - ok

16:31:58.0197 0x1aac [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

16:31:58.0227 0x1aac b57nd60a - ok

16:31:58.0327 0x1aac [ 5F685973740F289BE3C809952DB8408B, 4C0A0C06BB2B6B1879A860B0D68289A55F80CF74947FCCE7815F1D8121232F62 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe

16:31:58.0367 0x1aac BBSvc - ok

16:31:58.0377 0x1aac [ 76F78018F45E7F92164CEA5020176933, 76E1CA6E198417F3749864721C43913189A7EA07B5ED320DE543B2037CEA3D65 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe

16:31:58.0397 0x1aac BBUpdate - ok

16:31:58.0417 0x1aac [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll

16:31:58.0467 0x1aac BDESVC - ok

16:31:58.0477 0x1aac [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys

16:31:58.0527 0x1aac Beep - ok

16:31:58.0577 0x1aac [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll

16:31:58.0637 0x1aac BFE - ok

16:31:58.0857 0x1aac [ 9CF4428D09C73B6F633AF9E58B835689, 173D1A8A3E1B1CA6D0E4773B048B8B6549A8124E87942992BDE30211BEFFBE20 ] BHDrvx64 C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20151113.001\BHDrvx64.sys

16:31:58.0907 0x1aac BHDrvx64 - ok

16:31:58.0947 0x1aac [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll

16:31:59.0117 0x1aac BITS - ok

16:31:59.0137 0x1aac [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

16:31:59.0157 0x1aac blbdrive - ok

16:31:59.0197 0x1aac [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

16:31:59.0227 0x1aac bowser - ok

16:31:59.0237 0x1aac [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

16:31:59.0247 0x1aac BrFiltLo - ok

16:31:59.0277 0x1aac [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

16:31:59.0297 0x1aac BrFiltUp - ok

16:31:59.0347 0x1aac [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

16:31:59.0377 0x1aac BridgeMP - ok

16:31:59.0407 0x1aac [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll

16:31:59.0447 0x1aac Browser - ok

16:31:59.0467 0x1aac [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys

16:31:59.0507 0x1aac Brserid - ok

16:31:59.0517 0x1aac [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

16:31:59.0537 0x1aac BrSerWdm - ok

16:31:59.0557 0x1aac [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

16:31:59.0587 0x1aac BrUsbMdm - ok

16:31:59.0627 0x1aac [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

16:31:59.0647 0x1aac BrUsbSer - ok

16:31:59.0682 0x1aac [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

16:31:59.0712 0x1aac BTHMODEM - ok

16:31:59.0742 0x1aac [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll

16:31:59.0782 0x1aac bthserv - ok

16:31:59.0852 0x1aac [ A3AD13CA2747953DDD4C9AE4FB925BEC, 860FA3A04DE9DA0B19C625681E594713844F3401FEFD7C26A28C6C94BA6920C7 ] CalendarSynchService C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

16:31:59.0862 0x1aac CalendarSynchService - detected UnsignedFile.Multi.Generic ( 1 )

16:31:59.0952 0x1aac CalendarSynchService ( UnsignedFile.Multi.Generic ) - warning

16:32:02.0557 0x1aac catchme - ok

16:32:02.0717 0x1aac [ 5A1C7DBDDB001BC6F1D1720E655445E2, 07A766C804D0709936FF18A2F67C49D6499BEF9CEEB1EF69F654A35268A11027 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1605040.018\ccSetx64.sys

16:32:02.0747 0x1aac ccSet_N360 - ok

16:32:02.0777 0x1aac [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

16:32:02.0817 0x1aac cdfs - ok

16:32:02.0847 0x1aac [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys

16:32:02.0867 0x1aac cdrom - ok

16:32:02.0887 0x1aac [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll

16:32:02.0927 0x1aac CertPropSvc - ok

16:32:02.0947 0x1aac [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys

16:32:02.0977 0x1aac circlass - ok

16:32:03.0017 0x1aac [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys

16:32:03.0037 0x1aac CLFS - ok

16:32:03.0187 0x1aac [ 9A5944952B122BBF68D0032EF440CFB5, D4046BA3F985A7F95F1A4A55B6F2976E292C861771CAC80CEC6DE4C82E8FDBB0 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

16:32:03.0267 0x1aac ClickToRunSvc - ok

16:32:03.0347 0x1aac [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:32:03.0387 0x1aac clr_optimization_v2.0.50727_32 - ok

16:32:03.0417 0x1aac [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:32:03.0437 0x1aac clr_optimization_v2.0.50727_64 - ok

16:32:03.0527 0x1aac [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:32:03.0557 0x1aac clr_optimization_v4.0.30319_32 - ok

16:32:03.0567 0x1aac [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:32:03.0587 0x1aac clr_optimization_v4.0.30319_64 - ok

16:32:03.0617 0x1aac [ D68D9F4D53010B7E84D4E80A2E485554, B39D7F5737BE7C8EF6BC33595FE4538A90374E148B39BDC618163CBC30719883 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys

16:32:03.0627 0x1aac clwvd - ok

16:32:03.0647 0x1aac [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

16:32:03.0672 0x1aac CmBatt - ok

16:32:03.0692 0x1aac [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys

16:32:03.0712 0x1aac cmdide - ok

16:32:03.0752 0x1aac [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys

16:32:03.0782 0x1aac CNG - ok

16:32:03.0812 0x1aac [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

16:32:03.0822 0x1aac Compbatt - ok

16:32:03.0832 0x1aac [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

16:32:03.0862 0x1aac CompositeBus - ok

16:32:03.0882 0x1aac COMSysApp - ok

16:32:03.0892 0x1aac [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

16:32:03.0912 0x1aac crcdisk - ok

16:32:03.0932 0x1aac [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll

16:32:03.0962 0x1aac CryptSvc - ok

16:32:04.0062 0x1aac [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

16:32:04.0102 0x1aac cvhsvc - ok

16:32:04.0142 0x1aac [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll

16:32:04.0202 0x1aac DcomLaunch - ok

16:32:04.0242 0x1aac [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll

16:32:04.0292 0x1aac defragsvc - ok

16:32:04.0322 0x1aac [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys

16:32:04.0372 0x1aac DfsC - ok

16:32:04.0402 0x1aac [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll

16:32:04.0432 0x1aac Dhcp - ok

16:32:04.0572 0x1aac [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll

16:32:04.0652 0x1aac DiagTrack - ok

16:32:04.0662 0x1aac [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys

16:32:04.0712 0x1aac discache - ok

16:32:04.0732 0x1aac [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys

16:32:04.0752 0x1aac Disk - ok

16:32:04.0772 0x1aac [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll

16:32:04.0812 0x1aac Dnscache - ok

16:32:04.0842 0x1aac [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll

16:32:04.0892 0x1aac dot3svc - ok

16:32:04.0922 0x1aac [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll

16:32:04.0962 0x1aac DPS - ok

16:32:05.0012 0x1aac [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

16:32:05.0052 0x1aac drmkaud - ok

16:32:05.0092 0x1aac [ A2613B4CBB8CF4BE09B03DC1ABAD510D, 06172C5E7186AB7ACC6E81CC6A8A6EA6E495C78FF224A4654C06A3FCA7ACE997 ] DTSRVC C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe

16:32:05.0112 0x1aac DTSRVC - ok

16:32:05.0172 0x1aac [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

16:32:05.0222 0x1aac DXGKrnl - ok

16:32:05.0232 0x1aac [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll

16:32:05.0272 0x1aac EapHost - ok

16:32:05.0382 0x1aac [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys

16:32:05.0492 0x1aac ebdrv - ok

16:32:05.0582 0x1aac [ DB817375F4D6D3F2556DE7777775D885, 6DC5CC936E26CBB468ACDD008F6F8B30F8D9D1EC631BCDDF7E692814C9A54D7D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

16:32:05.0622 0x1aac eeCtrl - ok

16:32:05.0657 0x1aac [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS C:\Windows\System32\lsass.exe

16:32:05.0677 0x1aac EFS - ok

16:32:05.0757 0x1aac [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

16:32:05.0827 0x1aac ehRecvr - ok

16:32:05.0857 0x1aac [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe

16:32:05.0877 0x1aac ehSched - ok

16:32:05.0917 0x1aac [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys

16:32:05.0947 0x1aac elxstor - ok

16:32:06.0017 0x1aac [ A47F76D4AAFD6193AAC5E049C560213D, 2B6E4EB31394C4D8D2444A197FFCC3C702BC17B0F7BDF0D6FF87DF5C14016FC1 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

16:32:06.0067 0x1aac EraserUtilRebootDrv - ok

16:32:06.0077 0x1aac [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys

16:32:06.0107 0x1aac ErrDev - ok

16:32:06.0157 0x1aac [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll

16:32:06.0197 0x1aac EventSystem - ok

16:32:06.0217 0x1aac [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys

16:32:06.0257 0x1aac exfat - ok

16:32:06.0277 0x1aac [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys

16:32:06.0307 0x1aac fastfat - ok

16:32:06.0347 0x1aac [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe

16:32:06.0397 0x1aac Fax - ok

16:32:06.0417 0x1aac [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys

16:32:06.0437 0x1aac fdc - ok

16:32:06.0447 0x1aac [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll

16:32:06.0487 0x1aac fdPHost - ok

16:32:06.0507 0x1aac [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll

16:32:06.0547 0x1aac FDResPub - ok

16:32:06.0567 0x1aac [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

16:32:06.0577 0x1aac FileInfo - ok

16:32:06.0587 0x1aac [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

16:32:06.0637 0x1aac Filetrace - ok

16:32:06.0657 0x1aac [ 35DAAD359197828D3CF3965764F5D82C, 03EFC98BCDBB568FDDE9FD0BAD604AEF2FFFA91484EBAEEA25CEA8BE0B72913C ] FintekCIR C:\Windows\system32\drivers\FintekCIR.sys

16:32:06.0677 0x1aac FintekCIR - ok

16:32:06.0697 0x1aac [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

16:32:06.0707 0x1aac flpydisk - ok

16:32:06.0747 0x1aac [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

16:32:06.0767 0x1aac FltMgr - ok

16:32:06.0857 0x1aac [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll

16:32:06.0917 0x1aac FontCache - ok

16:32:06.0947 0x1aac [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:32:06.0967 0x1aac FontCache3.0.0.0 - ok

16:32:06.0977 0x1aac [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

16:32:06.0987 0x1aac FsDepends - ok

16:32:07.0017 0x1aac [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

16:32:07.0027 0x1aac Fs_Rec - ok

16:32:07.0067 0x1aac [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

16:32:07.0087 0x1aac fvevol - ok

16:32:07.0097 0x1aac [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

16:32:07.0117 0x1aac gagp30kx - ok

16:32:07.0157 0x1aac [ BADC3F3AAC5CE521D2CF88B14BFA3B29, 1710D69C29FFC35C910A47157BAA6A2FF21F6227DA3EB0B4AAC3CDBA9A8AD1E6 ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

16:32:07.0177 0x1aac GamesAppIntegrationService - ok

16:32:07.0207 0x1aac [ 2EF5E839B4B73BD1CEDBB78FD3A8497D, 0FA18707681395AD3812A3EF615B6F8653E47067DDB96F84BB78423333A56C18 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

16:32:07.0227 0x1aac GamesAppService - ok

16:32:07.0297 0x1aac [ D1FFE66908934ED3AEE0797ABDD75114, 432D0A6355FD4DDC92B5065D1D03059ED9F93CF7D473A4DD116CF4F32485CBC3 ] GenieWifiService C:\Program Files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe

16:32:07.0317 0x1aac GenieWifiService - ok

16:32:07.0377 0x1aac [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll

16:32:07.0447 0x1aac gpsvc - ok

16:32:07.0507 0x1aac [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:32:07.0547 0x1aac gupdate - ok

16:32:07.0557 0x1aac [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:32:07.0567 0x1aac gupdatem - ok

16:32:07.0597 0x1aac [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

16:32:07.0617 0x1aac gusvc - ok

16:32:07.0647 0x1aac [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

16:32:07.0682 0x1aac hcw85cir - ok

16:32:07.0702 0x1aac [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

16:32:07.0722 0x1aac HdAudAddService - ok

16:32:07.0752 0x1aac [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

16:32:07.0772 0x1aac HDAudBus - ok

16:32:07.0782 0x1aac [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

16:32:07.0792 0x1aac HidBatt - ok

16:32:07.0812 0x1aac [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys

16:32:07.0832 0x1aac HidBth - ok

16:32:07.0852 0x1aac [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys

16:32:07.0872 0x1aac HidIr - ok

16:32:07.0892 0x1aac [ 7A327F2FC6CDBC499A39D615CDC190F2, 609C2D92713330D42FB5FDFDDA5B05CCA31C2B767619AEB210DB8760FBFCDA66 ] hidkmdf C:\Windows\system32\drivers\hidkmdf.sys

16:32:07.0902 0x1aac hidkmdf - ok

16:32:07.0922 0x1aac [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll

16:32:07.0962 0x1aac hidserv - ok

16:32:08.0002 0x1aac [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

16:32:08.0022 0x1aac HidUsb - ok

16:32:08.0082 0x1aac [ F08C53D4BAE5840B3FA835105EA254A6, 30E5BC6E317E6E2E51D5FC5A814D40A333A0A27BDC55EF6013661317679DDBF7 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe

16:32:08.0112 0x1aac HitmanProScheduler - ok

16:32:08.0132 0x1aac [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll

16:32:08.0182 0x1aac hkmsvc - ok

16:32:08.0202 0x1aac [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

16:32:08.0232 0x1aac HomeGroupListener - ok

16:32:08.0262 0x1aac [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

16:32:08.0282 0x1aac HomeGroupProvider - ok

16:32:08.0352 0x1aac [ D1E9CB573A9EDF7BE12E9C57F32E97F7, E7E75401F52154EB6328B2064FBCFEA2853D0F7DE0C95F0BDE7071A8FF92E8D8 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

16:32:08.0382 0x1aac HP LaserJet Service - detected UnsignedFile.Multi.Generic ( 1 )

16:32:08.0382 0x1aac HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning

16:32:10.0957 0x1aac [ 77E81E788CC63E65272A7D247F441505, EA57947495A6FD5B6FCC06AD396AEEEEE44AA5EB924B1A4D71C81B1265120F7B ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

16:32:10.0977 0x1aac HP Support Assistant Service - ok

16:32:11.0037 0x1aac [ 7B8C1B09C11E8DB7C4480ABD7D17E821, 0E35FD439B24CEAD623A5D7319B865A6BCE6F1F3057671F62B4F844D8EC3D206 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

16:32:11.0067 0x1aac HPAuto - ok

16:32:11.0107 0x1aac [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

16:32:11.0127 0x1aac HPClientSvc - ok

16:32:11.0187 0x1aac [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

16:32:11.0237 0x1aac hpqwmiex - ok

16:32:11.0257 0x1aac [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

16:32:11.0267 0x1aac HpSAMD - ok

16:32:11.0327 0x1aac [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys

16:32:11.0367 0x1aac HTTP - ok

16:32:11.0377 0x1aac [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

16:32:11.0387 0x1aac hwpolicy - ok

16:32:11.0417 0x1aac [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

16:32:11.0437 0x1aac i8042prt - ok

16:32:11.0457 0x1aac [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

16:32:11.0477 0x1aac iaStorV - ok

16:32:11.0537 0x1aac [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:32:11.0577 0x1aac idsvc - ok

16:32:11.0672 0x1aac [ 3448DB2B812AA873ED6E5D609B1DB067, E0F9B35FE59713C09BD838FAD5305DF5FDF24DF1D88F8849F7F88466CF93A7F7 ] IDSVia64 C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20151118.001\IDSvia64.sys

16:32:11.0712 0x1aac IDSVia64 - ok

16:32:11.0732 0x1aac IEEtwCollectorService - ok

16:32:11.0932 0x1aac [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

16:32:12.0162 0x1aac igfx - ok

16:32:12.0192 0x1aac [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys

16:32:12.0212 0x1aac iirsp - ok

16:32:12.0262 0x1aac [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll

16:32:12.0312 0x1aac IKEEXT - ok

16:32:12.0342 0x1aac [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys

16:32:12.0352 0x1aac intelide - ok

16:32:12.0382 0x1aac [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys

16:32:12.0402 0x1aac intelppm - ok

16:32:12.0422 0x1aac [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll

16:32:12.0472 0x1aac IPBusEnum - ok

16:32:12.0502 0x1aac [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:32:12.0552 0x1aac IpFilterDriver - ok

16:32:12.0592 0x1aac [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

16:32:12.0632 0x1aac iphlpsvc - ok

16:32:12.0642 0x1aac [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

16:32:12.0672 0x1aac IPMIDRV - ok

16:32:12.0692 0x1aac [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys

16:32:12.0742 0x1aac IPNAT - ok

16:32:12.0762 0x1aac [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys

16:32:12.0792 0x1aac IRENUM - ok

16:32:12.0822 0x1aac [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys

16:32:12.0832 0x1aac isapnp - ok

16:32:12.0862 0x1aac [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

16:32:12.0882 0x1aac iScsiPrt - ok

16:32:12.0912 0x1aac [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

16:32:12.0922 0x1aac kbdclass - ok

16:32:12.0942 0x1aac [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

16:32:12.0962 0x1aac kbdhid - ok

16:32:12.0972 0x1aac [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso C:\Windows\system32\lsass.exe

16:32:12.0982 0x1aac KeyIso - ok

16:32:13.0012 0x1aac [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

16:32:13.0022 0x1aac KSecDD - ok

16:32:13.0042 0x1aac [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

16:32:13.0062 0x1aac KSecPkg - ok

16:32:13.0082 0x1aac [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

16:32:13.0132 0x1aac ksthunk - ok

16:32:13.0172 0x1aac [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll

16:32:13.0212 0x1aac KtmRm - ok

16:32:13.0242 0x1aac [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll

16:32:13.0292 0x1aac LanmanServer - ok

16:32:13.0302 0x1aac [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:32:13.0352 0x1aac LanmanWorkstation - ok

16:32:13.0372 0x1aac [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

16:32:13.0422 0x1aac lltdio - ok

16:32:13.0452 0x1aac [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll

16:32:13.0502 0x1aac lltdsvc - ok

16:32:13.0522 0x1aac [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll

16:32:13.0572 0x1aac lmhosts - ok

16:32:13.0592 0x1aac [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

16:32:13.0612 0x1aac LSI_FC - ok

16:32:13.0632 0x1aac [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

16:32:13.0642 0x1aac LSI_SAS - ok

16:32:13.0657 0x1aac [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

16:32:13.0667 0x1aac LSI_SAS2 - ok

16:32:13.0687 0x1aac [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

16:32:13.0707 0x1aac LSI_SCSI - ok

16:32:13.0727 0x1aac [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys

16:32:13.0757 0x1aac luafv - ok

16:32:13.0797 0x1aac [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

16:32:13.0817 0x1aac MBAMProtector - ok

16:32:13.0937 0x1aac [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

16:32:13.0977 0x1aac MBAMService - ok

16:32:13.0997 0x1aac [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys

16:32:14.0017 0x1aac MBAMWebAccessControl - ok

16:32:14.0047 0x1aac [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

16:32:14.0057 0x1aac Mcx2Svc - ok

16:32:14.0077 0x1aac [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys

16:32:14.0097 0x1aac megasas - ok

16:32:14.0127 0x1aac [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

16:32:14.0147 0x1aac MegaSR - ok

16:32:14.0167 0x1aac [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll

16:32:14.0217 0x1aac MMCSS - ok

16:32:14.0237 0x1aac [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys

16:32:14.0287 0x1aac Modem - ok

16:32:14.0307 0x1aac [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

16:32:14.0337 0x1aac monitor - ok

16:32:14.0357 0x1aac [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

16:32:14.0377 0x1aac mouclass - ok

16:32:14.0387 0x1aac [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

16:32:14.0407 0x1aac mouhid - ok

16:32:14.0437 0x1aac [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

16:32:14.0447 0x1aac mountmgr - ok

16:32:14.0527 0x1aac [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

16:32:14.0557 0x1aac MozillaMaintenance - ok

16:32:14.0583 0x1aac [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys

16:32:14.0599 0x1aac mpio - ok

16:32:14.0609 0x1aac [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

16:32:14.0659 0x1aac mpsdrv - ok

16:32:14.0699 0x1aac [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll

16:32:14.0749 0x1aac MpsSvc - ok

16:32:14.0779 0x1aac [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

16:32:14.0809 0x1aac MRxDAV - ok

16:32:14.0859 0x1aac [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

16:32:14.0919 0x1aac mrxsmb - ok

16:32:14.0949 0x1aac [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:32:14.0989 0x1aac mrxsmb10 - ok

16:32:15.0009 0x1aac [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:32:15.0049 0x1aac mrxsmb20 - ok

16:32:15.0069 0x1aac [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys

16:32:15.0089 0x1aac msahci - ok

16:32:15.0109 0x1aac [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys

16:32:15.0139 0x1aac msdsm - ok

16:32:15.0149 0x1aac [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe

16:32:15.0169 0x1aac MSDTC - ok

16:32:15.0189 0x1aac [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys

16:32:15.0229 0x1aac Msfs - ok

16:32:15.0249 0x1aac [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

16:32:15.0289 0x1aac mshidkmdf - ok

16:32:15.0299 0x1aac [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

16:32:15.0309 0x1aac msisadrv - ok

16:32:15.0339 0x1aac [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

16:32:15.0379 0x1aac MSiSCSI - ok

16:32:15.0389 0x1aac msiserver - ok

16:32:15.0419 0x1aac [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

16:32:15.0449 0x1aac MSKSSRV - ok

16:32:15.0469 0x1aac [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

16:32:15.0509 0x1aac MSPCLOCK - ok

16:32:15.0519 0x1aac [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

16:32:15.0559 0x1aac MSPQM - ok

16:32:15.0579 0x1aac [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

16:32:15.0609 0x1aac MsRPC - ok

16:32:15.0619 0x1aac [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

16:32:15.0629 0x1aac mssmbios - ok

16:32:15.0649 0x1aac [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

16:32:15.0684 0x1aac MSTEE - ok

16:32:15.0694 0x1aac [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

16:32:15.0714 0x1aac MTConfig - ok

16:32:15.0724 0x1aac [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys

16:32:15.0744 0x1aac Mup - ok

16:32:15.0924 0x1aac [ 86E6E661C3B5FB6BF8E01D94864650F0, D651484002E911F98E55428593F8080FB40A9F0EB11445B1A9986A4F07E76782 ] N360 C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\N360.exe

16:32:15.0964 0x1aac N360 - ok

16:32:15.0994 0x1aac [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll

16:32:16.0044 0x1aac napagent - ok

16:32:16.0084 0x1aac [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

16:32:16.0124 0x1aac NativeWifiP - ok

16:32:16.0204 0x1aac [ FE7B38240E86075E6BC5953496B5C2F1, 13CBDCFD5E63A49D6E66D9EBA701037F014EEED9BBFE8588CE2968A35FF2E16E ] NAVENG C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20151119.001\ENG64.SYS

16:32:16.0244 0x1aac NAVENG - ok

16:32:16.0314 0x1aac [ C002FA84570CA35F704ACF0AC4A5EAB0, E4246631E5D7AFD31CE642157A9102CB0DDE5B5051D08C3A5EA736CB3C99C6D9 ] NAVEX15 C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20151119.001\EX64.SYS

16:32:16.0374 0x1aac NAVEX15 - ok

16:32:16.0434 0x1aac [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys

16:32:16.0474 0x1aac NDIS - ok

16:32:16.0484 0x1aac [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

16:32:16.0524 0x1aac NdisCap - ok

16:32:16.0534 0x1aac [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

16:32:16.0594 0x1aac NdisTapi - ok

16:32:16.0604 0x1aac [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

16:32:16.0644 0x1aac Ndisuio - ok

16:32:16.0674 0x1aac [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

16:32:16.0714 0x1aac NdisWan - ok

16:32:16.0734 0x1aac [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

16:32:16.0774 0x1aac NDProxy - ok

16:32:16.0814 0x1aac [ D4F51E88C71BF8F06EA1BE320B0BB75B, ABDA528F8159290BFDFBAAFC3BDA4484649FF612FD1D9E74284CA7DBA00A4B0D ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

16:32:16.0834 0x1aac Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )

16:32:16.0834 0x1aac Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

16:32:16.0834 0x1aac Force sending object to P2P due to detect: Net Driver HPZ12

16:32:19.0589 0x1aac Object send P2P result: true

16:32:22.0301 0x1aac [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

16:32:22.0381 0x1aac NetBIOS - ok

16:32:22.0411 0x1aac [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

16:32:22.0451 0x1aac NetBT - ok

16:32:22.0471 0x1aac [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon C:\Windows\system32\lsass.exe

16:32:22.0481 0x1aac Netlogon - ok

16:32:22.0521 0x1aac [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll

16:32:22.0571 0x1aac Netman - ok

16:32:22.0601 0x1aac [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:32:22.0621 0x1aac NetMsmqActivator - ok

16:32:22.0631 0x1aac [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:32:22.0641 0x1aac NetPipeActivator - ok

16:32:22.0671 0x1aac [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll

16:32:22.0721 0x1aac netprofm - ok

16:32:22.0771 0x1aac [ 8B5D2D7CB0EF5B1967860B8AB742A46C, 65B61FF5156D0EC0F95143FFBB0099F6F8B9CBB4CA4227F455884B8F51E93FB4 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys

16:32:22.0821 0x1aac netr28x - ok

16:32:22.0831 0x1aac [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:32:22.0841 0x1aac NetTcpActivator - ok

16:32:22.0851 0x1aac [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:32:22.0871 0x1aac NetTcpPortSharing - ok

16:32:22.0891 0x1aac [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

16:32:22.0911 0x1aac nfrd960 - ok

16:32:22.0941 0x1aac [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll

16:32:22.0981 0x1aac NlaSvc - ok

16:32:23.0101 0x1aac [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

16:32:23.0181 0x1aac NOBU - ok

16:32:23.0201 0x1aac [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys

16:32:23.0231 0x1aac Npfs - ok

16:32:23.0251 0x1aac [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll

16:32:23.0301 0x1aac nsi - ok

16:32:23.0311 0x1aac [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

16:32:23.0351 0x1aac nsiproxy - ok

16:32:23.0421 0x1aac [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

16:32:23.0481 0x1aac Ntfs - ok

16:32:23.0481 0x1aac [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys

16:32:23.0521 0x1aac Null - ok

16:32:23.0541 0x1aac [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys

16:32:23.0551 0x1aac nvraid - ok

16:32:23.0571 0x1aac [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys

16:32:23.0591 0x1aac nvstor - ok

16:32:23.0621 0x1aac [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

16:32:23.0631 0x1aac nv_agp - ok

16:32:23.0651 0x1aac [ 1E65CFD59DDFA8166D2174DC3E6D4AAE, 739287F30E7E2DACA84F41B19272FC2AA5A175CDE655E8262FEE127983CBC6AF ] NWVoltron C:\Windows\system32\drivers\NWVoltron.sys

16:32:23.0684 0x1aac NWVoltron - ok

16:32:23.0703 0x1aac [ 29B7F4F503EF7652024C28A3DD0E3586, CD87BEA97A4DEAB6C9E6666C8C9B241C850A278AB7EADF2753BE0319224A3FF1 ] NWWakeFilterV C:\Windows\system32\drivers\NWWakeFilterV.sys

16:32:23.0716 0x1aac NWWakeFilterV - ok

16:32:23.0734 0x1aac [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

16:32:23.0744 0x1aac ohci1394 - ok

16:32:23.0814 0x1aac [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:32:23.0854 0x1aac ose - ok

16:32:24.0084 0x1aac [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:32:24.0214 0x1aac osppsvc - ok

16:32:24.0244 0x1aac [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

16:32:24.0294 0x1aac p2pimsvc - ok

16:32:24.0324 0x1aac [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll

16:32:24.0364 0x1aac p2psvc - ok

16:32:24.0384 0x1aac [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys

16:32:24.0404 0x1aac Parport - ok

16:32:24.0434 0x1aac [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

16:32:24.0454 0x1aac partmgr - ok

16:32:24.0484 0x1aac [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll

16:32:24.0524 0x1aac PcaSvc - ok

16:32:24.0554 0x1aac [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys

16:32:24.0574 0x1aac pci - ok

16:32:24.0604 0x1aac [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys

16:32:24.0614 0x1aac pciide - ok

16:32:24.0624 0x1aac [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

16:32:24.0644 0x1aac pcmcia - ok

16:32:24.0664 0x1aac [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

16:32:24.0684 0x1aac pcw - ok

16:32:24.0714 0x1aac pdfcDispatcher - ok

16:32:24.0744 0x1aac [ C7801DEF1C78747996A52C1F4C473E6F, B19FB226C1E0330695B4BCD768C6C92A5671A4EE2209A854F8952D6F6810E29C ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

16:32:24.0754 0x1aac PdiService - ok

16:32:24.0784 0x1aac [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys

16:32:24.0834 0x1aac PEAUTH - ok

16:32:24.0904 0x1aac [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

16:32:24.0934 0x1aac PerfHost - ok

16:32:25.0004 0x1aac [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll

16:32:25.0074 0x1aac pla - ok

16:32:25.0114 0x1aac [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

16:32:25.0174 0x1aac PlugPlay - ok

16:32:25.0194 0x1aac [ 9A80707D8B6C1806531BFD7399B3CC76, C9996A265B0C461843DECE336314AEDD38D3F0644A8AA4D3F20D3496AD17956B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

16:32:25.0224 0x1aac Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )

16:32:25.0224 0x1aac Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

16:32:25.0224 0x1aac Force sending object to P2P due to detect: Pml Driver HPZ12

16:32:27.0991 0x1aac Object send P2P result: true

16:32:30.0566 0x1aac [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

16:32:30.0606 0x1aac PNRPAutoReg - ok

16:32:30.0626 0x1aac [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

16:32:30.0716 0x1aac PNRPsvc - ok

16:32:30.0768 0x1aac [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

16:32:30.0808 0x1aac PolicyAgent - ok

16:32:30.0838 0x1aac [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll

16:32:30.0868 0x1aac Power - ok

16:32:30.0908 0x1aac [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

16:32:30.0958 0x1aac PptpMiniport - ok

16:32:30.0968 0x1aac [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys

16:32:30.0998 0x1aac Processor - ok

16:32:31.0048 0x1aac [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll

16:32:31.0078 0x1aac ProfSvc - ok

16:32:31.0098 0x1aac [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe

16:32:31.0108 0x1aac ProtectedStorage - ok

16:32:31.0128 0x1aac [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

16:32:31.0168 0x1aac Psched - ok

16:32:31.0228 0x1aac [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

16:32:31.0278 0x1aac ql2300 - ok

16:32:31.0298 0x1aac [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

16:32:31.0318 0x1aac ql40xx - ok

16:32:31.0338 0x1aac [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll

16:32:31.0368 0x1aac QWAVE - ok

16:32:31.0398 0x1aac [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

16:32:31.0448 0x1aac QWAVEdrv - ok

16:32:31.0468 0x1aac [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

16:32:31.0498 0x1aac RasAcd - ok

16:32:31.0548 0x1aac [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

16:32:31.0608 0x1aac RasAgileVpn - ok

16:32:31.0618 0x1aac [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll

16:32:31.0658 0x1aac RasAuto - ok

16:32:31.0678 0x1aac [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

16:32:31.0718 0x1aac Rasl2tp - ok

16:32:31.0728 0x1aac [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll

16:32:31.0778 0x1aac RasMan - ok

16:32:31.0808 0x1aac [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

16:32:31.0848 0x1aac RasPppoe - ok

16:32:31.0858 0x1aac [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

16:32:31.0898 0x1aac RasSstp - ok

16:32:31.0928 0x1aac [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

16:32:31.0978 0x1aac rdbss - ok

16:32:31.0998 0x1aac [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

16:32:32.0018 0x1aac rdpbus - ok

16:32:32.0038 0x1aac [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

16:32:32.0088 0x1aac RDPCDD - ok

16:32:32.0108 0x1aac [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

16:32:32.0158 0x1aac RDPENCDD - ok

16:32:32.0168 0x1aac [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

16:32:32.0198 0x1aac RDPREFMP - ok

16:32:32.0228 0x1aac [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

16:32:32.0258 0x1aac RDPWD - ok

16:32:32.0278 0x1aac [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

16:32:32.0298 0x1aac rdyboost - ok

16:32:32.0318 0x1aac [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll

16:32:32.0368 0x1aac RemoteAccess - ok

16:32:32.0398 0x1aac [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll

16:32:32.0438 0x1aac RemoteRegistry - ok

16:32:32.0468 0x1aac [ 085D18C71AB2611A3D61528132B6501E, 2AD2DD88EBD8C498E3043CDAA37E83C69F7FE2FD6B65524F631527555B80C112 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

16:32:32.0488 0x1aac RoxioNow Service - ok

16:32:32.0508 0x1aac [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

16:32:32.0548 0x1aac RpcEptMapper - ok

16:32:32.0568 0x1aac [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe

16:32:32.0588 0x1aac RpcLocator - ok

16:32:32.0608 0x1aac [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll

16:32:32.0648 0x1aac RpcSs - ok

16:32:32.0678 0x1aac [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

16:32:32.0718 0x1aac rspndr - ok

16:32:32.0758 0x1aac [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

16:32:32.0780 0x1aac RTL8167 - ok

16:32:32.0800 0x1aac [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs C:\Windows\system32\lsass.exe

16:32:32.0816 0x1aac SamSs - ok

16:32:32.0872 0x1aac [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

16:32:32.0902 0x1aac sbp2port - ok

16:32:32.0922 0x1aac [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll

16:32:32.0962 0x1aac SCardSvr - ok

16:32:32.0984 0x1aac [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

16:32:33.0017 0x1aac scfilter - ok

16:32:33.0074 0x1aac [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll

16:32:33.0184 0x1aac Schedule - ok

16:32:33.0224 0x1aac [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll

16:32:33.0274 0x1aac SCPolicySvc - ok

16:32:33.0294 0x1aac [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll

16:32:33.0346 0x1aac SDRSVC - ok

16:32:33.0376 0x1aac [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys

16:32:33.0406 0x1aac secdrv - ok

16:32:33.0416 0x1aac [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll

16:32:33.0456 0x1aac seclogon - ok

16:32:33.0472 0x1aac [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll

16:32:33.0508 0x1aac SENS - ok

16:32:33.0528 0x1aac [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll

16:32:33.0570 0x1aac SensrSvc - ok

16:32:33.0600 0x1aac [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys

16:32:33.0620 0x1aac Serenum - ok

16:32:33.0650 0x1aac [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys

16:32:33.0668 0x1aac Serial - ok

16:32:33.0680 0x1aac [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys

16:32:33.0700 0x1aac sermouse - ok

16:32:33.0720 0x1aac [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll

16:32:33.0770 0x1aac SessionEnv - ok

16:32:33.0790 0x1aac [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

16:32:33.0820 0x1aac sffdisk - ok

16:32:33.0840 0x1aac [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

16:32:33.0870 0x1aac sffp_mmc - ok

16:32:33.0890 0x1aac [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

16:32:33.0910 0x1aac sffp_sd - ok

16:32:33.0910 0x1aac [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

16:32:33.0940 0x1aac sfloppy - ok

16:32:33.0990 0x1aac [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

16:32:34.0020 0x1aac Sftfs - ok

16:32:34.0070 0x1aac [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

16:32:34.0100 0x1aac sftlist - ok

16:32:34.0120 0x1aac [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

16:32:34.0140 0x1aac Sftplay - ok

16:32:34.0150 0x1aac [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

16:32:34.0170 0x1aac Sftredir - ok

16:32:34.0190 0x1aac [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

16:32:34.0200 0x1aac Sftvol - ok

16:32:34.0220 0x1aac [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

16:32:34.0230 0x1aac sftvsa - ok

16:32:34.0260 0x1aac [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll

16:32:34.0320 0x1aac SharedAccess - ok

16:32:34.0350 0x1aac [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:32:34.0400 0x1aac ShellHWDetection - ok

16:32:34.0430 0x1aac [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

16:32:34.0450 0x1aac SiSRaid2 - ok

16:32:34.0470 0x1aac [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

16:32:34.0490 0x1aac SiSRaid4 - ok

16:32:34.0510 0x1aac [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys

16:32:34.0550 0x1aac Smb - ok

16:32:34.0590 0x1aac [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

16:32:34.0620 0x1aac SNMPTRAP - ok

16:32:34.0620 0x1aac [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys

16:32:34.0640 0x1aac spldr - ok

16:32:34.0680 0x1aac [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe

16:32:34.0740 0x1aac Spooler - ok

16:32:34.0848 0x1aac [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe

16:32:34.0984 0x1aac sppsvc - ok

16:32:35.0004 0x1aac [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll

16:32:35.0054 0x1aac sppuinotify - ok

16:32:35.0184 0x1aac [ BFA32A566B958EF5A1D6383F3CB03AA2, BD899DE3815C88F825C3D93AA8AA43C178626F43E4B14C107A91C68155D64F71 ] SRTSP C:\Windows\System32\Drivers\N360x64\1605040.018\SRTSP64.SYS

16:32:35.0223 0x1aac SRTSP - ok

16:32:35.0256 0x1aac [ BA2ABBEA69BD1866C973DE11CB0CE9F8, 7A04BC2F4DA9A69A996911CC429064D24CF51F4046A2EE688D4326B44C9EDAFB ] SRTSPX C:\Windows\system32\drivers\N360x64\1605040.018\SRTSPX64.SYS

16:32:35.0266 0x1aac SRTSPX - ok

16:32:35.0306 0x1aac [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys

16:32:35.0346 0x1aac srv - ok

16:32:35.0366 0x1aac [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

16:32:35.0396 0x1aac srv2 - ok

16:32:35.0426 0x1aac [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

16:32:35.0446 0x1aac srvnet - ok

16:32:35.0476 0x1aac [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

16:32:35.0526 0x1aac SSDPSRV - ok

16:32:35.0546 0x1aac [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll

16:32:35.0586 0x1aac SstpSvc - ok

16:32:35.0681 0x1aac [ E942412186178B1331F8335E30FA076F, 000CA0F392A1CEA4F7843364A3639CF2ADB66BE48A6850C6AD61DD252E7727B3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

16:32:35.0721 0x1aac STacSV - ok

16:32:35.0751 0x1aac [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys

16:32:35.0791 0x1aac stexstor - ok

16:32:35.0831 0x1aac [ DCC8845692DEA3477BCF6CE9D06C711F, 22EFA0620B99E73FE9296540DB3A7AFC8E39E0ADCEE6419084218B504A550FBE ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

16:32:35.0861 0x1aac STHDA - ok

16:32:35.0893 0x1aac [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\drivers\serscan.sys

16:32:35.0933 0x1aac StillCam - ok

16:32:35.0963 0x1aac [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll

16:32:36.0003 0x1aac stisvc - ok

16:32:36.0033 0x1aac [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys

16:32:36.0043 0x1aac swenum - ok

16:32:36.0083 0x1aac [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll

16:32:36.0133 0x1aac swprv - ok

16:32:36.0213 0x1aac [ C9EC22D5B3C6B32A7C8B4A73870A7379, BA530C64FDE63D9A4023BB9E667497D5248B2910BC1A214B592318CC64034735 ] SymEFASI C:\Windows\system32\drivers\N360x64\1605040.018\SYMEFASI64.SYS

16:32:36.0273 0x1aac SymEFASI - ok

16:32:36.0323 0x1aac [ 6DF8F618B93C821630C9BAA8DA3FAAAF, 553972D63F3347291EC8370AB910F741EF1DA61BC74FBA4192EF6E1DF567FB99 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

16:32:36.0333 0x1aac SymEvent - ok

16:32:36.0373 0x1aac [ 0891E59A27208B9B727BAB863B853E80, 7BBDD53CB7AB003DF803D6D596A2B5216425DCC7FA8D3F311AE5BD4EC19FBB0A ] SymIRON C:\Windows\system32\drivers\N360x64\1605040.018\Ironx64.SYS

16:32:36.0393 0x1aac SymIRON - ok

16:32:36.0443 0x1aac [ 751C968945EFD42469FE52D6CE384196, 3386681036909F60A249951009822190EFB1C390D2F46E7EFE44893F28D0F31C ] SymNetS C:\Windows\System32\Drivers\N360x64\1605040.018\SYMNETS.SYS

16:32:36.0463 0x1aac SymNetS - ok

16:32:36.0573 0x1aac [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll

16:32:36.0643 0x1aac SysMain - ok

16:32:36.0663 0x1aac [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:32:36.0693 0x1aac TabletInputService - ok

16:32:36.0723 0x1aac [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll

16:32:36.0783 0x1aac TapiSrv - ok

16:32:36.0793 0x1aac [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll

16:32:36.0833 0x1aac TBS - ok

16:32:36.0923 0x1aac [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

16:32:36.0983 0x1aac Tcpip - ok

16:32:37.0033 0x1aac [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

16:32:37.0093 0x1aac TCPIP6 - ok

16:32:37.0143 0x1aac [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

16:32:37.0173 0x1aac tcpipreg - ok

16:32:37.0203 0x1aac [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

16:32:37.0223 0x1aac TDPIPE - ok

16:32:37.0243 0x1aac [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

16:32:37.0283 0x1aac TDTCP - ok

16:32:37.0313 0x1aac [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

16:32:37.0343 0x1aac tdx - ok

16:32:37.0363 0x1aac [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys

16:32:37.0383 0x1aac TermDD - ok

16:32:37.0433 0x1aac [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll

16:32:37.0463 0x1aac TermService - ok

16:32:37.0493 0x1aac [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll

16:32:37.0523 0x1aac Themes - ok

16:32:37.0553 0x1aac [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll

16:32:37.0593 0x1aac THREADORDER - ok

16:32:37.0613 0x1aac [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll

16:32:37.0673 0x1aac TrkWks - ok

16:32:37.0708 0x1aac [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:32:37.0748 0x1aac TrustedInstaller - ok

16:32:37.0788 0x1aac [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

16:32:37.0808 0x1aac tssecsrv - ok

16:32:37.0858 0x1aac [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

16:32:37.0898 0x1aac TsUsbFlt - ok

16:32:37.0938 0x1aac [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

16:32:37.0958 0x1aac TsUsbGD - ok

16:32:38.0008 0x1aac [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

16:32:38.0048 0x1aac tunnel - ok

16:32:38.0068 0x1aac [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

16:32:38.0088 0x1aac uagp35 - ok

16:32:38.0098 0x1aac [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

16:32:38.0158 0x1aac udfs - ok

16:32:38.0178 0x1aac [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe

16:32:38.0198 0x1aac UI0Detect - ok

16:32:38.0238 0x1aac [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

16:32:38.0258 0x1aac uliagpkx - ok

16:32:38.0278 0x1aac [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys

16:32:38.0308 0x1aac umbus - ok

16:32:38.0328 0x1aac [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys

16:32:38.0358 0x1aac UmPass - ok

16:32:38.0398 0x1aac [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll

16:32:38.0438 0x1aac upnphost - ok

16:32:38.0468 0x1aac [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

16:32:38.0518 0x1aac usbccgp - ok

16:32:38.0558 0x1aac [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys

16:32:38.0578 0x1aac usbcir - ok

16:32:38.0588 0x1aac [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

16:32:38.0618 0x1aac usbehci - ok

16:32:38.0638 0x1aac [ 573D192E268F0C5B486B7E96F661E538, 0F32BD82CA7B5D4DE234EFC6527EF4C854BD15B3057FE4A0151C70115493FFDC ] usbfilter C:\Windows\system32\drivers\usbfilter.sys

16:32:38.0658 0x1aac usbfilter - ok

16:32:38.0688 0x1aac [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

16:32:38.0708 0x1aac usbhub - ok

16:32:38.0728 0x1aac [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

16:32:38.0738 0x1aac usbohci - ok

16:32:38.0763 0x1aac [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys

16:32:38.0780 0x1aac usbprint - ok

16:32:38.0800 0x1aac [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:32:38.0840 0x1aac USBSTOR - ok

16:32:38.0860 0x1aac [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

16:32:38.0870 0x1aac usbuhci - ok

16:32:38.0890 0x1aac [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

16:32:38.0920 0x1aac usbvideo - ok

16:32:38.0940 0x1aac [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll

16:32:38.0970 0x1aac UxSms - ok

16:32:38.0990 0x1aac [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc C:\Windows\system32\lsass.exe

16:32:39.0000 0x1aac VaultSvc - ok

16:32:39.0020 0x1aac [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

16:32:39.0040 0x1aac vdrvroot - ok

16:32:39.0070 0x1aac [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe

16:32:39.0120 0x1aac vds - ok

16:32:39.0140 0x1aac [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

16:32:39.0150 0x1aac vga - ok

16:32:39.0170 0x1aac [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys

16:32:39.0210 0x1aac VgaSave - ok

16:32:39.0250 0x1aac [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

16:32:39.0270 0x1aac vhdmp - ok

16:32:39.0310 0x1aac [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys

16:32:39.0330 0x1aac viaide - ok

16:32:39.0340 0x1aac [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys

16:32:39.0360 0x1aac volmgr - ok

16:32:39.0380 0x1aac [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

16:32:39.0400 0x1aac volmgrx - ok

16:32:39.0420 0x1aac [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys

16:32:39.0440 0x1aac volsnap - ok

16:32:39.0460 0x1aac [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

16:32:39.0480 0x1aac vsmraid - ok

16:32:39.0530 0x1aac [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe

16:32:39.0620 0x1aac VSS - ok

16:32:39.0630 0x1aac [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

16:32:39.0640 0x1aac vwifibus - ok

16:32:39.0675 0x1aac [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

16:32:39.0695 0x1aac vwififlt - ok

16:32:39.0715 0x1aac [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

16:32:39.0735 0x1aac vwifimp - ok

16:32:39.0765 0x1aac [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll

16:32:39.0815 0x1aac W32Time - ok

16:32:39.0845 0x1aac [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

16:32:39.0865 0x1aac WacomPen - ok

16:32:39.0895 0x1aac [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

16:32:39.0945 0x1aac WANARP - ok

16:32:39.0955 0x1aac [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

16:32:39.0995 0x1aac Wanarpv6 - ok

16:32:40.0055 0x1aac [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

16:32:40.0105 0x1aac WatAdminSvc - ok

16:32:40.0175 0x1aac [ 0F128B84A9E1D88A688E2794DDA45ECD, 9C0D828A8C70BB789D56BFB4DFD3027DCC154AD735B08F207A842A20F4338855 ] Watsvc C:\Program Files (x86)\Blazers\Watsvc.exe

16:32:40.0205 0x1aac Watsvc - ok

16:32:40.0265 0x1aac [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe

16:32:40.0325 0x1aac wbengine - ok

16:32:40.0345 0x1aac [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

16:32:40.0385 0x1aac WbioSrvc - ok

16:32:40.0415 0x1aac [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll

16:32:40.0455 0x1aac wcncsvc - ok

16:32:40.0475 0x1aac [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:32:40.0515 0x1aac WcsPlugInService - ok

16:32:40.0525 0x1aac [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys

16:32:40.0545 0x1aac Wd - ok

16:32:40.0585 0x1aac [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

16:32:40.0625 0x1aac Wdf01000 - ok

16:32:40.0645 0x1aac [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll

16:32:40.0675 0x1aac WdiServiceHost - ok

16:32:40.0675 0x1aac [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll

16:32:40.0695 0x1aac WdiSystemHost - ok

16:32:40.0725 0x1aac [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll

16:32:40.0755 0x1aac WebClient - ok

16:32:40.0775 0x1aac [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll

16:32:40.0815 0x1aac Wecsvc - ok

16:32:40.0825 0x1aac [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll

16:32:40.0855 0x1aac wercplsupport - ok

16:32:40.0865 0x1aac [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll

16:32:40.0915 0x1aac WerSvc - ok

16:32:40.0935 0x1aac [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

16:32:40.0975 0x1aac WfpLwf - ok

16:32:40.0985 0x1aac [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys

16:32:40.0995 0x1aac WIMMount - ok

16:32:41.0015 0x1aac WinDefend - ok

16:32:41.0025 0x1aac WinHttpAutoProxySvc - ok

16:32:41.0075 0x1aac [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

16:32:41.0135 0x1aac Winmgmt - ok

16:32:41.0215 0x1aac [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll

16:32:41.0335 0x1aac WinRM - ok

16:32:41.0385 0x1aac [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

16:32:41.0415 0x1aac WinUsb - ok

16:32:41.0465 0x1aac [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll

16:32:41.0515 0x1aac Wlansvc - ok

16:32:41.0555 0x1aac [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

16:32:41.0575 0x1aac wlcrasvc - ok

16:32:41.0670 0x1aac [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:32:41.0740 0x1aac wlidsvc - ok

16:32:41.0770 0x1aac [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

16:32:41.0790 0x1aac WmiAcpi - ok

16:32:41.0820 0x1aac [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

16:32:41.0840 0x1aac wmiApSrv - ok

16:32:41.0860 0x1aac WMPNetworkSvc - ok

16:32:41.0880 0x1aac [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll

16:32:41.0900 0x1aac WPCSvc - ok

16:32:41.0910 0x1aac [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

16:32:41.0930 0x1aac WPDBusEnum - ok

16:32:41.0950 0x1aac [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

16:32:41.0990 0x1aac ws2ifsl - ok

16:32:42.0000 0x1aac [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll

16:32:42.0040 0x1aac wscsvc - ok

16:32:42.0060 0x1aac [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

16:32:42.0090 0x1aac WSDPrintDevice - ok

16:32:42.0090 0x1aac WSearch - ok

16:32:42.0180 0x1aac [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv C:\Windows\system32\wuaueng.dll

16:32:42.0270 0x1aac wuauserv - ok

16:32:42.0300 0x1aac [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

16:32:42.0340 0x1aac WudfPf - ok

16:32:42.0370 0x1aac [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

16:32:42.0400 0x1aac WUDFRd - ok

16:32:42.0420 0x1aac [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

16:32:42.0450 0x1aac wudfsvc - ok

16:32:42.0480 0x1aac [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll

16:32:42.0520 0x1aac WwanSvc - ok

16:32:42.0540 0x1aac ================ Scan global ===============================

16:32:42.0570 0x1aac [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll

16:32:42.0600 0x1aac [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll

16:32:42.0620 0x1aac [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll

16:32:42.0640 0x1aac [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

16:32:42.0670 0x1aac [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe

16:32:42.0680 0x1aac [ Global ] - ok

16:32:42.0680 0x1aac ================ Scan MBR ==================================

16:32:42.0690 0x1aac [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

16:32:43.0150 0x1aac \Device\Harddisk0\DR0 - ok

16:32:43.0150 0x1aac ================ Scan VBR ==================================

16:32:43.0160 0x1aac [ 0FAE9B433A22AD977FA92C88EEDB42B5 ] \Device\Harddisk0\DR0\Partition1

16:32:43.0210 0x1aac \Device\Harddisk0\DR0\Partition1 - ok

16:32:43.0210 0x1aac [ 4D7FCCF2EAE3D3809622BD0DD4522B8B ] \Device\Harddisk0\DR0\Partition2

16:32:43.0300 0x1aac \Device\Harddisk0\DR0\Partition2 - ok

16:32:43.0300 0x1aac [ FFD55D8285175ED07BF6A484879B37E8 ] \Device\Harddisk0\DR0\Partition3

16:32:43.0310 0x1aac \Device\Harddisk0\DR0\Partition3 - ok

16:32:43.0310 0x1aac ================ Scan generic autorun ======================

16:32:43.0350 0x1aac [ 13392E518730835DC9584C60B04E77C2, E4CF50A5D0777A51CACFBA144CD41621BDE2C4CBB5678C8C2624F7612F9DEE11 ] C:\Program Files\IDT\WDM\beats64.exe

16:32:43.0370 0x1aac BeatsOSDApp - ok

16:32:43.0420 0x1aac [ 0899CF4DED834760397AA8C5DDD264F4, 00AB9C5A588473571A6FB42E03956B07FAA65B57945048AE0583BACE2A22C236 ] C:\Program Files\IDT\WDM\sttray64.exe

16:32:43.0470 0x1aac SysTrayApp - ok

16:32:43.0480 0x1aac [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

16:32:43.0490 0x1aac hpsysdrv - ok

16:32:43.0640 0x1aac [ 63DA875725652FB8FDF6FD0D38F1A42E, 529A61EFF2D299E6458749D34FE392524E5FF5EF8613677C648A5602541D7524 ] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe

16:32:43.0735 0x1aac HP LaserJet Professional M1530 MFP Series Fax - ok

16:32:43.0775 0x1aac [ B5E09EF709F489CA59B85B3A2E2AA0F6, D310B6DA95DB31353DA4E53F253233C07F48817EF9F3E78FE2512684B00127B2 ] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

16:32:43.0785 0x1aac StartCCC - detected UnsignedFile.Multi.Generic ( 1 )

16:32:43.0785 0x1aac StartCCC ( UnsignedFile.Multi.Generic ) - warning

16:32:46.0420 0x1aac [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

16:32:46.0470 0x1aac Norton Online Backup - ok

16:32:46.0550 0x1aac [ C09AAD7E3EDCF7078449CA6046C7B395, 7AC5474F0A06E2063824FAC8F72432E569E2C95BAF0C3B78EFA8128561CD93AE ] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe

16:32:46.0570 0x1aac DT HPO - ok

16:32:46.0660 0x1aac [ 2ECC555292D3DC382521724F7E1FBFBC, AD786D4647F30263B1BEDB6CDDE9841F8420C4C2EED74CD481A0255F9A142F1D ] C:\Program Files (x86)\PDF Complete\pdfsty.exe

16:32:46.0690 0x1aac PDF Complete - ok

16:32:46.0760 0x1aac [ 10923CB228E1E591AC238C3C437BDF75, 563F5AA3A974CEAAE9DBB77DB215722C77F9AB4D174A3F6BEF18676D6C1F8FC5 ] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe

16:32:46.0780 0x1aac ToolboxFX - ok

16:32:46.0800 0x1aac [ D658AB1B55127D18DCFBCAC8CAAEA522, 9FB818F3899542CB7F1B979644423A66842D98D1762B1C38AE04AEE23320DA8E ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

16:32:46.0810 0x1aac HP Software Update - ok

16:32:46.0850 0x1aac [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

16:32:46.0860 0x1aac swg - ok

16:32:46.0890 0x1aac GenieFloater - ok

16:32:46.0930 0x1aac [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe

16:32:46.0960 0x1aac QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )

16:32:46.0960 0x1aac QuickTime Task ( UnsignedFile.Multi.Generic ) - warning

16:32:49.0575 0x1aac AV detected via SS2: Norton 360 Premier, C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\WSCStub.exe ( 22.5.0.0 ), 0x51000 ( enabled : updated )

16:32:49.0575 0x1aac FW detected via SS2: Norton 360 Premier, C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\WSCStub.exe ( 22.5.0.0 ), 0x51010 ( enabled )

16:32:52.0130 0x1aac ============================================================

16:32:52.0130 0x1aac Scan finished

16:32:52.0130 0x1aac ============================================================

16:32:52.0160 0x0964 Detected object count: 6

16:32:52.0160 0x0964 Actual detected object count: 6

16:33:05.0384 0x0964 CalendarSynchService ( UnsignedFile.Multi.Generic ) - skipped by user

16:33:05.0384 0x0964 CalendarSynchService ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:33:05.0384 0x0964 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user

16:33:05.0384 0x0964 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:33:05.0384 0x0964 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

16:33:05.0384 0x0964 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:33:05.0384 0x0964 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

16:33:05.0384 0x0964 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:33:05.0394 0x0964 StartCCC ( UnsignedFile.Multi.Generic ) - skipped by user

16:33:05.0394 0x0964 StartCCC ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:33:05.0394 0x0964 QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user

16:33:05.0394 0x0964 QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:00 PM

Posted 19 November 2015 - 05:42 PM

Hello, I'm running Windows 7 64bit, and have been plagued with the "My Music Life" popup.  It appears on the lower right hand corner of the screen almost like it is from the system tray.


Please post a screenshot.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Owen6936

Owen6936
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 20 November 2015 - 12:06 PM

These are some of the examples...

Attached Files



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:00 PM

Posted 20 November 2015 - 01:16 PM

:)

 

Which program is running in the background? The "blue" one?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Owen6936

Owen6936
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 20 November 2015 - 01:45 PM

:)

 

Which program is running in the background? The "blue" one?

It is a spa manager program that uses Citrix (so it is a remote server).  The popup comes from the local machine (not in the citrix window)



#10 Owen6936

Owen6936
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 20 November 2015 - 01:48 PM

Here are all of the process currently running.

Attached Files



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:00 PM

Posted 20 November 2015 - 01:56 PM

It is a spa manager program that uses Citrix (so it is a remote server).  The popup comes from the local machine (not in the citrix window)


Does the popup appears even when the program isn't running?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Owen6936

Owen6936
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 20 November 2015 - 03:50 PM

Yes it does popup without the citrix running. 



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:00 PM

Posted 21 November 2015 - 11:11 AM

I have a suspicion but want to confirm it first.

Step 1

herdprotect.png

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on herdprotect-logo-200x200.png icon and select RunAsAdmin.jpg Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.

Please include the contens of that report in your next reply.
This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).




 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:00 PM

Posted 24 November 2015 - 12:49 PM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Owen6936

Owen6936
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 24 November 2015 - 06:54 PM

Yes still alive, I will run this process tomorrow.

Thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users