Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
11 replies to this topic

#1 Studio81

Studio81

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:53 PM

Posted 24 December 2015 - 01:37 AM

Hi there,

 

I have a work computer that had a file opened on it via email that infected it with backdoor.adwind.

 

I have Norton installed but a system scan comes up with nothing. I have also run Malwarebytes and SuperAntispyware but each time my computer is restarted files are found. I have to run Rkill in order to enable any spyware program to open.

 

Appreciate any help!

 

Here is the Hijackthis Log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:48:45 PM, on 24/12/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)

FIREFOX: 39.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\N360.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Users\Administration\AppData\Roaming\Oracle\bin\javaw.exe
C:\Users\Administration\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Administration\Desktop\HijackThis.exe
C:\WINDOWS\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abc.net.au/news/#state=nt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\IPS\IPSBHO.DLL (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Administration\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [FR32GRfvap5] "C:\Users\Administration\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\Administration\FCNJIG8Pbdh\3vXAV2MonQb.TqdTo2"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Dropbox.lnk = Administration\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DARWINCHRISTIAN.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{075C3DBD-AF65-41E8-8A33-252114891937}: NameServer = 192.168.2.20,192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DARWINCHRISTIAN.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{075C3DBD-AF65-41E8-8A33-252114891937}: NameServer = 192.168.2.20,192.168.2.1
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11327 bytes



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:23 AM

Posted 24 December 2015 - 01:42 PM

Hi & :welcome: to Bleeping Computer Forums!  :santa:
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Studio81

Studio81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:53 PM

Posted 26 December 2015 - 08:52 PM

Thanks Jürgen,

 

Here are the log details:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
Ran by Administration (administrator) on ADMINISTRATOR (27-12-2015 11:16:58)
Running from C:\Users\Administration\Desktop
Loaded Profiles: Administration (Available Profiles: Darwin & Admin & Administration)
Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\n360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Launchpad.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ClientOperator.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Oracle Corporation) C:\Users\Administration\AppData\Roaming\Oracle\bin\javaw.exe
(Dropbox, Inc.) C:\Users\Administration\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launchpad] => C:\Program Files\Windows Server\Bin\Launchpad.exe [1098952 2013-08-13] (Microsoft Corporation)
HKLM\...\Run: [ClientOperator] => C:\Program Files\Windows Server\Bin\ClientOperator.exe [68296 2013-08-13] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [404376 2015-08-09] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3213824 2015-12-24] (Malwarebytes)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-04-02] (Acresso Corporation)
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Run: [Dropbox Update] => C:\Users\Administration\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Run: [FR32GRfvap5] => "C:\Users\Administration\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\Administration\FCNJIG8Pbdh\3vXAV2MonQb.TqdTo2"
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-02] (SUPERAntiSpyware)
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Policies\system: [DisableTaskMgr] 2
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\MountPoints2: {45ea485b-980e-11e3-be95-74d02b7a3b02} - "D:\HPLauncher.exe"
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\MountPoints2: {e8b38539-018f-11e4-beca-74d02b7a3b02} - "D:\LaunchU3.exe" -a
IFEO\acs.exe: [Debugger] svchost.exe
IFEO\AdAwareDesktop.exe: [Debugger] svchost.exe
IFEO\AdAwareService.exe: [Debugger] svchost.exe
IFEO\AdAwareTray.exe: [Debugger] svchost.exe
IFEO\AgentSvc.exe: [Debugger] svchost.exe
IFEO\AVK.exe: [Debugger] svchost.exe
IFEO\AVKProxy.exe: [Debugger] svchost.exe
IFEO\AVKService.exe: [Debugger] svchost.exe
IFEO\AVKTray.exe: [Debugger] svchost.exe
IFEO\AVKWCtlx64.exe: [Debugger] svchost.exe
IFEO\avpmapp.exe: [Debugger] svchost.exe
IFEO\av_task.exe: [Debugger] svchost.exe
IFEO\Bav.exe: [Debugger] svchost.exe
IFEO\bavhm.exe: [Debugger] svchost.exe
IFEO\BavSvc.exe: [Debugger] svchost.exe
IFEO\BavTray.exe: [Debugger] svchost.exe
IFEO\BavUpdater.exe: [Debugger] svchost.exe
IFEO\BavWebClient.exe: [Debugger] svchost.exe
IFEO\BDSSVC.EXE: [Debugger] svchost.exe
IFEO\BgScan.exe: [Debugger] svchost.exe
IFEO\BullGuard.exe: [Debugger] svchost.exe
IFEO\BullGuardBhvScanner.exe: [Debugger] svchost.exe
IFEO\BullGuardUpdate.exe: [Debugger] svchost.exe
IFEO\BullGuarScanner.exe: [Debugger] svchost.exe
IFEO\capinfos.exe: [Debugger] svchost.exe
IFEO\cavwp.exe: [Debugger] svchost.exe
IFEO\CertReg.exe: [Debugger] svchost.exe
IFEO\cis.exe: [Debugger] svchost.exe
IFEO\CisTray.exe: [Debugger] svchost.exe
IFEO\clamscan.exe: [Debugger] svchost.exe
IFEO\ClamTray.exe: [Debugger] svchost.exe
IFEO\ClamWin.exe: [Debugger] svchost.exe
IFEO\cmdagent.exe: [Debugger] svchost.exe
IFEO\ConfigSecurityPolicy.exe: [Debugger] svchost.exe
IFEO\CONSCTLX.EXE: [Debugger] svchost.exe
IFEO\coreFrameworkHost.exe: [Debugger] svchost.exe
IFEO\coreServiceShell.exe: [Debugger] svchost.exe
IFEO\dragon_updater.exe: [Debugger] svchost.exe
IFEO\dumpcap.exe: [Debugger] svchost.exe
IFEO\econceal.exe: [Debugger] svchost.exe
IFEO\econser.exe: [Debugger] svchost.exe
IFEO\editcap.exe: [Debugger] svchost.exe
IFEO\EMLPROXY.EXE: [Debugger] svchost.exe
IFEO\escanmon.exe: [Debugger] svchost.exe
IFEO\escanpro.exe: [Debugger] svchost.exe
IFEO\fcappdb.exe: [Debugger] svchost.exe
IFEO\FCDBlog.exe: [Debugger] svchost.exe
IFEO\FCHelper64.exe: [Debugger] svchost.exe
IFEO\FilMsg.exe: [Debugger] svchost.exe
IFEO\FilUp.exe: [Debugger] svchost.exe
IFEO\filwscc.exe: [Debugger] svchost.exe
IFEO\fmon.exe: [Debugger] svchost.exe
IFEO\FortiClient.exe: [Debugger] svchost.exe
IFEO\FortiClient_Diagnostic_Tool.exe: [Debugger] svchost.exe
IFEO\FortiESNAC.exe: [Debugger] svchost.exe
IFEO\FortiFW.exe: [Debugger] svchost.exe
IFEO\FortiProxy.exe: [Debugger] svchost.exe
IFEO\FortiSSLVPNdaemon.exe: [Debugger] svchost.exe
IFEO\FortiTray.exe: [Debugger] svchost.exe
IFEO\FPAVServer.exe: [Debugger] svchost.exe
IFEO\FProtTray.exe: [Debugger] svchost.exe
IFEO\FPWin.exe: [Debugger] svchost.exe
IFEO\freshclam.exe: [Debugger] svchost.exe
IFEO\freshclamwrap.exe: [Debugger] svchost.exe
IFEO\fsgk32.exe: [Debugger] svchost.exe
IFEO\FSHDLL64.exe: [Debugger] svchost.exe
IFEO\fshoster32.exe: [Debugger] svchost.exe
IFEO\FSM32.EXE: [Debugger] svchost.exe
IFEO\FSMA32.EXE: [Debugger] svchost.exe
IFEO\fsorsp.exe: [Debugger] svchost.exe
IFEO\fssm32.exe: [Debugger] svchost.exe
IFEO\GdBgInx64.exe: [Debugger] svchost.exe
IFEO\GDKBFltExe32.exe: [Debugger] svchost.exe
IFEO\GDSC.exe: [Debugger] svchost.exe
IFEO\GDScan.exe: [Debugger] svchost.exe
IFEO\guardxkickoff_x64.exe: [Debugger] svchost.exe
IFEO\guardxservice.exe: [Debugger] svchost.exe
IFEO\iptray.exe: [Debugger] svchost.exe
IFEO\K7AVScan.exe: [Debugger] svchost.exe
IFEO\K7CrvSvc.exe: [Debugger] svchost.exe
IFEO\K7EmlPxy.EXE: [Debugger] svchost.exe
IFEO\K7FWSrvc.exe: [Debugger] svchost.exe
IFEO\K7PSSrvc.exe: [Debugger] svchost.exe
IFEO\K7RTScan.exe: [Debugger] svchost.exe
IFEO\K7SysMon.Exe: [Debugger] svchost.exe
IFEO\K7TSecurity.exe: [Debugger] svchost.exe
IFEO\K7TSMain.exe: [Debugger] svchost.exe
IFEO\K7TSMngr.exe: [Debugger] svchost.exe
IFEO\LittleHook.exe: [Debugger] svchost.exe
IFEO\mbam.exe: [Debugger] svchost.exe
IFEO\mbamscheduler.exe: [Debugger] svchost.exe
IFEO\mbamservice.exe: [Debugger] svchost.exe
IFEO\MCS-Uninstall.exe: [Debugger] svchost.exe
IFEO\MCShieldCCC.exe: [Debugger] svchost.exe
IFEO\MCShieldDS.exe: [Debugger] svchost.exe
IFEO\MCShieldRTM.exe: [Debugger] svchost.exe
IFEO\mergecap.exe: [Debugger] svchost.exe
IFEO\MpCmdRun.exe: [Debugger] svchost.exe
IFEO\MpUXSrv.exe: [Debugger] svchost.exe
IFEO\MSASCui.exe: [Debugger] svchost.exe
IFEO\MsMpEng.exe: [Debugger] svchost.exe
IFEO\MWAGENT.EXE: [Debugger] svchost.exe
IFEO\MWASER.EXE: [Debugger] svchost.exe
IFEO\nanoav.exe: [Debugger] svchost.exe
IFEO\nanosvc.exe: [Debugger] svchost.exe
IFEO\nbrowser.exe: [Debugger] svchost.exe
IFEO\nfservice.exe: [Debugger] svchost.exe
IFEO\NisSrv.exe: [Debugger] svchost.exe
IFEO\njeeves2.exe: [Debugger] svchost.exe
IFEO\nnf.exe: [Debugger] svchost.exe
IFEO\nprosec.exe: [Debugger] svchost.exe
IFEO\NS.exe: [Debugger] svchost.exe
IFEO\nseupdatesvc.exe: [Debugger] svchost.exe
IFEO\nvcod.exe: [Debugger] svchost.exe
IFEO\nvcsvc.exe: [Debugger] svchost.exe
IFEO\nvoy.exe: [Debugger] svchost.exe
IFEO\nwscmon.exe: [Debugger] svchost.exe
IFEO\ONLINENT.EXE: [Debugger] svchost.exe
IFEO\OPSSVC.EXE: [Debugger] svchost.exe
IFEO\op_mon.exe: [Debugger] svchost.exe
IFEO\ProcessHacker.exe: [Debugger] svchost.exe
IFEO\procexp.exe: [Debugger] svchost.exe
IFEO\PSANHost.exe: [Debugger] svchost.exe
IFEO\PSUAMain.exe: [Debugger] svchost.exe
IFEO\PSUAService.exe: [Debugger] svchost.exe
IFEO\psview.exe: [Debugger] svchost.exe
IFEO\PtSessionAgent.exe: [Debugger] svchost.exe
IFEO\PtSvcHost.exe: [Debugger] svchost.exe
IFEO\PtWatchDog.exe: [Debugger] svchost.exe
IFEO\quamgr.exe: [Debugger] svchost.exe
IFEO\QUHLPSVC.EXE: [Debugger] svchost.exe
IFEO\rawshark.exe: [Debugger] svchost.exe
IFEO\SAPISSVC.EXE: [Debugger] svchost.exe
IFEO\SASCore64.exe: [Debugger] svchost.exe
IFEO\SASTask.exe: [Debugger] svchost.exe
IFEO\SBAMSvc.exe: [Debugger] svchost.exe
IFEO\SBAMTray.exe: [Debugger] svchost.exe
IFEO\SBPIMSvc.exe: [Debugger] svchost.exe
IFEO\SCANNER.EXE: [Debugger] svchost.exe
IFEO\SCANWSCS.EXE: [Debugger] svchost.exe
IFEO\schmgr.exe: [Debugger] svchost.exe
IFEO\scproxysrv.exe: [Debugger] svchost.exe
IFEO\ScSecSvc.exe: [Debugger] svchost.exe
IFEO\SDFSSvc.exe: [Debugger] svchost.exe
IFEO\SDScan.exe: [Debugger] svchost.exe
IFEO\SDTray.exe: [Debugger] svchost.exe
IFEO\SDWelcome.exe: [Debugger] svchost.exe
IFEO\SSUpdate64.exe: [Debugger] svchost.exe
IFEO\SUPERAntiSpyware.exe: [Debugger] svchost.exe
IFEO\SUPERDelete.exe: [Debugger] svchost.exe
IFEO\Taskmgr.exe: [Debugger] svchost.exe
IFEO\text2pcap.exe: [Debugger] svchost.exe
IFEO\TRAYICOS.EXE: [Debugger] svchost.exe
IFEO\TRAYSSER.EXE: [Debugger] svchost.exe
IFEO\trigger.exe: [Debugger] svchost.exe
IFEO\tshark.exe: [Debugger] svchost.exe
IFEO\twsscan.exe: [Debugger] svchost.exe
IFEO\twssrv.exe: [Debugger] svchost.exe
IFEO\uiSeAgnt.exe: [Debugger] svchost.exe
IFEO\uiUpdateTray.exe: [Debugger] svchost.exe
IFEO\uiWatchDog.exe: [Debugger] svchost.exe
IFEO\uiWinMgr.exe: [Debugger] svchost.exe
IFEO\UnThreat.exe: [Debugger] svchost.exe
IFEO\UserAccountControlSettings.exe: [Debugger] svchost.exe
IFEO\UserReg.exe: [Debugger] svchost.exe
IFEO\utsvc.exe: [Debugger] svchost.exe
IFEO\V3Main.exe: [Debugger] svchost.exe
IFEO\V3Medic.exe: [Debugger] svchost.exe
IFEO\V3Proxy.exe: [Debugger] svchost.exe
IFEO\V3SP.exe: [Debugger] svchost.exe
IFEO\V3Svc.exe: [Debugger] svchost.exe
IFEO\V3Up.exe: [Debugger] svchost.exe
IFEO\VIEWTCP.EXE: [Debugger] svchost.exe
IFEO\VIPREUI.exe: [Debugger] svchost.exe
IFEO\virusutilities.exe: [Debugger] svchost.exe
IFEO\WebCompanion.exe: [Debugger] svchost.exe
IFEO\wireshark.exe: [Debugger] svchost.exe
IFEO\Zanda.exe: [Debugger] svchost.exe
IFEO\Zlh.exe: [Debugger] svchost.exe
IFEO\zlhh.exe: [Debugger] svchost.exe
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
Startup: C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-02]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{075C3DBD-AF65-41E8-8A33-252114891937}: [NameServer] 192.168.2.20,192.168.2.1
Tcpip\..\Interfaces\{075C3DBD-AF65-41E8-8A33-252114891937}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.abc.net.au/news/#state=nt
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\coIEPlg.dll [2015-11-06] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll [2015-11-06] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\coIEPlg.dll [2015-11-06] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll [2015-11-06] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\coIEPlg.dll [2015-11-06] (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Administration\AppData\Roaming\Mozilla\Firefox\Profiles\z5ad1v08.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @abr.gov.au/KeyMgmtPlugin -> C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll [2012-10-25] (Commonwealth Government of Australia)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-03] (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2015-12-15]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon

Chrome:
=======
CHR Profile: C:\Users\Administration\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Administration\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-11-05]
CHR Extension: (Store) - C:\Users\Administration\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administration\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-27]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-27]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\N360.exe [282016 2015-11-21] (Symantec Corporation)
R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41616 2012-09-07] (Microsoft Corporation)
R2 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-24] ()
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20151223.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20151223.001\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20151223.001\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-12] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605050.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-23] (Symantec Corporation)
S1 SymIM; C:\Windows\system32\DRIVERS\SymIMv.sys [43680 2012-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-12] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 11:16 - 2015-12-27 11:17 - 00032983 ____C C:\Users\Administration\Desktop\FRST.txt
2015-12-27 11:16 - 2015-12-27 11:16 - 02370560 ____C (Farbar) C:\Users\Administration\Desktop\FRST64.exe
2015-12-27 11:16 - 2015-12-27 11:16 - 00000000 ___DC C:\FRST
2015-12-24 15:41 - 2015-12-24 15:41 - 00388608 ____C (Trend Micro Inc.) C:\Users\Administration\Desktop\HijackThis.exe
2015-12-24 13:39 - 2015-12-24 13:39 - 00166064 ____C (Symantec Corporation) C:\Users\Administration\Downloads\FixVundo.exe
2015-12-24 13:36 - 2015-12-24 13:44 - 00001977 ____C C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-12-24 13:36 - 2015-12-24 13:36 - 00000000 ___DC C:\Users\Administration\AppData\Roaming\SUPERAntiSpyware.com
2015-12-24 13:36 - 2015-12-24 13:36 - 00000000 ___DC C:\ProgramData\SUPERAntiSpyware.com
2015-12-24 13:36 - 2015-12-24 13:36 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-12-24 13:36 - 2015-12-24 13:36 - 00000000 ___DC C:\Program Files\SUPERAntiSpyware
2015-12-24 13:32 - 2015-12-24 13:32 - 00000000 ___DC C:\Program Files (x86)\ESET
2015-12-24 11:28 - 2015-12-24 15:42 - 02032072 ____C (Bleeping Computer, LLC) C:\Users\Administration\Downloads\rkill (2).com
2015-12-24 11:23 - 2015-12-24 13:45 - 00572758 ____C C:\WINDOWS\ntbtlog.txt
2015-12-24 11:20 - 2015-12-24 11:28 - 02032072 ____C (Bleeping Computer, LLC) C:\Users\Administration\Downloads\rkill (1).com
2015-12-24 11:11 - 2012-07-26 15:02 - 00125872 ____C (GEAR Software Inc.) C:\WINDOWS\system32\GEARAspi64.dll
2015-12-24 11:11 - 2012-07-26 15:02 - 00106928 ____C (GEAR Software Inc.) C:\WINDOWS\SysWOW64\GEARAspi.dll
2015-12-24 11:11 - 2012-07-26 15:02 - 00033240 ____C (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-12-24 11:10 - 2015-12-24 11:11 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2015-12-24 11:10 - 2015-12-24 11:10 - 00000000 ___DC C:\WINDOWS\system32\Drivers\NBRTWizardx64
2015-12-24 11:10 - 2015-12-24 11:10 - 00000000 ___DC C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2015-12-24 11:08 - 2015-12-24 11:08 - 01110992 ____C (Symantec Corporation) C:\Users\Administration\Downloads\NBRT-Retail-Downloader.exe
2015-12-24 10:58 - 2015-12-24 10:58 - 05641692 ____C (Swearware) C:\Users\Administration\Downloads\ComboFix (1).exe
2015-12-24 10:55 - 2015-12-24 10:56 - 00000000 ___DC C:\AdwCleaner
2015-12-24 10:54 - 2015-12-24 10:54 - 01743360 ____C C:\Users\Administration\Downloads\AdwCleaner.exe
2015-12-24 10:48 - 2015-12-24 10:48 - 00001095 ____C C:\Users\Administration\Desktop\JRT.txt
2015-12-24 10:46 - 2015-12-24 10:46 - 01599336 ____C (Malwarebytes) C:\Users\Administration\Downloads\JRT.exe
2015-12-24 10:45 - 2015-12-24 10:45 - 05641692 ____C (Swearware) C:\Users\Administration\Downloads\ComboFix.exe
2015-12-24 10:42 - 2015-12-24 11:20 - 02032072 ____C (Bleeping Computer, LLC) C:\Users\Administration\Downloads\rkill.com
2015-12-24 10:30 - 2015-12-24 11:23 - 00000000 ___DC C:\NPE
2015-12-24 10:17 - 2015-12-24 15:43 - 00192216 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-24 10:16 - 2015-12-24 15:42 - 00004494 ____C C:\Users\Administration\Desktop\Rkill.txt
2015-12-24 10:16 - 2015-12-24 15:42 - 00000000 ___DC C:\Users\Administration\Desktop\rkill
2015-12-24 10:15 - 2015-12-24 11:14 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-24 10:15 - 2015-12-24 10:15 - 00001118 ____C C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-24 10:15 - 2015-12-24 10:15 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-24 10:15 - 2015-10-05 09:50 - 00109272 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-24 10:15 - 2015-10-05 09:50 - 00064216 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-24 10:15 - 2015-10-05 09:50 - 00025816 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-24 09:53 - 2015-12-24 09:53 - 00000000 ___DC C:\ProgramData\Malwarebytes
2015-12-24 09:37 - 2015-12-24 09:37 - 00022704 ____C C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-24 09:36 - 2015-12-24 09:36 - 03286400 ____C (Enigma Software Group USA, LLC.) C:\Users\Administration\Downloads\SpyHunter-Installer.exe
2015-12-24 09:09 - 2015-12-24 11:25 - 00000000 ___DC C:\Users\Administration\AppData\Local\NPE
2015-12-24 08:56 - 2015-12-24 08:56 - 11100160 ____C C:\Users\Administration\Desktop\COCentre_Appl V8.11.accdb
2015-12-22 14:06 - 2015-12-22 14:06 - 00095232 ____C C:\Users\Administration\Documents\Marrakai store trading hr christmas 1.pub
2015-12-22 09:46 - 2015-12-22 09:46 - 00000000 __HDC C:\Users\Administration\FCNJIG8Pbdh
2015-12-22 09:46 - 2015-12-22 09:46 - 00000000 ___DC C:\Users\Administration\Desktop\Invoice
2015-12-17 17:16 - 2015-12-11 16:53 - 74092544 ____C C:\Users\Administration\Desktop\COCentre_Data 010314 From Friday 111215.mdb
2015-12-17 17:07 - 2015-12-17 17:07 - 00002713 ____C C:\Users\Public\Desktop\Skype.lnk
2015-12-17 17:07 - 2015-12-17 17:07 - 00000000 __RDC C:\Program Files (x86)\Skype
2015-12-17 17:07 - 2015-12-17 17:07 - 00000000 ___DC C:\ProgramData\Package Cache
2015-12-17 17:07 - 2015-12-17 17:07 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-17 13:46 - 2015-12-17 13:46 - 00002180 ____C C:\Users\Administration\Desktop\COM Maintenance V1.6 - Shortcut.lnk
2015-12-16 15:04 - 2015-12-23 15:48 - 00065536 ____C C:\Users\Administration\Desktop\DCMI 2015.box
2015-12-14 17:05 - 2015-12-11 16:27 - 04316060 ____C C:\Users\Administration\Desktop\dcocm grand christmas.tif
2015-12-14 09:38 - 2015-12-14 09:38 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-12-14 09:38 - 2015-12-14 09:38 - 00000000 ___DC C:\Program Files\7-Zip
2015-12-12 23:49 - 2015-12-12 23:49 - 00000000 ___DC C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-10 13:10 - 2015-11-12 01:51 - 25837568 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-10 13:10 - 2015-11-12 01:30 - 12856832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-10 13:10 - 2015-11-12 01:14 - 00279040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-10 13:10 - 2015-11-12 01:14 - 00128000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-10 13:10 - 2015-11-12 01:11 - 20366848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-10 13:10 - 2015-11-12 00:42 - 00092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-10 13:10 - 2015-11-10 09:43 - 00496640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-10 13:10 - 2015-11-10 09:41 - 00064000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-10 13:10 - 2015-11-10 09:38 - 02280448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-10 13:10 - 2015-11-10 09:34 - 00476160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-10 13:10 - 2015-11-10 09:32 - 00663552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-10 13:10 - 2015-11-10 09:16 - 04514816 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-10 13:10 - 2015-11-10 09:11 - 00880128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-10 13:10 - 2015-11-10 09:07 - 00230400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-10 13:10 - 2015-11-10 09:06 - 02050560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-10 13:10 - 2015-11-10 09:06 - 00687104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-10 13:10 - 2015-11-10 09:06 - 00325632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-10 13:10 - 2015-11-10 08:55 - 01048576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-10 13:10 - 2015-11-10 08:47 - 02011136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-10 13:10 - 2015-11-10 08:44 - 01311744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-10 13:10 - 2015-11-10 08:42 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-10 13:10 - 2015-11-09 07:45 - 02887168 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-10 13:10 - 2015-11-09 07:45 - 00571392 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-10 13:10 - 2015-11-09 07:34 - 05923840 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-10 13:10 - 2015-11-09 07:32 - 00615936 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-10 13:10 - 2015-11-09 07:31 - 00817664 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-10 13:10 - 2015-11-09 07:02 - 00315392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-10 13:10 - 2015-11-09 07:02 - 00145408 ____C (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-10 13:10 - 2015-11-09 06:55 - 01032704 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-10 13:10 - 2015-11-09 06:48 - 00262144 ____C (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-10 13:10 - 2015-11-09 06:46 - 00372224 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-10 13:10 - 2015-11-09 06:45 - 00798208 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-10 13:10 - 2015-11-09 06:45 - 00718336 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-10 13:10 - 2015-11-09 06:44 - 14456832 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-10 13:10 - 2015-11-09 06:43 - 02123264 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-10 13:10 - 2015-11-09 06:23 - 02880000 ____C (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-10 13:10 - 2015-11-09 06:23 - 02487808 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-10 13:10 - 2015-11-09 06:11 - 01546752 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-10 13:10 - 2015-11-09 06:00 - 00800768 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-10 13:10 - 2015-11-05 18:29 - 00145408 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-10 13:09 - 2015-11-22 16:29 - 07455064 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-10 13:09 - 2015-11-22 16:29 - 01735000 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-10 13:09 - 2015-11-22 16:29 - 01659568 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-10 13:09 - 2015-11-22 16:29 - 01519592 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-10 13:09 - 2015-11-22 16:29 - 01487008 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-10 13:09 - 2015-11-22 16:29 - 01355848 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-10 13:09 - 2015-11-22 16:28 - 01499920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-10 13:09 - 2015-11-22 04:02 - 00016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-10 13:09 - 2015-11-22 03:20 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-10 13:09 - 2015-11-22 02:29 - 01706496 ____C (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-10 13:09 - 2015-11-22 02:19 - 01344000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-10 13:09 - 2015-11-22 02:17 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-10 13:09 - 2015-11-22 02:10 - 00414208 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-10 13:09 - 2015-11-09 10:11 - 01540728 ____C (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-10 13:09 - 2015-11-09 08:00 - 04176384 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-10 13:09 - 2015-11-09 06:53 - 01994752 ____C (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-10 13:09 - 2015-11-09 06:43 - 01383936 ____C (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-10 13:09 - 2015-11-09 06:31 - 01753600 ____C (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-10 13:09 - 2015-11-09 06:22 - 01559552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-10 13:09 - 2015-11-09 06:18 - 01376256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-10 13:09 - 2015-11-09 06:12 - 01490944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-10 13:09 - 2015-10-23 03:13 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-10 13:09 - 2015-10-23 03:13 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-10 13:09 - 2015-10-23 03:13 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-10 13:09 - 2015-10-23 03:13 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-10 13:09 - 2015-10-23 02:29 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-10 13:09 - 2015-10-23 02:29 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-10 13:09 - 2015-10-23 02:29 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-10 13:09 - 2015-10-23 02:29 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-10 13:09 - 2015-10-23 01:51 - 01200128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-10 13:09 - 2015-10-23 01:51 - 00323072 ____C (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-10 13:09 - 2015-10-23 01:28 - 00868864 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-10 13:09 - 2015-10-23 01:28 - 00200704 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-10 13:09 - 2015-10-22 23:38 - 00513456 ____C C:\WINDOWS\SysWOW64\locale.nls
2015-12-10 13:09 - 2015-10-22 23:38 - 00513456 ____C C:\WINDOWS\system32\locale.nls
2015-12-10 13:09 - 2015-10-11 02:50 - 00186880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-10 13:09 - 2015-10-04 05:11 - 01385280 ____C (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-10 13:09 - 2015-10-04 05:11 - 01124384 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-10 13:08 - 2015-11-21 08:17 - 00136904 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-10 13:08 - 2015-11-21 03:48 - 00052224 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-10 13:08 - 2015-11-21 02:28 - 03706880 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-10 13:08 - 2015-11-21 02:17 - 00035840 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-10 13:08 - 2015-11-21 02:16 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-10 13:08 - 2015-11-21 02:14 - 00409088 ____C (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-10 13:08 - 2015-11-21 02:14 - 00095744 ____C (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-10 13:08 - 2015-11-21 02:13 - 00897024 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-10 13:08 - 2015-11-21 02:12 - 02243584 ____C (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-10 13:08 - 2015-11-21 02:00 - 00029696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-10 13:08 - 2015-11-21 01:59 - 00124928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-10 13:08 - 2015-11-21 01:58 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-10 13:08 - 2015-11-21 01:57 - 00726528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-10 13:08 - 2015-10-29 01:19 - 02775552 ____C (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-10 13:08 - 2015-10-29 00:59 - 02462720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-10 13:08 - 2015-10-11 16:04 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-10 13:08 - 2015-10-11 16:04 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-10 13:08 - 2015-10-11 16:04 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-10 13:08 - 2015-10-11 16:04 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-10 13:08 - 2015-10-11 16:04 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-10 13:08 - 2015-10-11 04:11 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-10 13:08 - 2015-10-11 04:11 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-10 13:08 - 2015-10-09 01:41 - 00060928 ____C (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-10 13:08 - 2015-10-09 01:20 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-10 13:08 - 2015-10-06 03:58 - 00146432 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-10 13:08 - 2015-10-06 03:55 - 00572928 ____C (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-09 11:14 - 2015-12-09 11:14 - 00001091 ____C C:\Users\Administration\Downloads\addineyeV2.html
2015-12-09 11:10 - 2015-12-09 11:11 - 16086737 ____C C:\Users\Administration\Downloads\Astrakhan May-June 2011.m4v (1).mp4
2015-12-09 11:10 - 2015-12-09 11:10 - 16086737 ____C C:\Users\Administration\Downloads\Astrakhan May-June 2011.m4v.mp4
2015-12-07 21:47 - 2015-12-27 11:14 - 00000000 ___DC C:\WINDOWS\System32\Tasks\Remediation
2015-12-02 12:16 - 2015-12-23 15:48 - 336658432 ____C C:\Users\Administration\Desktop\DCMI 2015.MYO
2015-12-01 16:47 - 2015-12-02 11:11 - 37945344 ____C C:\OP 2005 Upgraded 2015.MYO
2015-12-01 16:47 - 2015-12-02 11:11 - 00065536 ____C C:\OP 2005 Upgraded 2015.box
2015-12-01 16:32 - 2015-12-02 10:51 - 00065536 ____C C:\OP 2006 Upgraded 2015.box
2015-12-01 16:31 - 2015-12-02 10:51 - 54755328 ____C C:\OP 2006 Upgraded 2015.MYO
2015-11-27 18:41 - 2015-11-27 18:41 - 00003238 ____C C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-11-27 18:41 - 2015-11-27 18:41 - 00000000 ___DC C:\WINDOWS\System32\Tasks\Norton 360

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 11:16 - 2013-11-14 22:13 - 00869412 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-27 11:16 - 2013-08-22 23:06 - 00000000 ___DC C:\WINDOWS\Inf
2015-12-27 11:16 - 2013-08-22 23:06 - 00000000 ___DC C:\Windows
2015-12-27 11:12 - 2014-12-11 15:06 - 00000000 _SHDC C:\Users\Administration\IntelGraphicsProfiles
2015-12-27 11:12 - 2014-02-27 11:44 - 00000000 __RDC C:\Users\Administration\Dropbox
2015-12-27 11:12 - 2014-02-27 11:42 - 00000000 ___DC C:\Users\Administration\AppData\Roaming\Dropbox
2015-12-27 11:12 - 2014-01-06 11:39 - 00000942 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-27 11:11 - 2013-11-21 14:24 - 00000160 _____ C:\WINDOWS\system32\config\netlogon.ftl
2015-12-27 11:11 - 2013-08-23 00:15 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-12-24 17:31 - 2014-01-24 12:44 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-24 17:23 - 2013-12-30 09:35 - 00003990 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FAB7F8E2-6A25-44AB-9292-69AF594BDFC9}
2015-12-24 16:59 - 2014-01-06 11:39 - 00000946 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-24 16:52 - 2015-06-16 10:41 - 00000986 ____C C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1913235342-3225301714-2944181721-1119UA.job
2015-12-24 15:14 - 2013-12-24 13:34 - 00000052 ____C C:\WINDOWS\BRPP2KA.INI
2015-12-24 14:55 - 2013-12-03 16:04 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1913235342-3225301714-2944181721-1119
2015-12-24 14:49 - 2013-11-21 14:36 - 00000000 ___DC C:\Users\Administration\AppData\Local\Packages
2015-12-24 13:39 - 2013-12-31 08:19 - 00000000 ___DC C:\Users\Administration\AppData\Local\CrashDumps
2015-12-24 13:32 - 2013-08-23 01:06 - 00000000 __SDC C:\WINDOWS\Downloaded Program Files
2015-12-24 11:16 - 2013-11-21 15:23 - 00000000 ___DC C:\ProgramData\Norton
2015-12-24 11:10 - 2013-11-21 15:21 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2015-12-24 11:08 - 2014-02-13 17:28 - 00000000 ___DC C:\Users\Public\Downloads\Norton
2015-12-24 11:00 - 2013-12-31 15:54 - 00000000 ___DC C:\Users\Administration\AppData\Local\ElevatedDiagnostics
2015-12-24 09:47 - 2014-05-08 16:58 - 00001086 ____C C:\Users\Public\Desktop\VLC media player.lnk
2015-12-24 09:47 - 2013-12-24 15:53 - 00002061 ____C C:\Users\Public\Desktop\PressReader.lnk
2015-12-24 09:47 - 2013-12-24 12:23 - 00001570 ____C C:\Users\Public\Desktop\MYOB AccountRight Plus v19.lnk
2015-12-24 09:45 - 2014-08-05 11:33 - 00000000 ___DC C:\WINDOWS\system32\appmgmt
2015-12-24 09:45 - 2013-12-27 14:33 - 00001167 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-24 09:38 - 2013-12-28 13:42 - 00000000 ___DC C:\Users\Administration
2015-12-24 09:24 - 2013-08-23 01:06 - 00000000 ___DC C:\WINDOWS\system32\NDF
2015-12-24 09:14 - 2013-12-24 16:06 - 00000000 __SHC C:\Users\Administration\.pr_stat_data
2015-12-24 08:59 - 2013-12-27 15:04 - 00000000 ___DC C:\Users\Administration\Documents\My Library
2015-12-24 08:47 - 2013-08-22 22:55 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-24 08:45 - 2013-08-22 22:55 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-23 14:38 - 2013-12-24 12:27 - 00000426 ____C C:\WINDOWS\MYOBP.INI
2015-12-23 14:37 - 2013-12-24 12:27 - 00000039 ____C C:\WINDOWS\MYOB.INI
2015-12-23 09:52 - 2015-06-16 10:41 - 00000934 ____C C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1913235342-3225301714-2944181721-1119Core.job
2015-12-23 08:30 - 2013-12-27 15:09 - 00000027 __SHC C:\Users\Administration\.pr_data
2015-12-22 10:54 - 2013-12-24 12:23 - 00000000 ___DC C:\Plus19
2015-12-22 09:46 - 2015-10-23 10:23 - 00000000 ___DC C:\Users\Administration\.oracle_jre_usage
2015-12-22 09:46 - 2014-08-05 11:43 - 00000000 ___DC C:\Users\Administration\AppData\Roaming\Oracle
2015-12-21 10:09 - 2014-01-20 16:53 - 00000000 ___DC C:\Users\Administration\AppData\Roaming\AUSkey
2015-12-17 17:21 - 2015-05-12 13:12 - 00000000 ___DC C:\Users\Administration\AppData\Roaming\Skype
2015-12-17 17:07 - 2015-05-12 13:12 - 00000000 ___DC C:\ProgramData\Skype
2015-12-17 17:07 - 2015-04-05 04:58 - 00000000 __SDC C:\WINDOWS\SysWOW64\GWX
2015-12-17 17:07 - 2015-04-05 04:58 - 00000000 __SDC C:\WINDOWS\system32\GWX
2015-12-17 17:07 - 2012-07-26 17:29 - 00000000 ___DC C:\WINDOWS\CbsTemp
2015-12-17 08:02 - 2014-01-06 11:40 - 00002203 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 17:22 - 2013-12-30 15:49 - 00024862 ____C C:\Users\Administration\AppData\Roaming\Comma Separated Values.ADR
2015-12-16 12:09 - 2014-12-08 17:45 - 00001697 ____C C:\Users\Administration\Desktop\Residents V1.08 - Shortcut.lnk
2015-12-16 12:09 - 2014-10-09 11:22 - 00002166 ____C C:\Users\Administration\Desktop\EmergencyReliefFunding V2.6 - Shortcut.lnk
2015-12-16 12:09 - 2014-01-03 08:40 - 00002747 ____C C:\Users\Administration\Desktop\DCOCM Letterhead template.lnk
2015-12-16 12:09 - 2014-01-03 08:40 - 00002747 ____C C:\Users\Administration\Desktop\DCOCM A5 Letterhead Template.lnk
2015-12-14 15:02 - 2015-10-20 12:34 - 18350080 ____C C:\Users\Administration\Desktop\COC 2015.MYO
2015-12-14 09:04 - 2013-12-24 13:34 - 00000480 ____C C:\WINDOWS\BRWMARK.INI
2015-12-12 05:26 - 2013-12-03 15:53 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-12 05:26 - 2013-12-03 15:52 - 00000000 ___DC C:\ProgramData\Microsoft Help
2015-12-12 05:25 - 2012-07-26 14:56 - 00000167 ____C C:\WINDOWS\win.ini
2015-12-11 08:18 - 2013-08-23 00:14 - 04311632 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 03:53 - 2014-07-25 03:22 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-11 03:52 - 2014-01-16 08:19 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2015-12-11 03:52 - 2014-01-16 08:19 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2015-12-11 02:31 - 2014-01-24 12:44 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-10 15:25 - 2013-08-23 01:06 - 00000000 ___DC C:\WINDOWS\SysWOW64\en-GB
2015-12-10 15:25 - 2013-08-23 01:06 - 00000000 ___DC C:\WINDOWS\system32\en-GB
2015-12-10 13:52 - 2013-11-21 14:55 - 00000000 ___DC C:\WINDOWS\system32\MRT
2015-12-10 13:50 - 2013-11-21 14:55 - 140158008 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-07 21:47 - 2015-06-11 07:08 - 00000000 ___DC C:\Program Files\Common Files\AV
2015-12-03 14:19 - 2014-01-06 11:39 - 00000000 ___DC C:\Users\Administration\AppData\Local\Google
2015-12-02 20:54 - 2014-01-06 11:39 - 00003918 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 20:54 - 2014-01-06 11:39 - 00003682 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 02:49 - 2013-08-23 01:08 - 00826872 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-02 02:49 - 2013-08-23 01:08 - 00176632 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-27 18:41 - 2015-07-09 08:59 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
2015-11-27 18:41 - 2015-07-06 14:54 - 00002417 ____C C:\Users\Public\Desktop\Norton 360 Premier.LNK
2015-11-27 18:41 - 2013-11-21 15:24 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64

==================== Files in the root of some directories =======

2013-12-30 15:49 - 2015-12-16 17:22 - 0024862 ____C () C:\Users\Administration\AppData\Roaming\Comma Separated Values.ADR
2014-08-06 16:40 - 2014-08-13 08:30 - 0009432 ____C () C:\Users\Administration\AppData\Roaming\Comma Separated Values.EML
2013-12-03 15:59 - 2013-12-03 15:59 - 0007606 ____C () C:\Users\Administration\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-24 13:56

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by Administration (2015-12-27 11:17:13)
Running from C:\Users\Administration\Desktop
Windows 8.1 Pro (X64) (2013-12-28 04:37:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Admin (S-1-5-21-1839648308-3417406115-3898103215-1002 - Limited - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1839648308-3417406115-3898103215-500 - Administrator - Disabled)
Darwin (S-1-5-21-1839648308-3417406115-3898103215-1001 - Administrator - Enabled) => C:\Users\Darwin
Guest (S-1-5-21-1839648308-3417406115-3898103215-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AUSkey software 1.4.4 (HKLM-x32\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)
Corel Graphics - Windows Shell Extension (HKLM\...\_{2CDF0D0A-C58C-4136-9978-F029B2723B0D}) (Version: 16.4.0.1280 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.4.1280 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.4.1280 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Content (HKLM-x32\...\_{C221B72F-C0AC-4DD7-B27E-701B1E9DE23A}) (Version: 16.0 -  Corel Corporation)
CorelDRAW Graphics Suite X6 - Content (x32 Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - CS (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - CT (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM T3 (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - JP (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.7 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.4.1.1281 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.7 - Corel Corporation) Hidden
Dropbox (HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Licensing Service (03000201) (x32 Version: 03.00.02.15 - Protexis Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MYOB AccountRight Plus v19.9 (HKLM-x32\...\InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}) (Version: 19.9.0 - MYOB Technology Pty Ltd)
MYOB AccountRight Plus v19.9 (x32 Version: 19.9.0 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM-x32\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.1.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v10 AUS (x32 Version: 10.1.0 - MYOB Technology Pty Ltd) Hidden
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.5.15 - Symantec Corporation)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.1.0.26 - Symantec Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFtk - The PDF Toolkit version 2.02 (HKLM-x32\...\{C65EA7B8-FC21-4896-AD44-9CE952BB1255}_is1) (Version: 2.02 - PDF Labs)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.12.0927.0 -  NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Server 2012 Essentials Connector (HKLM\...\{C1E4D639-4A33-4314-809E-89BD0EF48522}) (Version: 6.2.9805.6 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BB6FB11-D3C2-4133-AEC4-B0A607FECECD} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {143016FD-8CDC-497B-96BB-F7AA1616DE84} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {212A1219-3FA9-42B9-AFA7-77F68E223415} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {31B836CB-5CC8-4444-B36B-59B5E60A5D47} - System32\Tasks\Microsoft\Windows\Windows Server\RenewClientCertificate => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {325FB297-6DC6-4EE3-A36B-C6897ADDC3C5} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {3C34D808-1733-4133-9AD9-B0A20490DDF2} - System32\Tasks\Microsoft\Windows\Windows Server\Backup => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {3E89D8DA-2997-4FC1-B2A8-43F85F3E5A68} - System32\Tasks\Microsoft\Windows\Windows Server\ConfigureRDPGroup => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {483B5695-B4DD-4C78-B8FC-326C8256CBB3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5673C877-5722-44B8-9228-4CDC677060AC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1913235342-3225301714-2944181721-1119UA => C:\Users\Administration\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {58249DDE-489F-44F0-85D0-2BDEE6E040D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {582DBD24-F544-43B8-A9D2-463145CA066B} - System32\Tasks\Microsoft\Windows\Windows Server\InstallAddIns => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {63319943-54A9-4B6B-A785-29D7CED8405F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {69DB4951-E41B-41CC-9E2C-5A2623FB7056} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {6EAF90F5-35DE-4848-A2EC-16821DC340DA} - System32\Tasks\Microsoft\Windows\Windows Server\UploadCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {79B47685-A8C2-4BB0-93DC-1B943687CB79} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {7C14CE0A-AEE5-432C-82F1-E0BD2DDF26B1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {7D56898B-DEE0-4073-95F2-487F1ADB4849} - System32\Tasks\Microsoft\Windows\Windows Server\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {87BE7E56-11ED-495D-9864-9ED8863985E9} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2015-11-23] (Symantec Corporation)
Task: {8B290399-DF34-45F9-8A09-2F155B6A2700} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-11] (Adobe Systems Incorporated)
Task: {92C24A67-9842-4D76-BF10-13363002A216} - System32\Tasks\Microsoft\Windows\Windows Server\SaveCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {98C31793-A0C6-480D-9635-70E264ED7B0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9E502F53-4074-4EA6-8355-A2AE8B9138E5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\WSCStub.exe [2015-11-23] (Symantec Corporation)
Task: {B639445F-3FD6-4730-B0BA-F825836D1168} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D2319C26-BD00-4D53-B5E8-D0E813ED2721} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {E5D5B88F-B5F3-4116-BA26-20FB0BDF6EDF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F7AFF4F7-0807-42E7-BF16-8BEA63CBB462} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1913235342-3225301714-2944181721-1119Core => C:\Users\Administration\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {FC63C82D-E0E9-4118-8078-4BC97C8C8CB0} - System32\Tasks\Microsoft\Windows\Windows Server\Health Definition Updates => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {FE4A5010-E42E-4335-8077-C6C77A7A8D26} - System32\Tasks\Microsoft\Windows\Windows Server\RepaireVpnRoutes => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1913235342-3225301714-2944181721-1119Core.job => C:\Users\Administration\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1913235342-3225301714-2944181721-1119UA.job => C:\Users\Administration\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-12-28 13:41 - 2013-07-04 03:02 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 ____C () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-21 00:02 - 2015-08-09 04:50 - 00404376 ____C () C:\WINDOWS\system32\igfxTray.exe
2013-12-28 13:41 - 2015-12-27 11:11 - 00025088 ____C () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2013-12-28 13:41 - 2013-07-04 03:02 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-12-12 23:49 - 2015-10-31 10:29 - 00034768 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00019408 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00022848 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00023352 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00042296 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-12 23:49 - 2015-10-31 10:29 - 00116688 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 23:49 - 2015-10-31 10:29 - 00093640 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 23:49 - 2015-10-31 10:29 - 00018376 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00019760 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00105928 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-12 23:49 - 2015-10-31 10:29 - 00392144 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 23:49 - 2015-12-09 07:06 - 00381752 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 23:49 - 2015-10-31 10:29 - 00692688 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00020816 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00109520 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 01737032 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00020808 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00020800 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00021840 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00038696 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00024528 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00020936 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00114640 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00021320 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00124880 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00030160 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00043472 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00175560 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00028616 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00024016 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00048592 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00024392 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00036296 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 23:49 - 2015-10-31 10:30 - 00024016 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00117056 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00023376 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 23:49 - 2015-10-31 10:29 - 00134608 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-12 23:49 - 2015-10-31 10:29 - 00134088 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00240584 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00020280 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00052024 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00021304 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00350152 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00084792 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-12 23:49 - 2015-12-09 07:06 - 01826608 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00083912 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 03891504 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 01950000 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00519984 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00133936 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00225080 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00207672 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00024904 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00486704 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00357680 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-05 07:15 - 2015-10-31 10:31 - 00019920 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-05 07:15 - 2015-10-31 10:30 - 00786904 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 16:15 - 2015-10-31 10:30 - 00063448 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-05 07:15 - 2015-10-31 10:30 - 00019408 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 22:55 - 2013-08-22 22:55 - 00000824 ____C C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\Control Panel\Desktop\\Wallpaper -> C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.20 - 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0E0FEA9A-9C61-4578-B42E-51A67E4B7586}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{78497442-D94B-496C-9317-DA91CA062845}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CC32921E-0E48-4A8D-8F56-00AE839E9C77}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{58D32FFE-792A-43D6-A615-0EDC1D93E9E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CA0FA9F4-4AFD-46E2-959A-31D0DD514FAF}] => (Allow) C:\Users\Administration\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{35474D00-1605-4060-9335-56B558A1C02A}] => (Allow) C:\Users\Administration\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6982E29E-BAEF-465D-BC84-7805BD8E8ACB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7D7FECAD-04CE-47E6-A266-A88AC7634F29}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{635D00B1-D9CA-483C-AFB6-DDB2F42C1B49}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{038D924A-75AC-4AE8-8D89-8D48BD5B204B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{09C4B17A-09C3-465D-9DAE-7D8B31ED711C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{43363A21-0CD0-418E-8479-6D4C9BAEAC4F}C:\users\administration\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\administration\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{00D735C8-ADBE-4045-8884-31AB9592B32E}C:\users\administration\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\administration\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2FE5DB51-4841-4EC3-A20E-BCA5427B05A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{55DB3CC6-482E-44C5-A94D-EC93831E6171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9075180C-FEEB-4E65-BB7E-816A91B28967}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A174C65D-E49E-4C38-A642-012D96699478}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2015 05:23:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 15.0.4779.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ca0

Start Time: 01d13e201a2f5056

Termination Time: 16

Application Path: C:\Program Files\Microsoft Office\Office15\WINWORD.EXE

Report Id: 67ad3d44-aa13-11e5-bfb2-74d02b7a3b02

Faulting package full name:

Faulting package-relative application ID:

Error: (12/24/2015 01:40:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FixVundo.exe, version: 1.5.0.0, time stamp: 0x43872052
Faulting module name: FixVundo.exe, version: 1.5.0.0, time stamp: 0x43872052
Exception code: 0xc0000005
Fault offset: 0x0000904e
Faulting process ID: 0x1fe4
Faulting application start time: 0xFixVundo.exe0
Faulting application path: FixVundo.exe1
Faulting module path: FixVundo.exe2
Report ID: FixVundo.exe3
Faulting package full name: FixVundo.exe4
Faulting package-relative application ID: FixVundo.exe5

Error: (12/24/2015 01:39:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FixVundo.exe, version: 1.5.0.0, time stamp: 0x43872052
Faulting module name: FixVundo.exe, version: 1.5.0.0, time stamp: 0x43872052
Exception code: 0xc0000005
Fault offset: 0x0000904e
Faulting process ID: 0x2abc
Faulting application start time: 0xFixVundo.exe0
Faulting application path: FixVundo.exe1
Faulting module path: FixVundo.exe2
Report ID: FixVundo.exe3
Faulting package full name: FixVundo.exe4
Faulting package-relative application ID: FixVundo.exe5

Error: (12/24/2015 01:35:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: ONLINE~1.OCX_unloaded, version: 1.0.0.7777, time stamp: 0x55546935
Exception code: 0xc0000005
Fault offset: 0x000a08e0
Faulting process ID: 0x27f8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/24/2015 01:32:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/24/2015 11:00:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: MFMediaEngine.dll, version: 6.3.9600.17489, time stamp: 0x54658d1b
Exception code: 0xc0000005
Fault offset: 0x00085de9
Faulting process ID: 0x4a0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/24/2015 11:00:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
Faulting module name: MFMediaEngine.dll, version: 6.3.9600.17489, time stamp: 0x54658d1b
Exception code: 0xc0000005
Fault offset: 0x00085de9
Faulting process ID: 0x76c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/24/2015 10:29:56 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Launchpad.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
   at System.Windows.Forms.ListView+ListViewNativeItemCollection.get_Item(Int32)
   at System.Windows.Forms.ListView+ListViewItemCollection.get_Item(Int32)
   at System.Windows.Forms.ListView+ListViewNativeItemCollection.Clear()
   at System.Windows.Forms.ListView.Dispose(Boolean)
   at System.ComponentModel.Component.Dispose()
   at System.Windows.Forms.Control.Dispose(Boolean)
   at System.ComponentModel.Component.Dispose()
   at System.Windows.Forms.Control.Dispose(Boolean)
   at System.Windows.Forms.ContainerControl.Dispose(Boolean)
   at System.ComponentModel.Component.Dispose()
   at System.Windows.Forms.Control.Dispose(Boolean)
   at System.Windows.Forms.ContainerControl.Dispose(Boolean)
   at Microsoft.WindowsServerSolutions.Administration.Controls.AlertsView.AlertsViewer.Dispose(Boolean)
   at System.ComponentModel.Component.Dispose()
   at System.Windows.Forms.Control.Dispose(Boolean)
   at System.Windows.Forms.ContainerControl.Dispose(Boolean)
   at System.Windows.Forms.Form.Dispose(Boolean)
   at System.ComponentModel.Component.Dispose()
   at System.Windows.Forms.Form.WmClose(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.Form.WndProc(System.Windows.Forms.Message ByRef)
   at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr, Int32, IntPtr, IntPtr)

Error: (12/24/2015 09:24:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_winethc.dll, version: 6.3.9600.17415, time stamp: 0x54504eb8
Faulting module name: USER32.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb
Exception code: 0xc0000142
Fault offset: 0x00000000000ec540
Faulting process ID: 0x9f4
Faulting application start time: 0xrundll32.exe_winethc.dll0
Faulting application path: rundll32.exe_winethc.dll1
Faulting module path: rundll32.exe_winethc.dll2
Report ID: rundll32.exe_winethc.dll3
Faulting package full name: rundll32.exe_winethc.dll4
Faulting package-relative application ID: rundll32.exe_winethc.dll5

Error: (12/24/2015 08:57:38 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e29d5950-ed8e-476f-ba03-09507693a56c}

System errors:
=============
Error: (12/27/2015 11:11:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (12/27/2015 11:11:48 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:06:52 on ‎24/‎12/‎2015 was unexpected.

Error: (12/27/2015 11:11:41 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256843963344

Error: (12/24/2015 01:46:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (12/24/2015 01:46:33 PM) (Source: DCOM) (EventID: 10005) (User: DARWINCHRISTIAN)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/24/2015 01:46:17 PM) (Source: DCOM) (EventID: 10005) (User: DARWINCHRISTIAN)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/24/2015 01:46:11 PM) (Source: DCOM) (EventID: 10005) (User: DARWINCHRISTIAN)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/24/2015 01:46:03 PM) (Source: DCOM) (EventID: 10005) (User: DARWINCHRISTIAN)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/24/2015 01:45:55 PM) (Source: DCOM) (EventID: 10005) (User: DARWINCHRISTIAN)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/24/2015 01:45:55 PM) (Source: DCOM) (EventID: 10005) (User: DARWINCHRISTIAN)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 29%
Total physical RAM: 7875.95 MB
Available physical RAM: 5531.5 MB
Total Virtual: 9091.95 MB
Available Virtual: 6584.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.38 GB) (Free:1.37 GB) NTFS
Drive d: (Storage) (Fixed) (Total:455.99 GB) (Free:433.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 83DEA43B)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=149 MB) - (Type=DE)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:23 AM

Posted 27 December 2015 - 06:03 AM

Hi,

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Studio81

Studio81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:53 PM

Posted 28 December 2015 - 06:48 PM

Thanks,

 

Here is the log file:

 

09:12:05.0874 0x0aac TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12

09:12:05.0874 0x0aac UEFI system

09:12:12.0477 0x0aac ============================================================

09:12:12.0477 0x0aac Current date / time: 2015/12/29 09:12:12.0477

09:12:12.0477 0x0aac SystemInfo:

09:12:12.0477 0x0aac

09:12:12.0477 0x0aac OS Version: 6.3.9600 ServicePack: 0.0

09:12:12.0477 0x0aac Product type: Workstation

09:12:12.0477 0x0aac ComputerName: ADMINISTRATOR

09:12:12.0477 0x0aac UserName: Administration

09:12:12.0477 0x0aac Windows directory: C:\WINDOWS

09:12:12.0477 0x0aac System windows directory: C:\WINDOWS

09:12:12.0477 0x0aac Running under WOW64

09:12:12.0477 0x0aac Processor architecture: Intel x64

09:12:12.0477 0x0aac Number of processors: 4

09:12:12.0477 0x0aac Page size: 0x1000

09:12:12.0477 0x0aac Boot type: Normal boot

09:12:12.0477 0x0aac ============================================================

09:12:13.0819 0x0aac KLMD registered as C:\WINDOWS\system32\drivers\05037447.sys

09:12:17.0685 0x0aac System UUID: {B23E5C1B-0D55-564D-FA9B-273EED8455B3}

09:12:24.0963 0x0aac Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 ( 55.90 Gb ), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:12:24.0968 0x0aac Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:12:24.0971 0x0aac ============================================================

09:12:24.0971 0x0aac \Device\Harddisk0\DR0:

09:12:24.0972 0x0aac GPT partitions:

09:12:24.0973 0x0aac \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {68AF6181-E311-41B2-A33E-DDAD0A66F5A0}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000

09:12:24.0973 0x0aac \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3902C5BA-2E69-4475-B032-30305760ADBA}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x31800

09:12:24.0973 0x0aac \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {FF24F6C9-3254-4C36-A2EB-F3C9FBE72316}, Name: Microsoft reserved partition, StartLBA 0xC8000, BlocksNum 0x40000

09:12:24.0973 0x0aac \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8451B969-B300-4E02-A20C-DCD9FCC10232}, Name: Basic data partition, StartLBA 0x108000, BlocksNum 0x6EC4800

09:12:24.0973 0x0aac MBR partitions:

09:12:24.0973 0x0aac \Device\Harddisk1\DR1:

09:12:24.0973 0x0aac MBR partitions:

09:12:24.0973 0x0aac \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x38FFB800

09:12:24.0973 0x0aac ============================================================

09:12:24.0974 0x0aac C: <-> \Device\Harddisk0\DR0\Partition4

09:12:25.0006 0x0aac D: <-> \Device\Harddisk1\DR1\Partition1

09:12:25.0006 0x0aac ============================================================

09:12:25.0006 0x0aac Initialize success

09:12:25.0006 0x0aac ============================================================

09:12:50.0539 0x1d14 ============================================================

09:12:50.0539 0x1d14 Scan started

09:12:50.0539 0x1d14 Mode: Manual; SigCheck; TDLFS;

09:12:50.0539 0x1d14 ============================================================

09:12:50.0539 0x1d14 KSN ping started

09:12:53.0548 0x1d14 KSN ping finished: true

09:12:53.0828 0x1d14 ================ Scan system memory ========================

09:12:53.0828 0x1d14 System memory - ok

09:12:53.0828 0x1d14 ================ Scan services =============================

09:12:53.0873 0x1d14 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys

09:12:53.0906 0x1d14 1394ohci - ok

09:12:53.0920 0x1d14 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys

09:12:53.0929 0x1d14 3ware - ok

09:12:53.0945 0x1d14 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys

09:12:53.0967 0x1d14 ACPI - ok

09:12:53.0972 0x1d14 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys

09:12:53.0980 0x1d14 acpiex - ok

09:12:53.0985 0x1d14 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys

09:12:53.0991 0x1d14 acpipagr - ok

09:12:53.0995 0x1d14 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys

09:12:54.0004 0x1d14 AcpiPmi - ok

09:12:54.0006 0x1d14 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys

09:12:54.0013 0x1d14 acpitime - ok

09:12:54.0019 0x1d14 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:12:54.0026 0x1d14 AdobeARMservice - ok

09:12:54.0052 0x1d14 [ C3E7E1F3C85A6788F3BA078BA214341E, A3D72ACE045730DC1C8A6F4E3937C5C765AB447BF7C573BEC53DE8148EB4A1C8 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:12:54.0063 0x1d14 AdobeFlashPlayerUpdateSvc - ok

09:12:54.0083 0x1d14 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS

09:12:54.0111 0x1d14 ADP80XX - ok

09:12:54.0119 0x1d14 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll

09:12:54.0131 0x1d14 AeLookupSvc - ok

09:12:54.0145 0x1d14 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD C:\WINDOWS\system32\drivers\afd.sys

09:12:54.0167 0x1d14 AFD - ok

09:12:54.0174 0x1d14 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys

09:12:54.0181 0x1d14 agp440 - ok

09:12:54.0187 0x1d14 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys

09:12:54.0195 0x1d14 ahcache - ok

09:12:54.0200 0x1d14 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\WINDOWS\System32\alg.exe

09:12:54.0209 0x1d14 ALG - ok

09:12:54.0214 0x1d14 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys

09:12:54.0224 0x1d14 AmdK8 - ok

09:12:54.0229 0x1d14 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys

09:12:54.0239 0x1d14 AmdPPM - ok

09:12:54.0244 0x1d14 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys

09:12:54.0252 0x1d14 amdsata - ok

09:12:54.0261 0x1d14 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys

09:12:54.0274 0x1d14 amdsbs - ok

09:12:54.0277 0x1d14 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys

09:12:54.0284 0x1d14 amdxata - ok

09:12:54.0290 0x1d14 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\WINDOWS\system32\drivers\appid.sys

09:12:54.0299 0x1d14 AppID - ok

09:12:54.0303 0x1d14 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll

09:12:54.0310 0x1d14 AppIDSvc - ok

09:12:54.0316 0x1d14 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\WINDOWS\System32\appinfo.dll

09:12:54.0327 0x1d14 Appinfo - ok

09:12:54.0333 0x1d14 [ 1A8EA3500576DD4B43E9318F10709E0E, 85F8581C319DE241B223366F08A5F9301858DA9DA1A0CAA10ED387A2B99EC216 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

09:12:54.0345 0x1d14 AppMgmt - ok

09:12:54.0361 0x1d14 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll

09:12:54.0382 0x1d14 AppReadiness - ok

09:12:54.0430 0x1d14 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll

09:12:54.0474 0x1d14 AppXSvc - ok

09:12:54.0481 0x1d14 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys

09:12:54.0490 0x1d14 arcsas - ok

09:12:54.0509 0x1d14 [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

09:12:54.0537 0x1d14 asComSvc - ok

09:12:54.0542 0x1d14 [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO C:\WINDOWS\syswow64\drivers\AsIO.sys

09:12:54.0547 0x1d14 AsIO - ok

09:12:54.0551 0x1d14 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys

09:12:54.0557 0x1d14 atapi - ok

09:12:54.0578 0x1d14 [ D278B7C0205249398F434856F5329FC9, 19526BC7D85D1EA63449A94274183EA051AB9F0F32209514041906E691060405 ] AU8168 C:\WINDOWS\system32\DRIVERS\au630x64.sys

09:12:54.0604 0x1d14 AU8168 - ok

09:12:54.0615 0x1d14 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll

09:12:54.0629 0x1d14 AudioEndpointBuilder - ok

09:12:54.0655 0x1d14 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll

09:12:54.0687 0x1d14 Audiosrv - ok

09:12:54.0695 0x1d14 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll

09:12:54.0705 0x1d14 AxInstSV - ok

09:12:54.0721 0x1d14 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys

09:12:54.0742 0x1d14 b06bdrv - ok

09:12:54.0747 0x1d14 [ AAA12FAA1CA4374D1F4FA3949C36E8FC, D4FE2FBDBDB365C5B5CCEFD164504ADD59637C1D8E6C51E7B664556013A7EE1A ] BackupReader C:\WINDOWS\System32\drivers\BackupReader.sys

09:12:54.0754 0x1d14 BackupReader - ok

09:12:54.0757 0x1d14 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys

09:12:54.0766 0x1d14 BasicDisplay - ok

09:12:54.0771 0x1d14 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys

09:12:54.0779 0x1d14 BasicRender - ok

09:12:54.0784 0x1d14 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys

09:12:54.0789 0x1d14 bcmfn2 - ok

09:12:54.0800 0x1d14 [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC C:\WINDOWS\System32\bdesvc.dll

09:12:54.0815 0x1d14 BDESVC - ok

09:12:54.0820 0x1d14 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys

09:12:54.0828 0x1d14 Beep - ok

09:12:54.0848 0x1d14 [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE C:\WINDOWS\System32\bfe.dll

09:12:54.0874 0x1d14 BFE - ok

09:12:54.0913 0x1d14 [ 9CF4428D09C73B6F633AF9E58B835689, 173D1A8A3E1B1CA6D0E4773B048B8B6549A8124E87942992BDE30211BEFFBE20 ] BHDrvx64 C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20151218.001\BHDrvx64.sys

09:12:54.0952 0x1d14 BHDrvx64 - ok

09:12:54.0981 0x1d14 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\WINDOWS\System32\qmgr.dll

09:12:55.0005 0x1d14 BITS - ok

09:12:55.0012 0x1d14 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys

09:12:55.0021 0x1d14 bowser - ok

09:12:55.0030 0x1d14 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll

09:12:55.0043 0x1d14 BrokerInfrastructure - ok

09:12:55.0049 0x1d14 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\WINDOWS\System32\browser.dll

09:12:55.0060 0x1d14 Browser - ok

09:12:55.0064 0x1d14 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys

09:12:55.0073 0x1d14 BthAvrcpTg - ok

09:12:55.0077 0x1d14 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys

09:12:55.0087 0x1d14 BthHFEnum - ok

09:12:55.0090 0x1d14 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys

09:12:55.0098 0x1d14 bthhfhid - ok

09:12:55.0107 0x1d14 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll

09:12:55.0122 0x1d14 BthHFSrv - ok

09:12:55.0128 0x1d14 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys

09:12:55.0137 0x1d14 BTHMODEM - ok

09:12:55.0143 0x1d14 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\WINDOWS\system32\bthserv.dll

09:12:55.0152 0x1d14 bthserv - ok

09:12:55.0159 0x1d14 [ 5A1C7DBDDB001BC6F1D1720E655445E2, 07A766C804D0709936FF18A2F67C49D6499BEF9CEEB1EF69F654A35268A11027 ] ccSet_N360 C:\WINDOWS\system32\drivers\N360x64\1605050.00F\ccSetx64.sys

09:12:55.0169 0x1d14 ccSet_N360 - ok

09:12:55.0175 0x1d14 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys

09:12:55.0186 0x1d14 cdfs - ok

09:12:55.0195 0x1d14 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys

09:12:55.0205 0x1d14 cdrom - ok

09:12:55.0213 0x1d14 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\WINDOWS\System32\certprop.dll

09:12:55.0225 0x1d14 CertPropSvc - ok

09:12:55.0229 0x1d14 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys

09:12:55.0237 0x1d14 circlass - ok

09:12:55.0250 0x1d14 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys

09:12:55.0266 0x1d14 CLFS - ok

09:12:55.0275 0x1d14 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys

09:12:55.0282 0x1d14 CmBatt - ok

09:12:55.0298 0x1d14 [ 0DE32A0BB1FE2A773666572F79584520, C417C12476B937265BEDC9A2C3C3F6C50FD19AEC096362337B0921627A2A92EA ] CNG C:\WINDOWS\system32\Drivers\cng.sys

09:12:55.0321 0x1d14 CNG - ok

09:12:55.0326 0x1d14 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys

09:12:55.0334 0x1d14 CompositeBus - ok

09:12:55.0337 0x1d14 COMSysApp - ok

09:12:55.0340 0x1d14 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys

09:12:55.0348 0x1d14 condrv - ok

09:12:55.0357 0x1d14 [ DAC4D7D79C07957F237E1A4F24435E96, F0D5C21A403580D71F1F6B049C5BB043D3257D39FABCDE623E81CD48034610AC ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

09:12:55.0371 0x1d14 cphs - ok

09:12:55.0380 0x1d14 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll

09:12:55.0393 0x1d14 CryptSvc - ok

09:12:55.0409 0x1d14 [ 9DBC32A45CFA67074432D2AF6C2832B6, B3B26302961A95EDFD4F994D56B1E5A8452266E0C2161D15C1213BBE376227A2 ] CSC C:\WINDOWS\system32\drivers\csc.sys

09:12:55.0430 0x1d14 CSC - ok

09:12:55.0450 0x1d14 [ 86079FF8A3B625ABAEB68841D2BF6FE6, 49FF4D458DF8FAB4ECA8CAD9BBF88C929C8B9AB7F063938A6A332B31F2C0F8EB ] CscService C:\WINDOWS\System32\cscsvc.dll

09:12:55.0475 0x1d14 CscService - ok

09:12:55.0482 0x1d14 [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam C:\WINDOWS\system32\drivers\dam.sys

09:12:55.0489 0x1d14 dam - ok

09:12:55.0512 0x1d14 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

09:12:55.0536 0x1d14 DcomLaunch - ok

09:12:55.0553 0x1d14 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\WINDOWS\System32\defragsvc.dll

09:12:55.0573 0x1d14 defragsvc - ok

09:12:55.0588 0x1d14 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll

09:12:55.0606 0x1d14 DeviceAssociationService - ok

09:12:55.0614 0x1d14 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll

09:12:55.0625 0x1d14 DeviceInstall - ok

09:12:55.0632 0x1d14 [ D01CAFDD13158FCA1EEC82908A40148B, 3B823EFA7E61CFC50FA492AA11042CED137ED7B1C521C734C45AA804ED67BEC8 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys

09:12:55.0643 0x1d14 Dfsc - ok

09:12:55.0655 0x1d14 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\WINDOWS\system32\dhcpcore.dll

09:12:55.0674 0x1d14 Dhcp - ok

09:12:55.0711 0x1d14 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack C:\WINDOWS\system32\diagtrack.dll

09:12:55.0755 0x1d14 DiagTrack - ok

09:12:55.0763 0x1d14 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys

09:12:55.0772 0x1d14 disk - ok

09:12:55.0775 0x1d14 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys

09:12:55.0783 0x1d14 dmvsc - ok

09:12:55.0791 0x1d14 [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

09:12:55.0806 0x1d14 Dnscache - ok

09:12:55.0815 0x1d14 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\WINDOWS\System32\dot3svc.dll

09:12:55.0829 0x1d14 dot3svc - ok

09:12:55.0837 0x1d14 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\WINDOWS\system32\dps.dll

09:12:55.0849 0x1d14 DPS - ok

09:12:55.0853 0x1d14 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

09:12:55.0860 0x1d14 drmkaud - ok

09:12:55.0868 0x1d14 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll

09:12:55.0881 0x1d14 DsmSvc - ok

09:12:55.0916 0x1d14 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys

09:12:55.0964 0x1d14 DXGKrnl - ok

09:12:55.0972 0x1d14 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\WINDOWS\System32\eapsvc.dll

09:12:55.0982 0x1d14 Eaphost - ok

09:12:56.0049 0x1d14 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys

09:12:56.0137 0x1d14 ebdrv - ok

09:12:56.0159 0x1d14 [ DB817375F4D6D3F2556DE7777775D885, 6DC5CC936E26CBB468ACDD008F6F8B30F8D9D1EC631BCDDF7E692814C9A54D7D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

09:12:56.0177 0x1d14 eeCtrl - ok

09:12:56.0182 0x1d14 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\WINDOWS\System32\lsass.exe

09:12:56.0191 0x1d14 EFS - ok

09:12:56.0195 0x1d14 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys

09:12:56.0203 0x1d14 EhStorClass - ok

09:12:56.0208 0x1d14 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys

09:12:56.0218 0x1d14 EhStorTcgDrv - ok

09:12:56.0222 0x1d14 [ A47F76D4AAFD6193AAC5E049C560213D, 2B6E4EB31394C4D8D2444A197FFCC3C702BC17B0F7BDF0D6FF87DF5C14016FC1 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

09:12:56.0230 0x1d14 EraserUtilRebootDrv - ok

09:12:56.0234 0x1d14 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys

09:12:56.0241 0x1d14 ErrDev - ok

09:12:56.0246 0x1d14 [ 3B32CAA07D672F8A2E0DF5CB3A873F45, 09687E30FA5779C3593769D66CAEBED95C932746EDD6E83DABE3DCFD126AB5EC ] EsgScanner C:\WINDOWS\system32\DRIVERS\EsgScanner.sys

09:12:56.0252 0x1d14 EsgScanner - ok

09:12:56.0268 0x1d14 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\WINDOWS\system32\es.dll

09:12:56.0287 0x1d14 EventSystem - ok

09:12:56.0295 0x1d14 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys

09:12:56.0314 0x1d14 exfat - ok

09:12:56.0322 0x1d14 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys

09:12:56.0334 0x1d14 fastfat - ok

09:12:56.0356 0x1d14 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\WINDOWS\system32\fxssvc.exe

09:12:56.0382 0x1d14 Fax - ok

09:12:56.0387 0x1d14 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys

09:12:56.0395 0x1d14 fdc - ok

09:12:56.0398 0x1d14 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\WINDOWS\system32\fdPHost.dll

09:12:56.0406 0x1d14 fdPHost - ok

09:12:56.0409 0x1d14 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\WINDOWS\system32\fdrespub.dll

09:12:56.0417 0x1d14 FDResPub - ok

09:12:56.0423 0x1d14 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\WINDOWS\system32\fhsvc.dll

09:12:56.0433 0x1d14 fhsvc - ok

09:12:56.0438 0x1d14 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys

09:12:56.0446 0x1d14 FileInfo - ok

09:12:56.0450 0x1d14 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys

09:12:56.0461 0x1d14 Filetrace - ok

09:12:56.0464 0x1d14 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys

09:12:56.0472 0x1d14 flpydisk - ok

09:12:56.0484 0x1d14 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

09:12:56.0502 0x1d14 FltMgr - ok

09:12:56.0539 0x1d14 [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D22D394DB2A040CA ] FontCache C:\WINDOWS\system32\FntCache.dll

09:12:56.0580 0x1d14 FontCache - ok

09:12:56.0588 0x1d14 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:12:56.0595 0x1d14 FontCache3.0.0.0 - ok

09:12:56.0601 0x1d14 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys

09:12:56.0609 0x1d14 FsDepends - ok

09:12:56.0612 0x1d14 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:12:56.0619 0x1d14 Fs_Rec - ok

09:12:56.0635 0x1d14 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys

09:12:56.0656 0x1d14 fvevol - ok

09:12:56.0661 0x1d14 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys

09:12:56.0669 0x1d14 FxPPM - ok

09:12:56.0673 0x1d14 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys

09:12:56.0682 0x1d14 gagp30kx - ok

09:12:56.0686 0x1d14 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:12:56.0691 0x1d14 GEARAspiWDM - ok

09:12:56.0694 0x1d14 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys

09:12:56.0701 0x1d14 gencounter - ok

09:12:56.0708 0x1d14 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys

09:12:56.0719 0x1d14 GPIOClx0101 - ok

09:12:56.0757 0x1d14 [ 0B23817CF49000C854290F3D5CDA78D4, B3C817129D883AB5C0E81B182703B2320FA9234305D12E9C565C3E89678403C5 ] gpsvc C:\WINDOWS\System32\gpsvc.dll

09:12:56.0804 0x1d14 gpsvc - ok

09:12:56.0813 0x1d14 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:12:56.0820 0x1d14 gupdate - ok

09:12:56.0825 0x1d14 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:12:56.0831 0x1d14 gupdatem - ok

09:12:56.0843 0x1d14 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys

09:12:56.0859 0x1d14 HdAudAddService - ok

09:12:56.0866 0x1d14 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys

09:12:56.0875 0x1d14 HDAudBus - ok

09:12:56.0879 0x1d14 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys

09:12:56.0886 0x1d14 HidBatt - ok

09:12:56.0892 0x1d14 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys

09:12:56.0902 0x1d14 HidBth - ok

09:12:56.0905 0x1d14 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys

09:12:56.0914 0x1d14 hidi2c - ok

09:12:56.0918 0x1d14 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys

09:12:56.0926 0x1d14 HidIr - ok

09:12:56.0929 0x1d14 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\WINDOWS\system32\hidserv.dll

09:12:56.0937 0x1d14 hidserv - ok

09:12:56.0941 0x1d14 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys

09:12:56.0949 0x1d14 HidUsb - ok

09:12:56.0954 0x1d14 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\WINDOWS\system32\kmsvc.dll

09:12:56.0964 0x1d14 hkmsvc - ok

09:12:56.0974 0x1d14 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll

09:12:56.0989 0x1d14 HomeGroupListener - ok

09:12:57.0004 0x1d14 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll

09:12:57.0021 0x1d14 HomeGroupProvider - ok

09:12:57.0026 0x1d14 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys

09:12:57.0034 0x1d14 HpSAMD - ok

09:12:57.0062 0x1d14 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys

09:12:57.0099 0x1d14 HTTP - ok

09:12:57.0104 0x1d14 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys

09:12:57.0111 0x1d14 hwpolicy - ok

09:12:57.0113 0x1d14 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys

09:12:57.0121 0x1d14 hyperkbd - ok

09:12:57.0123 0x1d14 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys

09:12:57.0129 0x1d14 HyperVideo - ok

09:12:57.0136 0x1d14 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys

09:12:57.0146 0x1d14 i8042prt - ok

09:12:57.0149 0x1d14 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys

09:12:57.0155 0x1d14 iaLPSSi_GPIO - ok

09:12:57.0160 0x1d14 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys

09:12:57.0167 0x1d14 iaLPSSi_I2C - ok

09:12:57.0184 0x1d14 [ FA4C48E36F0B24E7E33D3E7E1844B9C9, F61F448B8E305DEFDDA5D4A6FC4E57C798C11ED4DA0ACB885847DC8A9A7B4E98 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys

09:12:57.0201 0x1d14 iaStorA - ok

09:12:57.0219 0x1d14 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys

09:12:57.0239 0x1d14 iaStorAV - ok

09:12:57.0245 0x1d14 [ D5854F77CEEAFC5A8405F8ECCBEC09DF, 06D94EAF55787F807FB40E95011E90B0A719AC1A1529C2C110C1EABC5BE02C5B ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

09:12:57.0249 0x1d14 IAStorDataMgrSvc - ok

09:12:57.0262 0x1d14 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys

09:12:57.0278 0x1d14 iaStorV - ok

09:12:57.0302 0x1d14 [ 3448DB2B812AA873ED6E5D609B1DB067, E0F9B35FE59713C09BD838FAD5305DF5FDF24DF1D88F8849F7F88466CF93A7F7 ] IDSVia64 C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20151228.001\IDSvia64.sys

09:12:57.0323 0x1d14 IDSVia64 - ok

09:12:57.0327 0x1d14 IEEtwCollectorService - ok

09:12:57.0446 0x1d14 [ 5863E2DD2E5C2D1B1F70C3826C162A7B, A6A0DBFA91F53D116AFFC1644F636A9D33A20B00A842A190190584F8AE2D1FF0 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys

09:12:57.0471 0x22c8 Object required for P2P: [ C3E7E1F3C85A6788F3BA078BA214341E ] AdobeFlashPlayerUpdateSvc

09:12:57.0581 0x1d14 igfx - ok

09:12:57.0601 0x1d14 [ C5202C7669226FF13A74228BD42AD982, BA843DEF6649DF34F9D0D0A380E77557D7785B8239A61EA33EFF08AEF0C8E6DE ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe

09:12:57.0613 0x1d14 igfxCUIService1.0.0.0 - ok

09:12:57.0640 0x1d14 [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT C:\WINDOWS\System32\ikeext.dll

09:12:57.0673 0x1d14 IKEEXT - ok

09:12:57.0680 0x1d14 [ 21A234D233DE0441E6FDAAA10F7877CD, 3C7F520CC45899679289EAC35F3FB6FDC8992D19B9A2229870CD56F786FDD6F0 ] initMonitor C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

09:12:57.0687 0x1d14 initMonitor - ok

09:12:57.0690 0x1d14 [ 5950F69F9B345952F3C2275C39EA393B, 382923DE0F5F25285F8C86BA628350DF1CFB6E63FF20736CF9285FB0F36A76DE ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys

09:12:57.0697 0x1d14 intaud_WaveExtensible - ok

09:12:57.0707 0x1d14 [ 0E0B99617ED3FDB6C5F0E2D62709B5DF, A656CA3A60E62BE16A015150B23136CE150F9876B4035E9E8D8E73D1707B37A4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys

09:12:57.0723 0x1d14 IntcDAud - ok

09:12:57.0728 0x1d14 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys

09:12:57.0735 0x1d14 intelide - ok

09:12:57.0739 0x1d14 [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys

09:12:57.0745 0x1d14 intelpep - ok

09:12:57.0750 0x1d14 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys

09:12:57.0759 0x1d14 intelppm - ok

09:12:57.0764 0x1d14 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:12:57.0775 0x1d14 IpFilterDriver - ok

09:12:57.0800 0x1d14 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll

09:12:57.0833 0x1d14 iphlpsvc - ok

09:12:57.0840 0x1d14 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys

09:12:57.0850 0x1d14 IPMIDRV - ok

09:12:57.0855 0x1d14 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys

09:12:57.0865 0x1d14 IPNAT - ok

09:12:57.0869 0x1d14 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys

09:12:57.0877 0x1d14 IRENUM - ok

09:12:57.0880 0x1d14 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys

09:12:57.0887 0x1d14 isapnp - ok

09:12:57.0898 0x1d14 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys

09:12:57.0912 0x1d14 iScsiPrt - ok

09:12:57.0917 0x1d14 [ F1D3A377ED9BA1CA449824C41CAF104C, EA0E90D5D827664CFDB644753C6DC134C3F8F852F24175EC8328A9FA925B25BF ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys

09:12:57.0923 0x1d14 iwdbus - ok

09:12:57.0928 0x1d14 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys

09:12:57.0935 0x1d14 kbdclass - ok

09:12:57.0938 0x1d14 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys

09:12:57.0945 0x1d14 kbdhid - ok

09:12:57.0949 0x1d14 [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr C:\WINDOWS\system32\drivers\kbldfltr.sys

09:12:57.0956 0x1d14 kbldfltr - ok

09:12:57.0959 0x1d14 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys

09:12:57.0967 0x1d14 kdnic - ok

09:12:57.0971 0x1d14 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\WINDOWS\system32\lsass.exe

09:12:57.0978 0x1d14 KeyIso - ok

09:12:57.0983 0x1d14 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys

09:12:57.0991 0x1d14 KSecDD - ok

09:12:57.0998 0x1d14 [ 35C19AF2116F67914712D7C4CBE47B8C, 5F976726880A6E51D7ABFA7E3EF7294C6FB7F383DC5710A2C2EC8DD26DAEC204 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys

09:12:58.0007 0x1d14 KSecPkg - ok

09:12:58.0012 0x1d14 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys

09:12:58.0020 0x1d14 ksthunk - ok

09:12:58.0031 0x1d14 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll

09:12:58.0047 0x1d14 KtmRm - ok

09:12:58.0051 0x1d14 [ 69086DBE63584355BBBDCC0172C72775, B498E5B1780076AD9B5B9585EF9B262422D3C4010E7B4682A3AFFCBE6A03BAF1 ] LANConfig C:\Program Files\Windows Server\Bin\LANConfigSvc.exe

09:12:58.0057 0x1d14 LANConfig - ok

09:12:58.0069 0x1d14 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\WINDOWS\system32\srvsvc.dll

09:12:58.0084 0x1d14 LanmanServer - ok

09:12:58.0095 0x1d14 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll

09:12:58.0109 0x1d14 LanmanWorkstation - ok

09:12:58.0126 0x1d14 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll

09:12:58.0146 0x1d14 lfsvc - ok

09:12:58.0150 0x1d14 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys

09:12:58.0159 0x1d14 lltdio - ok

09:12:58.0168 0x1d14 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll

09:12:58.0182 0x1d14 lltdsvc - ok

09:12:58.0185 0x1d14 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll

09:12:58.0193 0x1d14 lmhosts - ok

09:12:58.0199 0x1d14 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys

09:12:58.0207 0x1d14 LSI_SAS - ok

09:12:58.0213 0x1d14 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys

09:12:58.0222 0x1d14 LSI_SAS2 - ok

09:12:58.0227 0x1d14 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys

09:12:58.0235 0x1d14 LSI_SAS3 - ok

09:12:58.0239 0x1d14 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys

09:12:58.0247 0x1d14 LSI_SSS - ok

09:12:58.0268 0x1d14 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\WINDOWS\System32\lsm.dll

09:12:58.0297 0x1d14 LSM - ok

09:12:58.0305 0x1d14 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys

09:12:58.0315 0x1d14 luafv - ok

09:12:58.0318 0x1d14 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

09:12:58.0324 0x1d14 MBAMProtector - ok

09:12:58.0350 0x1d14 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

09:12:58.0376 0x1d14 MBAMService - ok

09:12:58.0385 0x1d14 [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys

09:12:58.0391 0x1d14 MBAMWebAccessControl - ok

09:12:58.0395 0x1d14 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys

09:12:58.0404 0x1d14 megasas - ok

09:12:58.0418 0x1d14 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys

09:12:58.0440 0x1d14 megasr - ok

09:12:58.0446 0x1d14 [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys

09:12:58.0453 0x1d14 MEIx64 - ok

09:12:58.0457 0x1d14 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\WINDOWS\system32\mmcss.dll

09:12:58.0467 0x1d14 MMCSS - ok

09:12:58.0471 0x1d14 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys

09:12:58.0480 0x1d14 Modem - ok

09:12:58.0485 0x1d14 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys

09:12:58.0492 0x1d14 monitor - ok

09:12:58.0496 0x1d14 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys

09:12:58.0504 0x1d14 mouclass - ok

09:12:58.0507 0x1d14 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys

09:12:58.0515 0x1d14 mouhid - ok

09:12:58.0521 0x1d14 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys

09:12:58.0528 0x1d14 mountmgr - ok

09:12:58.0534 0x1d14 [ 22A7042C70F90F8261840740DDBB5176, AD0075C97D2D7C568D5CFB1C3A02DCE3BC01941844A759B29CD4DE4AF2F5FC45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

09:12:58.0543 0x1d14 MozillaMaintenance - ok

09:12:58.0549 0x1d14 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys

09:12:58.0557 0x1d14 mpsdrv - ok

09:12:58.0580 0x1d14 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\WINDOWS\system32\mpssvc.dll

09:12:58.0611 0x1d14 MpsSvc - ok

09:12:58.0620 0x1d14 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys

09:12:58.0630 0x1d14 MRxDAV - ok

09:12:58.0642 0x1d14 [ 89DE71940A0E7F5BA617AE08321EF5C3, BD056C9E18E902D6F118E59A6AC68415BFA0690A02D2B360F6C111CE3B5EAC67 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:12:58.0659 0x1d14 mrxsmb - ok

09:12:58.0672 0x1d14 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys

09:12:58.0687 0x1d14 mrxsmb10 - ok

09:12:58.0697 0x1d14 [ EE16457030175F449BAB0ABD279F4B6A, DF627054136079553A24AD12DC7374F1ACEEAD782EFFDC278996AD7BCCE98877 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys

09:12:58.0707 0x1d14 mrxsmb20 - ok

09:12:58.0714 0x1d14 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys

09:12:58.0723 0x1d14 MsBridge - ok

09:12:58.0730 0x1d14 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\WINDOWS\System32\msdtc.exe

09:12:58.0742 0x1d14 MSDTC - ok

09:12:58.0746 0x1d14 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

09:12:58.0755 0x1d14 Msfs - ok

09:12:58.0758 0x1d14 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys

09:12:58.0766 0x1d14 msgpiowin32 - ok

09:12:58.0769 0x1d14 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys

09:12:58.0777 0x1d14 mshidkmdf - ok

09:12:58.0779 0x1d14 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys

09:12:58.0787 0x1d14 mshidumdf - ok

09:12:58.0790 0x1d14 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys

09:12:58.0796 0x1d14 msisadrv - ok

09:12:58.0803 0x1d14 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll

09:12:58.0814 0x1d14 MSiSCSI - ok

09:12:58.0816 0x1d14 msiserver - ok

09:12:58.0822 0x1d14 [ 4C1A0E9B4C6CC09E8C68FD33998013AA, 190ADFCCAE844DB9F807BD9668EB90BE0C9887719DF2820E66D121655AF27614 ] MsKeyboardFilter C:\WINDOWS\System32\KeyboardFilterSvc.dll

09:12:58.0830 0x1d14 MsKeyboardFilter - ok

09:12:58.0833 0x1d14 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:12:58.0840 0x1d14 MSKSSRV - ok

09:12:58.0845 0x1d14 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys

09:12:58.0854 0x1d14 MsLldp - ok

09:12:58.0857 0x1d14 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:12:58.0864 0x1d14 MSPCLOCK - ok

09:12:58.0867 0x1d14 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

09:12:58.0875 0x1d14 MSPQM - ok

09:12:58.0885 0x1d14 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys

09:12:58.0899 0x1d14 MsRPC - ok

09:12:58.0904 0x1d14 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys

09:12:58.0911 0x1d14 mssmbios - ok

09:12:58.0915 0x1d14 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

09:12:58.0922 0x1d14 MSTEE - ok

09:12:58.0925 0x1d14 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys

09:12:58.0933 0x1d14 MTConfig - ok

09:12:58.0940 0x1d14 [ 2E958EFAA41BF41A70411F30C61A20E4, 73E1760FE139EE83F640BF0539E1AACB449A47473A61F20E6D05F2AEC679A8E5 ] Mup C:\WINDOWS\system32\Drivers\mup.sys

09:12:58.0948 0x1d14 Mup - ok

09:12:58.0953 0x1d14 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys

09:12:58.0960 0x1d14 mvumis - ok

09:12:58.0970 0x1d14 [ F5060B229D5997980C5CB28E6EDFF314, 5FB56E9E83D0966E6438748529921F9B6EDBA3A580C498403B9FD4D8857D7FD6 ] N360 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\N360.exe

09:12:58.0978 0x1d14 N360 - ok

09:12:58.0992 0x1d14 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\WINDOWS\system32\qagentRT.dll

09:12:59.0013 0x1d14 napagent - ok

09:12:59.0029 0x1d14 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys

09:12:59.0047 0x1d14 NativeWifiP - ok

09:12:59.0053 0x1d14 [ FE7B38240E86075E6BC5953496B5C2F1, 13CBDCFD5E63A49D6E66D9EBA701037F014EEED9BBFE8588CE2968A35FF2E16E ] NAVENG C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20151228.003\ENG64.SYS

09:12:59.0061 0x1d14 NAVENG - ok

09:12:59.0109 0x1d14 [ C002FA84570CA35F704ACF0AC4A5EAB0, E4246631E5D7AFD31CE642157A9102CB0DDE5B5051D08C3A5EA736CB3C99C6D9 ] NAVEX15 C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20151228.003\EX64.SYS

09:12:59.0157 0x1d14 NAVEX15 - ok

09:12:59.0170 0x1d14 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll

09:12:59.0182 0x1d14 NcaSvc - ok

09:12:59.0188 0x1d14 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\WINDOWS\System32\ncbservice.dll

09:12:59.0199 0x1d14 NcbService - ok

09:12:59.0204 0x1d14 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll

09:12:59.0214 0x1d14 NcdAutoSetup - ok

09:12:59.0242 0x1d14 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys

09:12:59.0277 0x1d14 NDIS - ok

09:12:59.0283 0x1d14 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys

09:12:59.0291 0x1d14 NdisCap - ok

09:12:59.0296 0x1d14 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys

09:12:59.0307 0x1d14 NdisImPlatform - ok

09:12:59.0310 0x1d14 [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:12:59.0318 0x1d14 NdisTapi - ok

09:12:59.0322 0x1d14 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:12:59.0331 0x1d14 Ndisuio - ok

09:12:59.0334 0x1d14 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys

09:12:59.0343 0x1d14 NdisVirtualBus - ok

09:12:59.0349 0x1d14 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:12:59.0362 0x1d14 NdisWan - ok

09:12:59.0367 0x1d14 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:12:59.0378 0x1d14 NdisWanLegacy - ok

09:12:59.0384 0x1d14 [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

09:12:59.0392 0x1d14 NDProxy - ok

09:12:59.0421 0x1d14 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys

09:12:59.0485 0x1d14 Ndu - ok

09:12:59.0503 0x1d14 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

09:12:59.0535 0x1d14 NetBIOS - ok

09:12:59.0573 0x1d14 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

09:12:59.0623 0x1d14 NetBT - ok

09:12:59.0630 0x1d14 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\WINDOWS\system32\lsass.exe

09:12:59.0638 0x1d14 Netlogon - ok

09:12:59.0674 0x1d14 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\WINDOWS\System32\netman.dll

09:12:59.0687 0x1d14 Netman - ok

09:12:59.0702 0x1d14 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\WINDOWS\System32\netprofmsvc.dll

09:12:59.0725 0x1d14 netprofm - ok

09:12:59.0732 0x1d14 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:12:59.0740 0x1d14 NetTcpPortSharing - ok

09:12:59.0747 0x1d14 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\WINDOWS\System32\drivers\netvsc63.sys

09:12:59.0757 0x1d14 netvsc - ok

09:12:59.0770 0x1d14 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\WINDOWS\System32\nlasvc.dll

09:12:59.0787 0x1d14 NlaSvc - ok

09:12:59.0792 0x1d14 [ 21A234D233DE0441E6FDAAA10F7877CD, 3C7F520CC45899679289EAC35F3FB6FDC8992D19B9A2229870CD56F786FDD6F0 ] NotificationsProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

09:12:59.0797 0x1d14 NotificationsProviderSvc - ok

09:12:59.0801 0x1d14 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

09:12:59.0811 0x1d14 Npfs - ok

09:12:59.0814 0x1d14 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys

09:12:59.0822 0x1d14 npsvctrig - ok

09:12:59.0826 0x1d14 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\WINDOWS\system32\nsisvc.dll

09:12:59.0836 0x1d14 nsi - ok

09:12:59.0840 0x1d14 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys

09:12:59.0847 0x1d14 nsiproxy - ok

09:12:59.0894 0x1d14 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

09:12:59.0950 0x1d14 Ntfs - ok

09:12:59.0958 0x1d14 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys

09:12:59.0966 0x1d14 Null - ok

09:12:59.0971 0x1d14 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys

09:12:59.0981 0x1d14 nvraid - ok

09:12:59.0988 0x1d14 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys

09:12:59.0997 0x1d14 nvstor - ok

09:13:00.0003 0x1d14 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys

09:13:00.0012 0x1d14 nv_agp - ok

09:13:00.0019 0x1d14 [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:13:00.0028 0x1d14 ose64 - ok

09:13:00.0039 0x1d14 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll

09:13:00.0056 0x1d14 p2pimsvc - ok

09:13:00.0068 0x1d14 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\WINDOWS\system32\p2psvc.dll

09:13:00.0087 0x1d14 p2psvc - ok

09:13:00.0095 0x1d14 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys

09:13:00.0104 0x1d14 Parport - ok

09:13:00.0109 0x1d14 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys

09:13:00.0118 0x1d14 partmgr - ok

09:13:00.0131 0x1d14 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll

09:13:00.0149 0x1d14 PcaSvc - ok

09:13:00.0161 0x1d14 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys

09:13:00.0174 0x1d14 pci - ok

09:13:00.0179 0x1d14 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys

09:13:00.0186 0x1d14 pciide - ok

09:13:00.0192 0x1d14 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys

09:13:00.0202 0x1d14 pcmcia - ok

09:13:00.0206 0x1d14 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys

09:13:00.0214 0x1d14 pcw - ok

09:13:00.0219 0x1d14 [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc C:\WINDOWS\system32\drivers\pdc.sys

09:13:00.0227 0x1d14 pdc - ok

09:13:00.0244 0x1d14 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys

09:13:00.0267 0x1d14 PEAUTH - ok

09:13:00.0316 0x1d14 [ A35EC8F902475350DA31BDF0E1402A91, 5AB43B4BD70B44A62FFD21A9D3CB8D1BC035B6E001DBB1BAC30D6D7A07475D83 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll

09:13:00.0373 0x1d14 PeerDistSvc - ok

09:13:00.0396 0x1d14 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe

09:13:00.0405 0x1d14 PerfHost - ok

09:13:00.0440 0x1d14 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\WINDOWS\system32\pla.dll

09:13:00.0482 0x1d14 pla - ok

09:13:00.0490 0x1d14 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll

09:13:00.0499 0x1d14 PlugPlay - ok

09:13:00.0503 0x1d14 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll

09:13:00.0511 0x1d14 PNRPAutoReg - ok

09:13:00.0521 0x1d14 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll

09:13:00.0533 0x1d14 PNRPsvc - ok

09:13:00.0546 0x1d14 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll

09:13:00.0561 0x1d14 PolicyAgent - ok

09:13:00.0567 0x1d14 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\WINDOWS\system32\umpo.dll

09:13:00.0577 0x1d14 Power - ok

09:13:00.0642 0x1d14 [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll

09:13:00.0713 0x1d14 PrintNotify - ok

09:13:00.0723 0x1d14 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys

09:13:00.0733 0x1d14 Processor - ok

09:13:00.0740 0x1d14 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc C:\WINDOWS\system32\profsvc.dll

09:13:00.0755 0x1d14 ProfSvc - ok

09:13:00.0757 0x1d14 [ 21A234D233DE0441E6FDAAA10F7877CD, 3C7F520CC45899679289EAC35F3FB6FDC8992D19B9A2229870CD56F786FDD6F0 ] providers_system C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

09:13:00.0762 0x1d14 providers_system - ok

09:13:00.0769 0x1d14 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys

09:13:00.0778 0x1d14 Psched - ok

09:13:00.0786 0x1d14 [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

09:13:00.0794 0x1d14 PSI_SVC_2 - ok

09:13:00.0803 0x1d14 [ 788CB65D49D1162C5EE6814AFE5B0A70, 74072698692C8237F5041BB111C4E24B6583456FDA084895EA00B677B6FF64FC ] PSI_SVC_2_x64 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

09:13:00.0813 0x1d14 PSI_SVC_2_x64 - ok

09:13:00.0824 0x1d14 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\WINDOWS\system32\qwave.dll

09:13:00.0840 0x1d14 QWAVE - ok

09:13:00.0844 0x1d14 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys

09:13:00.0852 0x1d14 QWAVEdrv - ok

09:13:00.0856 0x1d14 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:13:00.0863 0x1d14 RasAcd - ok

09:13:00.0868 0x1d14 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\WINDOWS\System32\rasauto.dll

09:13:00.0878 0x1d14 RasAuto - ok

09:13:00.0895 0x1d14 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\WINDOWS\System32\rasmans.dll

09:13:00.0919 0x1d14 RasMan - ok

09:13:00.0925 0x1d14 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:13:00.0936 0x1d14 RasPppoe - ok

09:13:00.0949 0x1d14 [ C851CAA8DC77C8562744439F026A4EF3, 65E0A88767616458061B9C34C28B5299CF2F099DA222065D8A58733715D892EE ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:13:00.0966 0x1d14 rdbss - ok

09:13:00.0972 0x1d14 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys

09:13:00.0980 0x1d14 rdpbus - ok

09:13:00.0986 0x1d14 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys

09:13:00.0996 0x1d14 RDPDR - ok

09:13:01.0002 0x1d14 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys

09:13:01.0009 0x1d14 RdpVideoMiniport - ok

09:13:01.0015 0x1d14 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys

09:13:01.0027 0x1d14 rdyboost - ok

09:13:01.0054 0x1d14 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys

09:13:01.0089 0x1d14 ReFS - ok

09:13:01.0089 0x22c8 Object send P2P result: true

09:13:01.0100 0x1d14 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

09:13:01.0114 0x1d14 RemoteAccess - ok

09:13:01.0121 0x1d14 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

09:13:01.0133 0x1d14 RemoteRegistry - ok

09:13:01.0139 0x1d14 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll

09:13:01.0148 0x1d14 RpcEptMapper - ok

09:13:01.0152 0x1d14 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\WINDOWS\system32\locator.exe

09:13:01.0160 0x1d14 RpcLocator - ok

09:13:01.0182 0x1d14 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\WINDOWS\system32\rpcss.dll

09:13:01.0202 0x1d14 RpcSs - ok

09:13:01.0206 0x1d14 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys

09:13:01.0216 0x1d14 rspndr - ok

09:13:01.0219 0x1d14 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys

09:13:01.0226 0x1d14 s3cap - ok

09:13:01.0230 0x1d14 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\WINDOWS\system32\lsass.exe

09:13:01.0237 0x1d14 SamSs - ok

09:13:01.0241 0x1d14 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

09:13:01.0246 0x1d14 SASDIFSV - ok

09:13:01.0248 0x1d14 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

09:13:01.0252 0x1d14 SASKUTIL - ok

09:13:01.0257 0x1d14 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys

09:13:01.0266 0x1d14 sbp2port - ok

09:13:01.0274 0x1d14 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll

09:13:01.0287 0x1d14 SCardSvr - ok

09:13:01.0292 0x1d14 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll

09:13:01.0304 0x1d14 ScDeviceEnum - ok

09:13:01.0307 0x1d14 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys

09:13:01.0316 0x1d14 scfilter - ok

09:13:01.0347 0x1d14 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule C:\WINDOWS\system32\schedsvc.dll

09:13:01.0388 0x1d14 Schedule - ok

09:13:01.0397 0x1d14 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll

09:13:01.0406 0x1d14 SCPolicySvc - ok

09:13:01.0414 0x1d14 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys

09:13:01.0426 0x1d14 sdbus - ok

09:13:01.0431 0x1d14 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys

09:13:01.0440 0x1d14 sdstor - ok

09:13:01.0443 0x1d14 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys

09:13:01.0451 0x1d14 secdrv - ok

09:13:01.0455 0x1d14 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\WINDOWS\system32\seclogon.dll

09:13:01.0463 0x1d14 seclogon - ok

09:13:01.0468 0x1d14 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\WINDOWS\System32\sens.dll

09:13:01.0478 0x1d14 SENS - ok

09:13:01.0486 0x1d14 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll

09:13:01.0498 0x1d14 SensrSvc - ok

09:13:01.0502 0x1d14 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys

09:13:01.0509 0x1d14 SerCx - ok

09:13:01.0515 0x1d14 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys

09:13:01.0525 0x1d14 SerCx2 - ok

09:13:01.0529 0x1d14 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys

09:13:01.0537 0x1d14 Serenum - ok

09:13:01.0542 0x1d14 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys

09:13:01.0551 0x1d14 Serial - ok

09:13:01.0555 0x1d14 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys

09:13:01.0563 0x1d14 sermouse - ok

09:13:01.0567 0x1d14 [ 39025591D096B15F9B9006B210AA161E, C044934935DFF435181C462AC88B15EA4D38F8CA2A2291FF20958D3F8016A0DE ] ServiceProviderRegistry C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe

09:13:01.0573 0x1d14 ServiceProviderRegistry - ok

09:13:01.0585 0x1d14 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\WINDOWS\system32\sessenv.dll

09:13:01.0601 0x1d14 SessionEnv - ok

09:13:01.0607 0x1d14 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys

09:13:01.0614 0x1d14 sfloppy - ok

09:13:01.0629 0x1d14 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

09:13:01.0648 0x1d14 SharedAccess - ok

09:13:01.0665 0x1d14 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

09:13:01.0690 0x1d14 ShellHWDetection - ok

09:13:01.0695 0x1d14 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys

09:13:01.0703 0x1d14 SiSRaid2 - ok

09:13:01.0707 0x1d14 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys

09:13:01.0715 0x1d14 SiSRaid4 - ok

09:13:01.0723 0x1d14 [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

09:13:01.0735 0x1d14 SkypeUpdate - ok

09:13:01.0740 0x1d14 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\WINDOWS\System32\smphost.dll

09:13:01.0747 0x1d14 smphost - ok

09:13:01.0752 0x1d14 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe

09:13:01.0761 0x1d14 SNMPTRAP - ok

09:13:01.0772 0x1d14 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys

09:13:01.0788 0x1d14 spaceport - ok

09:13:01.0792 0x1d14 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys

09:13:01.0801 0x1d14 SpbCx - ok

09:13:01.0823 0x1d14 [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler C:\WINDOWS\System32\spoolsv.exe

09:13:01.0846 0x1d14 Spooler - ok

09:13:01.0964 0x1d14 [ 46549AF7CB672BC8138264CC4100E9F8, 6434249FADB07A033FD40C37DF2B775CF0617CF0C3E7C170F2984BD3CE423794 ] sppsvc C:\WINDOWS\system32\sppsvc.exe

09:13:02.0126 0x1d14 sppsvc - ok

09:13:02.0139 0x1d14 [ 21A234D233DE0441E6FDAAA10F7877CD, 3C7F520CC45899679289EAC35F3FB6FDC8992D19B9A2229870CD56F786FDD6F0 ] SqmProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

09:13:02.0144 0x1d14 SqmProviderSvc - ok

09:13:02.0163 0x1d14 [ AB3558A087FA03861162F8DE9B681AE8, ACEBE679C31BD9238D1836C38F2433C47FF1C7E8B4F8248404F5D14DE5014A37 ] SRTSP C:\WINDOWS\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS

09:13:02.0184 0x1d14 SRTSP - ok

09:13:02.0189 0x1d14 [ BA2ABBEA69BD1866C973DE11CB0CE9F8, 7A04BC2F4DA9A69A996911CC429064D24CF51F4046A2EE688D4326B44C9EDAFB ] SRTSPX C:\WINDOWS\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS

09:13:02.0194 0x1d14 SRTSPX - ok

09:13:02.0205 0x1d14 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys

09:13:02.0221 0x1d14 srv - ok

09:13:02.0240 0x1d14 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys

09:13:02.0265 0x1d14 srv2 - ok

09:13:02.0276 0x1d14 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys

09:13:02.0288 0x1d14 srvnet - ok

09:13:02.0296 0x1d14 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

09:13:02.0311 0x1d14 SSDPSRV - ok

09:13:02.0318 0x1d14 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll

09:13:02.0329 0x1d14 SstpSvc - ok

09:13:02.0334 0x1d14 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys

09:13:02.0341 0x1d14 stexstor - ok

09:13:02.0358 0x1d14 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\WINDOWS\System32\wiaservc.dll

09:13:02.0383 0x1d14 stisvc - ok

09:13:02.0389 0x1d14 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys

09:13:02.0397 0x1d14 storahci - ok

09:13:02.0401 0x1d14 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys

09:13:02.0408 0x1d14 storflt - ok

09:13:02.0412 0x1d14 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys

09:13:02.0420 0x1d14 stornvme - ok

09:13:02.0424 0x1d14 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\WINDOWS\system32\storsvc.dll

09:13:02.0433 0x1d14 StorSvc - ok

09:13:02.0436 0x1d14 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys

09:13:02.0444 0x1d14 storvsc - ok

09:13:02.0448 0x1d14 [ 7D123389FCD97D84881BA9C07012BA0C, 044442D8FCFE7935A025602F817C726576BA1C515CB594C4320A8AC6D8DA8F41 ] storvsp C:\WINDOWS\System32\drivers\storvsp.sys

09:13:02.0458 0x1d14 storvsp - ok

09:13:02.0461 0x1d14 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\WINDOWS\system32\svsvc.dll

09:13:02.0469 0x1d14 svsvc - ok

09:13:02.0473 0x1d14 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\WINDOWS\System32\drivers\swenum.sys

09:13:02.0479 0x1d14 swenum - ok

09:13:02.0495 0x1d14 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\WINDOWS\System32\swprv.dll

09:13:02.0519 0x1d14 swprv - ok

09:13:02.0552 0x1d14 [ 6F227CF9E64364578E2DABD1EF6E51A4, D5223B441A319D4C57FDBEA9BFBB8E5C95CA6F7B6AE6F4029BCE84A5CCE51B33 ] SymEFASI C:\WINDOWS\system32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS

09:13:02.0589 0x1d14 SymEFASI - ok

09:13:02.0594 0x1d14 [ 1DE0CBF15AC67AE0E5B456ADEFB89493, C764815313BB4332279730AA02531A448A1D32F5B6D5689FF04549406A5B5212 ] SymELAM C:\WINDOWS\system32\drivers\N360x64\1605050.00F\SymELAM.sys

09:13:02.0602 0x1d14 SymELAM - ok

09:13:02.0607 0x1d14 [ 6DF8F618B93C821630C9BAA8DA3FAAAF, 553972D63F3347291EC8370AB910F741EF1DA61BC74FBA4192EF6E1DF567FB99 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

09:13:02.0613 0x1d14 SymEvent - ok

09:13:02.0617 0x1d14 [ BFD99DC6C7FEB2F8B20D488FDF3A9A55, CF20D3D17D69641E5D8394CE029762DB8F428899650834D244C2E0EEEAE6C0A1 ] SymIM C:\WINDOWS\system32\DRIVERS\SymIMv.sys

09:13:02.0622 0x1d14 SymIM - ok

09:13:02.0630 0x1d14 [ 0891E59A27208B9B727BAB863B853E80, 7BBDD53CB7AB003DF803D6D596A2B5216425DCC7FA8D3F311AE5BD4EC19FBB0A ] SymIRON C:\WINDOWS\system32\drivers\N360x64\1605050.00F\Ironx64.SYS

09:13:02.0640 0x1d14 SymIRON - ok

09:13:02.0654 0x1d14 [ 751C968945EFD42469FE52D6CE384196, 3386681036909F60A249951009822190EFB1C390D2F46E7EFE44893F28D0F31C ] SymNetS C:\WINDOWS\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS

09:13:02.0671 0x1d14 SymNetS - ok

09:13:02.0700 0x1d14 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain C:\WINDOWS\system32\sysmain.dll

09:13:02.0738 0x1d14 SysMain - ok

09:13:02.0750 0x1d14 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll

09:13:02.0764 0x1d14 SystemEventsBroker - ok

09:13:02.0770 0x1d14 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll

09:13:02.0783 0x1d14 TabletInputService - ok

09:13:02.0795 0x1d14 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

09:13:02.0811 0x1d14 TapiSrv - ok

09:13:02.0867 0x1d14 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys

09:13:02.0936 0x1d14 Tcpip - ok

09:13:02.0993 0x1d14 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:13:03.0044 0x1d14 TCPIP6 - ok

09:13:03.0054 0x1d14 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys

09:13:03.0062 0x1d14 tcpipreg - ok

09:13:03.0068 0x1d14 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys

09:13:03.0077 0x1d14 tdx - ok

09:13:03.0081 0x1d14 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys

09:13:03.0089 0x1d14 terminpt - ok

09:13:03.0117 0x1d14 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\WINDOWS\System32\termsrv.dll

09:13:03.0144 0x1d14 TermService - ok

09:13:03.0150 0x1d14 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\WINDOWS\system32\themeservice.dll

09:13:03.0160 0x1d14 Themes - ok

09:13:03.0165 0x1d14 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\WINDOWS\system32\mmcss.dll

09:13:03.0173 0x1d14 THREADORDER - ok

09:13:03.0181 0x1d14 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll

09:13:03.0196 0x1d14 TimeBroker - ok

09:13:03.0202 0x1d14 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM C:\WINDOWS\system32\drivers\tpm.sys

09:13:03.0212 0x1d14 TPM - ok

09:13:03.0218 0x1d14 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\WINDOWS\System32\trkwks.dll

09:13:03.0229 0x1d14 TrkWks - ok

09:13:03.0234 0x1d14 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe

09:13:03.0245 0x1d14 TrustedInstaller - ok

09:13:03.0249 0x1d14 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys

09:13:03.0258 0x1d14 TsUsbFlt - ok

09:13:03.0262 0x1d14 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys

09:13:03.0270 0x1d14 TsUsbGD - ok

09:13:03.0277 0x1d14 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys

09:13:03.0288 0x1d14 tunnel - ok

09:13:03.0293 0x1d14 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys

09:13:03.0300 0x1d14 uagp35 - ok

09:13:03.0306 0x1d14 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys

09:13:03.0314 0x1d14 UASPStor - ok

09:13:03.0320 0x1d14 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys

09:13:03.0330 0x1d14 UCX01000 - ok

09:13:03.0340 0x1d14 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys

09:13:03.0356 0x1d14 udfs - ok

09:13:03.0360 0x1d14 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys

09:13:03.0367 0x1d14 UEFI - ok

09:13:03.0373 0x1d14 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe

09:13:03.0382 0x1d14 UI0Detect - ok

09:13:03.0386 0x1d14 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys

09:13:03.0394 0x1d14 uliagpkx - ok

09:13:03.0398 0x1d14 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys

09:13:03.0407 0x1d14 umbus - ok

09:13:03.0410 0x1d14 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys

09:13:03.0418 0x1d14 UmPass - ok

09:13:03.0429 0x1d14 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\WINDOWS\System32\umrdp.dll

09:13:03.0446 0x1d14 UmRdpService - ok

09:13:03.0460 0x1d14 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\WINDOWS\System32\upnphost.dll

09:13:03.0480 0x1d14 upnphost - ok

09:13:03.0488 0x1d14 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys

09:13:03.0497 0x1d14 usbccgp - ok

09:13:03.0502 0x1d14 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys

09:13:03.0511 0x1d14 usbcir - ok

09:13:03.0517 0x1d14 [ BBFD17B6B954FC9FA02E62D604052069, 47D2B7228EABA7F37F69A1756B69FFFB19F0C2CC2869C5BF674E4FD9257488A2 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys

09:13:03.0525 0x1d14 usbehci - ok

09:13:03.0539 0x1d14 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB66672929F0DBC50 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys

09:13:03.0557 0x1d14 usbhub - ok

09:13:03.0574 0x1d14 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936454C0000D1E9D4 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys

09:13:03.0592 0x1d14 USBHUB3 - ok

09:13:03.0597 0x1d14 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F0887EA7357ADBEFE ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys

09:13:03.0604 0x1d14 usbohci - ok

09:13:03.0608 0x1d14 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys

09:13:03.0616 0x1d14 usbprint - ok

09:13:03.0622 0x1d14 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS

09:13:03.0632 0x1d14 USBSTOR - ok

09:13:03.0635 0x1d14 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96E9611D5BC42D2C ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys

09:13:03.0643 0x1d14 usbuhci - ok

09:13:03.0653 0x1d14 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS

09:13:03.0664 0x1d14 USBXHCI - ok

09:13:03.0669 0x1d14 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\WINDOWS\system32\lsass.exe

09:13:03.0676 0x1d14 VaultSvc - ok

09:13:03.0679 0x1d14 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys

09:13:03.0688 0x1d14 vdrvroot - ok

09:13:03.0713 0x1d14 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\WINDOWS\System32\vds.exe

09:13:03.0746 0x1d14 vds - ok

09:13:03.0754 0x1d14 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys

09:13:03.0763 0x1d14 VerifierExt - ok

09:13:03.0779 0x1d14 [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys

09:13:03.0802 0x1d14 vhdmp - ok

09:13:03.0806 0x1d14 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys

09:13:03.0813 0x1d14 viaide - ok

09:13:03.0820 0x1d14 [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid C:\WINDOWS\System32\drivers\Vid.sys

09:13:03.0831 0x1d14 Vid - ok

09:13:03.0838 0x1d14 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys

09:13:03.0847 0x1d14 vmbus - ok

09:13:03.0850 0x1d14 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys

09:13:03.0858 0x1d14 VMBusHID - ok

09:13:03.0864 0x1d14 [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr C:\WINDOWS\System32\drivers\vmbusr.sys

09:13:03.0874 0x1d14 vmbusr - ok

09:13:03.0887 0x1d14 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll

09:13:03.0907 0x1d14 vmicguestinterface - ok

09:13:03.0920 0x1d14 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll

09:13:03.0936 0x1d14 vmicheartbeat - ok

09:13:03.0948 0x1d14 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll

09:13:03.0964 0x1d14 vmickvpexchange - ok

09:13:03.0976 0x1d14 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll

09:13:03.0992 0x1d14 vmicrdv - ok

09:13:04.0005 0x1d14 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll

09:13:04.0021 0x1d14 vmicshutdown - ok

09:13:04.0034 0x1d14 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll

09:13:04.0049 0x1d14 vmictimesync - ok

09:13:04.0061 0x1d14 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\WINDOWS\System32\ICSvc.dll

09:13:04.0077 0x1d14 vmicvss - ok

09:13:04.0083 0x1d14 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys

09:13:04.0091 0x1d14 volmgr - ok

09:13:04.0100 0x1d14 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys

09:13:04.0115 0x1d14 volmgrx - ok

09:13:04.0127 0x1d14 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys

09:13:04.0140 0x1d14 volsnap - ok

09:13:04.0145 0x1d14 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys

09:13:04.0154 0x1d14 vpci - ok

09:13:04.0159 0x1d14 [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp C:\WINDOWS\System32\drivers\vpcivsp.sys

09:13:04.0167 0x1d14 vpcivsp - ok

09:13:04.0174 0x1d14 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys

09:13:04.0183 0x1d14 vsmraid - ok

09:13:04.0222 0x1d14 [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS C:\WINDOWS\system32\vssvc.exe

09:13:04.0269 0x1d14 VSS - ok

09:13:04.0281 0x1d14 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys

09:13:04.0295 0x1d14 VSTXRAID - ok

09:13:04.0298 0x1d14 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys

09:13:04.0306 0x1d14 vwifibus - ok

09:13:04.0320 0x1d14 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\WINDOWS\system32\w32time.dll

09:13:04.0339 0x1d14 W32Time - ok

09:13:04.0343 0x1d14 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys

09:13:04.0352 0x1d14 WacomPen - ok

09:13:04.0393 0x1d14 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\WINDOWS\system32\wbengine.exe

09:13:04.0752 0x1d14 wbengine - ok

09:13:04.0768 0x1d14 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll

09:13:04.0786 0x1d14 WbioSrvc - ok

09:13:04.0798 0x1d14 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll

09:13:04.0815 0x1d14 Wcmsvc - ok

09:13:04.0829 0x1d14 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll

09:13:04.0850 0x1d14 wcncsvc - ok

09:13:04.0856 0x1d14 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll

09:13:04.0865 0x1d14 WcsPlugInService - ok

09:13:04.0870 0x1d14 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys

09:13:04.0878 0x1d14 WdBoot - ok

09:13:04.0896 0x1d14 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys

09:13:04.0920 0x1d14 Wdf01000 - ok

09:13:04.0930 0x1d14 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys

09:13:04.0943 0x1d14 WdFilter - ok

09:13:04.0948 0x1d14 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll

09:13:04.0958 0x1d14 WdiServiceHost - ok

09:13:04.0963 0x1d14 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll

09:13:04.0972 0x1d14 WdiSystemHost - ok

09:13:04.0977 0x1d14 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys

09:13:04.0986 0x1d14 WdNisDrv - ok

09:13:04.0988 0x1d14 WdNisSvc - ok

09:13:04.0995 0x1d14 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient C:\WINDOWS\System32\webclnt.dll

09:13:05.0010 0x1d14 WebClient - ok

09:13:05.0018 0x1d14 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll

09:13:05.0031 0x1d14 Wecsvc - ok

09:13:05.0036 0x1d14 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll

09:13:05.0044 0x1d14 WEPHOSTSVC - ok

09:13:05.0050 0x1d14 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll

09:13:05.0061 0x1d14 wercplsupport - ok

09:13:05.0067 0x1d14 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\WINDOWS\System32\WerSvc.dll

09:13:05.0079 0x1d14 WerSvc - ok

09:13:05.0086 0x1d14 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys

09:13:05.0095 0x1d14 WFPLWFS - ok

09:13:05.0099 0x1d14 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\WINDOWS\System32\wiarpc.dll

09:13:05.0109 0x1d14 WiaRpc - ok

09:13:05.0113 0x1d14 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys

09:13:05.0121 0x1d14 WIMMount - ok

09:13:05.0122 0x1d14 WinDefend - ok

09:13:05.0144 0x1d14 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll

09:13:05.0165 0x1d14 WinHttpAutoProxySvc - ok

09:13:05.0177 0x1d14 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

09:13:05.0191 0x1d14 Winmgmt - ok

09:13:05.0246 0x1d14 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\WINDOWS\system32\WsmSvc.dll

09:13:05.0310 0x1d14 WinRM - ok

09:13:05.0321 0x1d14 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\WINDOWS\System32\drivers\WinUsb.sys

09:13:05.0329 0x1d14 WinUsb - ok

09:13:05.0364 0x1d14 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll

09:13:05.0404 0x1d14 WlanSvc - ok

09:13:05.0442 0x1d14 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll

09:13:05.0484 0x1d14 wlidsvc - ok

09:13:05.0489 0x1d14 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys

09:13:05.0496 0x1d14 WmiAcpi - ok

09:13:05.0503 0x1d14 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe

09:13:05.0514 0x1d14 wmiApSrv - ok

09:13:05.0516 0x1d14 WMPNetworkSvc - ok

09:13:05.0521 0x1d14 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys

09:13:05.0531 0x1d14 Wof - ok

09:13:05.0571 0x1d14 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll

09:13:05.0620 0x1d14 workfolderssvc - ok

09:13:05.0626 0x1d14 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys

09:13:05.0634 0x1d14 wpcfltr - ok

09:13:05.0638 0x1d14 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll

09:13:05.0646 0x1d14 WPCSvc - ok

09:13:05.0650 0x1d14 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll

09:13:05.0659 0x1d14 WPDBusEnum - ok

09:13:05.0663 0x1d14 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys

09:13:05.0669 0x1d14 WpdUpFltr - ok

09:13:05.0672 0x1d14 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys

09:13:05.0680 0x1d14 ws2ifsl - ok

09:13:05.0687 0x1d14 [ 69ABF315B424A627C3CA268C377FA001, 414CF6815026608209DB43189DF599A06AAC176ECF2C65C32FDABD6EAB9B0FB6 ] WSConnectorUpdate C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe

09:13:05.0696 0x1d14 WSConnectorUpdate - ok

09:13:05.0703 0x1d14 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\WINDOWS\System32\wscsvc.dll

09:13:05.0715 0x1d14 wscsvc - ok

09:13:05.0720 0x1d14 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys

09:13:05.0727 0x1d14 WSDPrintDevice - ok

09:13:05.0730 0x1d14 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan C:\WINDOWS\System32\drivers\WSDScan.sys

09:13:05.0739 0x1d14 WSDScan - ok

09:13:05.0741 0x1d14 WSearch - ok

09:13:05.0826 0x1d14 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\WINDOWS\System32\WSService.dll

09:13:05.0933 0x1d14 WSService - ok

09:13:05.0942 0x1d14 [ 21A234D233DE0441E6FDAAA10F7877CD, 3C7F520CC45899679289EAC35F3FB6FDC8992D19B9A2229870CD56F786FDD6F0 ] WSS_ComputerBackupProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe

09:13:05.0947 0x1d14 WSS_ComputerBackupProviderSvc - ok

09:13:06.0031 0x1d14 [ 688DAAE720E39DA86822785195646663, DB6E0F89496BB74EDF8378E6AE06364B19249701F6ACD176A0DCA1951E81A63D ] wuauserv C:\WINDOWS\system32\wuaueng.dll

09:13:06.0119 0x1d14 wuauserv - ok

09:13:06.0130 0x1d14 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys

09:13:06.0141 0x1d14 WudfPf - ok

09:13:06.0149 0x1d14 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys

09:13:06.0163 0x1d14 WUDFRd - ok

09:13:06.0172 0x1d14 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP C:\WINDOWS\system32\DRIVERS\WUDFRd.sys

09:13:06.0181 0x1d14 WUDFSensorLP - ok

09:13:06.0187 0x1d14 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll

09:13:06.0197 0x1d14 wudfsvc - ok

09:13:06.0205 0x1d14 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\WINDOWS\System32\drivers\WUDFRd.sys

09:13:06.0214 0x1d14 WUDFWpdFs - ok

09:13:06.0222 0x1d14 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys

09:13:06.0231 0x1d14 WUDFWpdMtp - ok

09:13:06.0246 0x1d14 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll

09:13:06.0265 0x1d14 WwanSvc - ok

09:13:06.0270 0x1d14 ================ Scan global ===============================

09:13:06.0276 0x1d14 [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll

09:13:06.0283 0x1d14 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll

09:13:06.0291 0x1d14 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll

09:13:06.0302 0x1d14 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe

09:13:06.0311 0x1d14 [ Global ] - ok

09:13:06.0311 0x1d14 ================ Scan MBR ==================================

09:13:06.0312 0x1d14 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

09:13:06.0330 0x1d14 \Device\Harddisk0\DR0 - ok

09:13:06.0344 0x1d14 [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk1\DR1

09:13:07.0495 0x1d14 \Device\Harddisk1\DR1 - ok

09:13:07.0495 0x1d14 ================ Scan VBR ==================================

09:13:07.0501 0x1d14 [ 24B97E8B7474DB507476B94D713D0BB0 ] \Device\Harddisk0\DR0\Partition1

09:13:07.0505 0x1d14 \Device\Harddisk0\DR0\Partition1 - ok

09:13:07.0509 0x1d14 [ C347A3BCBC55E72A61FFF275A39F45F6 ] \Device\Harddisk0\DR0\Partition2

09:13:07.0511 0x1d14 \Device\Harddisk0\DR0\Partition2 - ok

09:13:07.0515 0x1d14 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3

09:13:07.0516 0x1d14 \Device\Harddisk0\DR0\Partition3 - ok

09:13:07.0523 0x1d14 [ ACAEAEE365DF13C95272BDD69B53C7D7 ] \Device\Harddisk0\DR0\Partition4

09:13:07.0527 0x1d14 \Device\Harddisk0\DR0\Partition4 - ok

09:13:07.0553 0x1d14 [ C23FB081F98C8DE66387DD74F923CE93 ] \Device\Harddisk1\DR1\Partition1

09:13:07.0567 0x1d14 \Device\Harddisk1\DR1\Partition1 - ok

09:13:07.0567 0x1d14 ================ Scan generic autorun ======================

09:13:07.0567 0x1d14 Launchpad - ok

09:13:07.0572 0x1d14 [ 1952F3443060D6625BC30BECD3341F09, 8F6ADE128087C494CC78ED7DEE784C3DCBD30D94C223F44E96533ED1740E2289 ] C:\Program Files\Windows Server\Bin\ClientOperator.exe

09:13:07.0584 0x1d14 ClientOperator - ok

09:13:07.0587 0x1d14 [ D94BCD3B86F5220BEFC277B395EEE845, 61D3DE5621CE855F8EA5BF2308D0DFFB3B517BF7187AEE1FEF6785C5880E7D49 ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe

09:13:07.0590 0x1d14 IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )

09:13:10.0529 0x1d14 Detect skipped due to KSN trusted

09:13:10.0529 0x1d14 IAStorIcon - ok

09:13:10.0551 0x1d14 [ 75FBFC49CE8A7EF087AB450145C093C1, 9682D832BFA8054D32A6C977CE3EF2B376EDDCBD9D722703029690203EA0061F ] C:\WINDOWS\system32\igfxtray.exe

09:13:10.0566 0x1d14 IgfxTray - ok

09:13:10.0568 0x1d14 HotKeysCmds - ok

09:13:10.0570 0x1d14 Persistence - ok

09:13:10.0574 0x1d14 [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

09:13:10.0579 0x1d14 APSDaemon - ok

09:13:10.0590 0x1d14 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe

09:13:10.0599 0x1d14 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )

09:13:13.0169 0x1bd8 Object required for P2P: [ F5060B229D5997980C5CB28E6EDFF314 ] N360

09:13:13.0522 0x1d14 Detect skipped due to KSN trusted

09:13:13.0522 0x1d14 QuickTime Task - ok

09:13:13.0564 0x1d14 [ FCEC6F664FA7E5FE323165FBC9314470, 4E5AB1E6C3D2881D95E74F2F28649A7DBC4919CA249829A0E4CD9804E401A025 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

09:13:13.0587 0x1d14 SunJavaUpdateSched - ok

09:13:13.0661 0x1d14 [ 8BCA175804A64E03D93F3AC873454BB8, CA9311C68D44E3AC1AF102324F188E47B6FFBED00C23321DD391A295BC3C8490 ] C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe

09:13:13.0738 0x1d14 Malwarebytes Anti-Malware - detected UnsignedFile.Multi.Generic ( 1 )

09:13:16.0365 0x1bd8 Object send P2P result: true

09:13:16.0704 0x1d14 Malwarebytes Anti-Malware ( UnsignedFile.Multi.Generic ) - warning

09:13:16.0704 0x1d14 Force sending object to P2P due to detect: C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe

09:13:19.0896 0x1d14 Object send P2P result: true

09:13:23.0047 0x1d14 [ 369993D4B8C009393A2F9BCBB7BD2587, DD9FBF8C32BB3A29F7062BABA23B84FB9F7395A4AB3FB7001071154CDE92F7D5 ] C:\Program Files (x86)\Windows Mail\wab.exe

09:13:23.0075 0x1d14 WAB Migrate - ok

09:13:23.0086 0x1d14 [ 369993D4B8C009393A2F9BCBB7BD2587, DD9FBF8C32BB3A29F7062BABA23B84FB9F7395A4AB3FB7001071154CDE92F7D5 ] C:\Program Files (x86)\Windows Mail\wab.exe

09:13:23.0101 0x1d14 WAB Migrate - ok

09:13:23.0110 0x1d14 [ A622342BCA6F40123F4CAE1DCB06468A, 8DC925FC4261FE9F379F3544D0E4508919A45A8D2689F66A605E26CE14E9D4F5 ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

09:13:23.0118 0x1d14 ISUSPM - ok

09:13:23.0124 0x1d14 [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Administration\AppData\Local\Dropbox\Update\DropboxUpdate.exe

09:13:23.0132 0x1d14 Dropbox Update - ok

09:13:23.0135 0x1d14 Skype - ok

09:13:23.0143 0x1d14 [ A53E431775DF91EA016AF5817DF26B41, C742F5C3CFDC9B4392DB6D2CA9811CDA1AF1F2D10968CF4CEC2AF19ADB75F1C8 ] C:\Users\Administration\AppData\Roaming\Oracle\bin\javaw.exe

09:13:23.0152 0x1d14 FR32GRfvap5 - ok

09:13:23.0318 0x1d14 [ A369FFAFB9D03175EC17BF132A039911, 6DA4240272CC8D93B93AB98750027F409CDC9DAFBF970B4D19B020FCA27AB927 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

09:13:23.0484 0x1d14 SUPERAntiSpyware - ok

09:13:23.0497 0x1d14 Waiting for KSN requests completion. In queue: 6

09:13:24.0498 0x1d14 Waiting for KSN requests completion. In queue: 6

09:13:25.0498 0x1d14 Waiting for KSN requests completion. In queue: 6

09:13:26.0445 0x1624 Object required for P2P: [ A369FFAFB9D03175EC17BF132A039911 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

09:13:26.0498 0x1d14 Waiting for KSN requests completion. In queue: 1

09:13:27.0499 0x1d14 Waiting for KSN requests completion. In queue: 1

09:13:28.0499 0x1d14 Waiting for KSN requests completion. In queue: 1

09:13:29.0500 0x1d14 Waiting for KSN requests completion. In queue: 1

09:13:29.0705 0x1624 Object send P2P result: true

09:13:30.0530 0x1d14 AV detected via SS2: Norton 360 Premier, C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\WSCStub.exe ( 22.5.0.0 ), 0x51000 ( enabled : updated )

09:13:30.0537 0x1d14 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )

09:13:30.0538 0x1d14 FW detected via SS2: Norton 360 Premier, C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\WSCStub.exe ( 22.5.0.0 ), 0x51010 ( enabled )

09:13:33.0288 0x1d14 ============================================================

09:13:33.0288 0x1d14 Scan finished

09:13:33.0288 0x1d14 ============================================================

09:13:33.0307 0x0908 Detected object count: 1

09:13:33.0307 0x0908 Actual detected object count: 1

09:14:07.0723 0x0908 Malwarebytes Anti-Malware ( UnsignedFile.Multi.Generic ) - skipped by user

09:14:07.0723 0x0908 Malwarebytes Anti-Malware ( UnsignedFile.Multi.Generic ) - User select action: Skip



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:23 AM

Posted 29 December 2015 - 04:16 PM

Hi,

Step 1

frst.pngfrstfix.png
Please download the attached fixlist and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   8.74KB   5 downloads

Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Studio81

Studio81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:53 PM

Posted 29 December 2015 - 07:07 PM

Great thanks so much, first two logs are below, working on the online scan, will post when done :)

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by Administration (2015-12-30 09:06:01) Run:1
Running from C:\Users\Administration\Desktop
Loaded Profiles: Administration (Available Profiles: Darwin & Admin & Administration)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
Task: {325FB297-6DC6-4EE3-A36B-C6897ADDC3C5} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {69DB4951-E41B-41CC-9E2C-5A2623FB7056} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] 
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Run: [FR32GRfvap5] => "C:\Users\Administration\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\Administration\FCNJIG8Pbdh\3vXAV2MonQb.TqdTo2"
C:\Users\Administration\FCNJIG8Pbdh
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Policies\system: [DisableTaskMgr]
IFEO\acs.exe: [Debugger] svchost.exe
IFEO\AdAwareDesktop.exe: [Debugger] svchost.exe
IFEO\AdAwareService.exe: [Debugger] svchost.exe
IFEO\AdAwareTray.exe: [Debugger] svchost.exe
IFEO\AgentSvc.exe: [Debugger] svchost.exe
IFEO\AVK.exe: [Debugger] svchost.exe
IFEO\AVKProxy.exe: [Debugger] svchost.exe
IFEO\AVKService.exe: [Debugger] svchost.exe
IFEO\AVKTray.exe: [Debugger] svchost.exe
IFEO\AVKWCtlx64.exe: [Debugger] svchost.exe
IFEO\avpmapp.exe: [Debugger] svchost.exe
IFEO\av_task.exe: [Debugger] svchost.exe
IFEO\Bav.exe: [Debugger] svchost.exe
IFEO\bavhm.exe: [Debugger] svchost.exe
IFEO\BavSvc.exe: [Debugger] svchost.exe
IFEO\BavTray.exe: [Debugger] svchost.exe
IFEO\BavUpdater.exe: [Debugger] svchost.exe
IFEO\BavWebClient.exe: [Debugger] svchost.exe
IFEO\BDSSVC.EXE: [Debugger] svchost.exe
IFEO\BgScan.exe: [Debugger] svchost.exe
IFEO\BullGuard.exe: [Debugger] svchost.exe
IFEO\BullGuardBhvScanner.exe: [Debugger] svchost.exe
IFEO\BullGuardUpdate.exe: [Debugger] svchost.exe
IFEO\BullGuarScanner.exe: [Debugger] svchost.exe
IFEO\capinfos.exe: [Debugger] svchost.exe
IFEO\cavwp.exe: [Debugger] svchost.exe
IFEO\CertReg.exe: [Debugger] svchost.exe
IFEO\cis.exe: [Debugger] svchost.exe
IFEO\CisTray.exe: [Debugger] svchost.exe
IFEO\clamscan.exe: [Debugger] svchost.exe
IFEO\ClamTray.exe: [Debugger] svchost.exe
IFEO\ClamWin.exe: [Debugger] svchost.exe
IFEO\cmdagent.exe: [Debugger] svchost.exe
IFEO\ConfigSecurityPolicy.exe: [Debugger] svchost.exe
IFEO\CONSCTLX.EXE: [Debugger] svchost.exe
IFEO\coreFrameworkHost.exe: [Debugger] svchost.exe
IFEO\coreServiceShell.exe: [Debugger] svchost.exe
IFEO\dragon_updater.exe: [Debugger] svchost.exe
IFEO\dumpcap.exe: [Debugger] svchost.exe
IFEO\econceal.exe: [Debugger] svchost.exe
IFEO\econser.exe: [Debugger] svchost.exe
IFEO\editcap.exe: [Debugger] svchost.exe
IFEO\EMLPROXY.EXE: [Debugger] svchost.exe
IFEO\escanmon.exe: [Debugger] svchost.exe
IFEO\escanpro.exe: [Debugger] svchost.exe
IFEO\fcappdb.exe: [Debugger] svchost.exe
IFEO\FCDBlog.exe: [Debugger] svchost.exe
IFEO\FCHelper64.exe: [Debugger] svchost.exe
IFEO\FilMsg.exe: [Debugger] svchost.exe
IFEO\FilUp.exe: [Debugger] svchost.exe
IFEO\filwscc.exe: [Debugger] svchost.exe
IFEO\fmon.exe: [Debugger] svchost.exe
IFEO\FortiClient.exe: [Debugger] svchost.exe
IFEO\FortiClient_Diagnostic_Tool.exe: [Debugger] svchost.exe
IFEO\FortiESNAC.exe: [Debugger] svchost.exe
IFEO\FortiFW.exe: [Debugger] svchost.exe
IFEO\FortiProxy.exe: [Debugger] svchost.exe
IFEO\FortiSSLVPNdaemon.exe: [Debugger] svchost.exe
IFEO\FortiTray.exe: [Debugger] svchost.exe
IFEO\FPAVServer.exe: [Debugger] svchost.exe
IFEO\FProtTray.exe: [Debugger] svchost.exe
IFEO\FPWin.exe: [Debugger] svchost.exe
IFEO\freshclam.exe: [Debugger] svchost.exe
IFEO\freshclamwrap.exe: [Debugger] svchost.exe
IFEO\fsgk32.exe: [Debugger] svchost.exe
IFEO\FSHDLL64.exe: [Debugger] svchost.exe
IFEO\fshoster32.exe: [Debugger] svchost.exe
IFEO\FSM32.EXE: [Debugger] svchost.exe
IFEO\FSMA32.EXE: [Debugger] svchost.exe
IFEO\fsorsp.exe: [Debugger] svchost.exe
IFEO\fssm32.exe: [Debugger] svchost.exe
IFEO\GdBgInx64.exe: [Debugger] svchost.exe
IFEO\GDKBFltExe32.exe: [Debugger] svchost.exe
IFEO\GDSC.exe: [Debugger] svchost.exe
IFEO\GDScan.exe: [Debugger] svchost.exe
IFEO\guardxkickoff_x64.exe: [Debugger] svchost.exe
IFEO\guardxservice.exe: [Debugger] svchost.exe
IFEO\iptray.exe: [Debugger] svchost.exe
IFEO\K7AVScan.exe: [Debugger] svchost.exe
IFEO\K7CrvSvc.exe: [Debugger] svchost.exe
IFEO\K7EmlPxy.EXE: [Debugger] svchost.exe
IFEO\K7FWSrvc.exe: [Debugger] svchost.exe
IFEO\K7PSSrvc.exe: [Debugger] svchost.exe
IFEO\K7RTScan.exe: [Debugger] svchost.exe
IFEO\K7SysMon.Exe: [Debugger] svchost.exe
IFEO\K7TSecurity.exe: [Debugger] svchost.exe
IFEO\K7TSMain.exe: [Debugger] svchost.exe
IFEO\K7TSMngr.exe: [Debugger] svchost.exe
IFEO\LittleHook.exe: [Debugger] svchost.exe
IFEO\mbam.exe: [Debugger] svchost.exe
IFEO\mbamscheduler.exe: [Debugger] svchost.exe
IFEO\mbamservice.exe: [Debugger] svchost.exe
IFEO\MCS-Uninstall.exe: [Debugger] svchost.exe
IFEO\MCShieldCCC.exe: [Debugger] svchost.exe
IFEO\MCShieldDS.exe: [Debugger] svchost.exe
IFEO\MCShieldRTM.exe: [Debugger] svchost.exe
IFEO\mergecap.exe: [Debugger] svchost.exe
IFEO\MpCmdRun.exe: [Debugger] svchost.exe
IFEO\MpUXSrv.exe: [Debugger] svchost.exe
IFEO\MSASCui.exe: [Debugger] svchost.exe
IFEO\MsMpEng.exe: [Debugger] svchost.exe
IFEO\MWAGENT.EXE: [Debugger] svchost.exe
IFEO\MWASER.EXE: [Debugger] svchost.exe
IFEO\nanoav.exe: [Debugger] svchost.exe
IFEO\nanosvc.exe: [Debugger] svchost.exe
IFEO\nbrowser.exe: [Debugger] svchost.exe
IFEO\nfservice.exe: [Debugger] svchost.exe
IFEO\NisSrv.exe: [Debugger] svchost.exe
IFEO\njeeves2.exe: [Debugger] svchost.exe
IFEO\nnf.exe: [Debugger] svchost.exe
IFEO\nprosec.exe: [Debugger] svchost.exe
IFEO\NS.exe: [Debugger] svchost.exe
IFEO\nseupdatesvc.exe: [Debugger] svchost.exe
IFEO\nvcod.exe: [Debugger] svchost.exe
IFEO\nvcsvc.exe: [Debugger] svchost.exe
IFEO\nvoy.exe: [Debugger] svchost.exe
IFEO\nwscmon.exe: [Debugger] svchost.exe
IFEO\ONLINENT.EXE: [Debugger] svchost.exe
IFEO\OPSSVC.EXE: [Debugger] svchost.exe
IFEO\op_mon.exe: [Debugger] svchost.exe
IFEO\ProcessHacker.exe: [Debugger] svchost.exe
IFEO\procexp.exe: [Debugger] svchost.exe
IFEO\PSANHost.exe: [Debugger] svchost.exe
IFEO\PSUAMain.exe: [Debugger] svchost.exe
IFEO\PSUAService.exe: [Debugger] svchost.exe
IFEO\psview.exe: [Debugger] svchost.exe
IFEO\PtSessionAgent.exe: [Debugger] svchost.exe
IFEO\PtSvcHost.exe: [Debugger] svchost.exe
IFEO\PtWatchDog.exe: [Debugger] svchost.exe
IFEO\quamgr.exe: [Debugger] svchost.exe
IFEO\QUHLPSVC.EXE: [Debugger] svchost.exe
IFEO\rawshark.exe: [Debugger] svchost.exe
IFEO\SAPISSVC.EXE: [Debugger] svchost.exe
IFEO\SASCore64.exe: [Debugger] svchost.exe
IFEO\SASTask.exe: [Debugger] svchost.exe
IFEO\SBAMSvc.exe: [Debugger] svchost.exe
IFEO\SBAMTray.exe: [Debugger] svchost.exe
IFEO\SBPIMSvc.exe: [Debugger] svchost.exe
IFEO\SCANNER.EXE: [Debugger] svchost.exe
IFEO\SCANWSCS.EXE: [Debugger] svchost.exe
IFEO\schmgr.exe: [Debugger] svchost.exe
IFEO\scproxysrv.exe: [Debugger] svchost.exe
IFEO\ScSecSvc.exe: [Debugger] svchost.exe
IFEO\SDFSSvc.exe: [Debugger] svchost.exe
IFEO\SDScan.exe: [Debugger] svchost.exe
IFEO\SDTray.exe: [Debugger] svchost.exe
IFEO\SDWelcome.exe: [Debugger] svchost.exe
IFEO\SSUpdate64.exe: [Debugger] svchost.exe
IFEO\SUPERAntiSpyware.exe: [Debugger] svchost.exe
IFEO\SUPERDelete.exe: [Debugger] svchost.exe
IFEO\Taskmgr.exe: [Debugger] svchost.exe
IFEO\text2pcap.exe: [Debugger] svchost.exe
IFEO\TRAYICOS.EXE: [Debugger] svchost.exe
IFEO\TRAYSSER.EXE: [Debugger] svchost.exe
IFEO\trigger.exe: [Debugger] svchost.exe
IFEO\tshark.exe: [Debugger] svchost.exe
IFEO\twsscan.exe: [Debugger] svchost.exe
IFEO\twssrv.exe: [Debugger] svchost.exe
IFEO\uiSeAgnt.exe: [Debugger] svchost.exe
IFEO\uiUpdateTray.exe: [Debugger] svchost.exe
IFEO\uiWatchDog.exe: [Debugger] svchost.exe
IFEO\uiWinMgr.exe: [Debugger] svchost.exe
IFEO\UnThreat.exe: [Debugger] svchost.exe
IFEO\UserAccountControlSettings.exe: [Debugger] svchost.exe
IFEO\UserReg.exe: [Debugger] svchost.exe
IFEO\utsvc.exe: [Debugger] svchost.exe
IFEO\V3Main.exe: [Debugger] svchost.exe
IFEO\V3Medic.exe: [Debugger] svchost.exe
IFEO\V3Proxy.exe: [Debugger] svchost.exe
IFEO\V3SP.exe: [Debugger] svchost.exe
IFEO\V3Svc.exe: [Debugger] svchost.exe
IFEO\V3Up.exe: [Debugger] svchost.exe
IFEO\VIEWTCP.EXE: [Debugger] svchost.exe
IFEO\VIPREUI.exe: [Debugger] svchost.exe
IFEO\virusutilities.exe: [Debugger] svchost.exe
IFEO\WebCompanion.exe: [Debugger] svchost.exe
IFEO\wireshark.exe: [Debugger] svchost.exe
IFEO\Zanda.exe: [Debugger] svchost.exe
IFEO\Zlh.exe: [Debugger] svchost.exe
IFEO\zlhh.exe: [Debugger] svchost.exe
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
2015-12-24 09:37 - 2015-12-24 09:37 - 00022704 ____C C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-24 09:36 - 2015-12-24 09:36 - 03286400 ____C (Enigma Software Group USA, LLC.) C:\Users\Administration\Downloads\SpyHunter-Installer.exe

*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{325FB297-6DC6-4EE3-A36B-C6897ADDC3C5} => key not found.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69DB4951-E41B-41CC-9E2C-5A2623FB7056} => key not found.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" => key removed successfully
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => key removed successfully
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\Software\Microsoft\Windows\CurrentVersion\Run\\FR32GRfvap5 => value removed successfully
C:\Users\Administration\FCNJIG8Pbdh => moved successfully
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\Software\Microsoft\Windows\CurrentVersion\Policies\system\\HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Policies\system: [DisableTaskMgr] => value not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\acs.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AdAwareDesktop.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AdAwareService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AdAwareTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AgentSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVK.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKProxy.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AVKWCtlx64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avpmapp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\av_task.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Bav.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bavhm.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavUpdater.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavWebClient.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BDSSVC.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BgScan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuard.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuardBhvScanner.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuardUpdate.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuarScanner.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\capinfos.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cavwp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CertReg.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cis.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CisTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\clamscan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ClamTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ClamWin.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cmdagent.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ConfigSecurityPolicy.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\CONSCTLX.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\coreFrameworkHost.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\coreServiceShell.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dragon_updater.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dumpcap.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\econceal.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\econser.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\editcap.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EMLPROXY.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\escanmon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\escanpro.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fcappdb.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FCDBlog.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FCHelper64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FilMsg.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FilUp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\filwscc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fmon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiClient.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiClient_Diagnostic_Tool.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiESNAC.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiFW.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiProxy.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiSSLVPNdaemon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FortiTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FPAVServer.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FProtTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FPWin.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\freshclam.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\freshclamwrap.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fsgk32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FSHDLL64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fshoster32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FSM32.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FSMA32.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fsorsp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\fssm32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GdBgInx64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GDKBFltExe32.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GDSC.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\GDScan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\guardxkickoff_x64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\guardxservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iptray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7AVScan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7CrvSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7EmlPxy.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7FWSrvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7PSSrvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7RTScan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7SysMon.Exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7TSecurity.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7TSMain.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7TSMngr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\LittleHook.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCS-Uninstall.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCShieldCCC.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCShieldDS.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MCShieldRTM.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mergecap.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpCmdRun.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MpUXSrv.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MWAGENT.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MWASER.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nanoav.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nanosvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nbrowser.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nfservice.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NisSrv.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\njeeves2.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nnf.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nprosec.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NS.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nseupdatesvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nvcod.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nvcsvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nvoy.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\nwscmon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ONLINENT.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OPSSVC.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\op_mon.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ProcessHacker.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\procexp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSANHost.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSUAMain.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSUAService.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\psview.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PtSessionAgent.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PtSvcHost.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PtWatchDog.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\quamgr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\QUHLPSVC.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rawshark.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SAPISSVC.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SASCore64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SASTask.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SBAMSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SBAMTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SBPIMSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SCANNER.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SCANWSCS.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\schmgr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\scproxysrv.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ScSecSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDFSSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDScan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SDWelcome.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SSUpdate64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SUPERAntiSpyware.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SUPERDelete.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Taskmgr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\text2pcap.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TRAYICOS.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TRAYSSER.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\trigger.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tshark.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\twsscan.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\twssrv.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiSeAgnt.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiUpdateTray.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiWatchDog.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uiWinMgr.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UnThreat.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UserAccountControlSettings.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UserReg.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utsvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Main.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Medic.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Proxy.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3SP.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Svc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\V3Up.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VIEWTCP.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\VIPREUI.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\virusutilities.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WebCompanion.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Zanda.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Zlh.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlhh.exe" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
C:\WINDOWS\system32\Drivers\EsgScanner.sys => moved successfully
C:\Users\Administration\Downloads\SpyHunter-Installer.exe => moved successfully

The system needed a reboot.

==== End of Fixlog 09:06:02 ====

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/12/2015
Scan Time: 9:13 AM
Logfile: Malwarebyteslog.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.29.07
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Administration

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 446162
Time Elapsed: 7 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)
(end)



#8 Studio81

Studio81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:53 PM

Posted 29 December 2015 - 07:33 PM

And the ESET scan log..

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# EOSSerial=7757955568c4294cbbabd4ab58fd2230
# end=init
# utc_time=2015-12-24 04:02:34
# local_time=2015-12-24 01:32:34 (+0930, AUS Central Standard Time)
# country="Australia"
# osver=6.3.9600 NT
Update Init
Update Download
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7757955568c4294cbbabd4ab58fd2230
# end=init
# utc_time=2015-12-29 11:54:05
# local_time=2015-12-30 09:24:05 (+0930, AUS Central Standard Time)
# country="Australia"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 27414
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=7757955568c4294cbbabd4ab58fd2230
# end=updated
# utc_time=2015-12-30 12:08:49
# local_time=2015-12-30 09:38:49 (+0930, AUS Central Standard Time)
# country="Australia"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=7757955568c4294cbbabd4ab58fd2230
# engine=27414
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-12-30 12:30:12
# local_time=2015-12-30 10:00:12 (+0930, AUS Central Standard Time)
# country="Australia"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 521225 214026597 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12014310 67619890 0 0
# scanned=257996
# found=3
# cleaned=0
# scan_time=1282
sh=22AE9065FC747DA14552D6869431B9B205A2D40D ft=0 fh=0000000000000000 vn="Java/Adwind.QN trojan" ac=I fn="C:\$Recycle.Bin\S-1-5-21-1913235342-3225301714-2944181721-1119\$RFXSUOP.zip"
sh=60A89E3362CA9DE61D6039F71D946709E654ECEB ft=0 fh=0000000000000000 vn="Java/Adwind.QN trojan" ac=I fn="C:\FRST\Quarantine\C\Users\Administration\FCNJIG8Pbdh\3vXAV2MonQb.TqdTo2"
sh=60A89E3362CA9DE61D6039F71D946709E654ECEB ft=0 fh=0000000000000000 vn="Java/Adwind.QN trojan" ac=I fn="C:\Users\Administration\Desktop\Invoice\Invoice.jar"

 



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:23 AM

Posted 30 December 2015 - 01:37 PM


Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Studio81

Studio81
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:53 PM

Posted 31 December 2015 - 12:41 AM

Hi Jürgen,

 

Thanks so much for your assistance, so far we have experienced no further issues. I do have a question about an error that pops up on start-up that may be unrelated but began to happen at the same time as the infection. Appreciate your advice.

 

Alert_Viewer_Picture.jpg

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
Ran by Administration (administrator) on ADMINISTRATOR (31-12-2015 14:29:25)
Running from C:\Users\Administration\Desktop
Loaded Profiles: Administration (Available Profiles: Darwin & Admin & Administration)
Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\n360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\n360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Launchpad.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ClientOperator.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Dropbox, Inc.) C:\Users\Administration\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSPUB.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSACCESS.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launchpad] => C:\Program Files\Windows Server\Bin\Launchpad.exe [1098952 2013-08-13] (Microsoft Corporation)
HKLM\...\Run: [ClientOperator] => C:\Program Files\Windows Server\Bin\ClientOperator.exe [68296 2013-08-13] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [404376 2015-08-09] ()
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3213824 2015-12-29] (Malwarebytes)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-04-02] (Acresso Corporation)
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Run: [Dropbox Update] => C:\Users\Administration\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\MountPoints2: {45ea485b-980e-11e3-be95-74d02b7a3b02} - "D:\HPLauncher.exe"
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\MountPoints2: {e8b38539-018f-11e4-beca-74d02b7a3b02} - "D:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-09] (Dropbox, Inc.)
Startup: C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-04-02]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{075C3DBD-AF65-41E8-8A33-252114891937}: [NameServer] 192.168.2.20,192.168.2.1
Tcpip\..\Interfaces\{075C3DBD-AF65-41E8-8A33-252114891937}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.abc.net.au/news/#state=nt
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\coIEPlg.dll [2015-11-06] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll [2015-11-06] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-23] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-23] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\coIEPlg.dll [2015-11-06] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\coIEPlg.dll [2015-11-06] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\22.5.5.15\coIEPlg.dll [2015-11-06] (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Administration\AppData\Roaming\Mozilla\Firefox\Profiles\z5ad1v08.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @abr.gov.au/KeyMgmtPlugin -> C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll [2012-10-25] (Commonwealth Government of Australia)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-03] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-03] (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2015-12-15]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon

Chrome:
=======
CHR Profile: C:\Users\Administration\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Administration\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-11-05]
CHR Extension: (Store) - C:\Users\Administration\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administration\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-29]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-27]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-27]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\N360.exe [282016 2015-11-21] (Symantec Corporation)
R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41616 2012-09-07] (Microsoft Corporation)
R2 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [31376 2012-09-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\BASHDefs\20151218.001\BHDrvx64.sys [1665608 2015-10-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\IPSDefs\20151230.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20151230.021\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\22.5.0.124\Definitions\VirusDefs\20151230.021\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-12] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605050.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-23] (Symantec Corporation)
S1 SymIM; C:\Windows\system32\DRIVERS\SymIMv.sys [43680 2012-11-16] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMNETS.SYS [577768 2015-11-12] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-31 14:29 - 2015-12-31 14:29 - 00024305 ____C C:\Users\Administration\Desktop\FRST.txt
2015-12-31 14:21 - 2015-12-31 14:21 - 00000064 ____C C:\Users\Administration\Desktop\COCentre_Appl V8.11.laccdb
2015-12-31 10:43 - 2015-12-31 10:43 - 00000000 ___DC C:\WINDOWS\Sun
2015-12-30 09:21 - 2015-12-30 09:21 - 00001059 ____C C:\Users\Administration\Desktop\Malwarebyteslog.txt
2015-12-30 09:18 - 2015-12-30 09:19 - 02870984 ____C (ESET) C:\Users\Administration\Desktop\esetsmartinstaller_enu.exe
2015-12-30 09:06 - 2015-12-30 09:06 - 00033410 ____C C:\Users\Administration\Desktop\Fixlog.txt
2015-12-29 11:58 - 2015-12-29 13:21 - 00799514 ____C C:\WINDOWS\ntbtlog.txt
2015-12-29 09:17 - 2015-12-29 09:18 - 00231166 ____C C:\TDSSKiller.3.1.0.9_29.12.2015_09.17.01_log.txt
2015-12-29 09:12 - 2015-12-29 09:14 - 00231622 ____C C:\TDSSKiller.3.1.0.9_29.12.2015_09.12.05_log.txt
2015-12-29 09:11 - 2015-12-29 09:11 - 04727984 ____C (Kaspersky Lab ZAO) C:\Users\Administration\Desktop\tdsskiller.exe
2015-12-27 11:16 - 2015-12-31 14:29 - 00000000 ___DC C:\FRST
2015-12-27 11:16 - 2015-12-27 11:16 - 02370560 ____C (Farbar) C:\Users\Administration\Desktop\FRST64.exe
2015-12-24 15:41 - 2015-12-24 15:41 - 00388608 ____C (Trend Micro Inc.) C:\Users\Administration\Desktop\HijackThis.exe
2015-12-24 13:39 - 2015-12-24 13:39 - 00166064 ____C (Symantec Corporation) C:\Users\Administration\Downloads\FixVundo.exe
2015-12-24 13:32 - 2015-12-24 13:32 - 00000000 ___DC C:\Program Files (x86)\ESET
2015-12-24 11:28 - 2015-12-24 15:42 - 02032072 ____C (Bleeping Computer, LLC) C:\Users\Administration\Downloads\rkill (2).com
2015-12-24 11:20 - 2015-12-29 09:16 - 02032072 ____C (Bleeping Computer, LLC) C:\Users\Administration\Downloads\rkill (1).com
2015-12-24 11:08 - 2015-12-24 11:08 - 01110992 ____C (Symantec Corporation) C:\Users\Administration\Downloads\NBRT-Retail-Downloader.exe
2015-12-24 10:58 - 2015-12-24 10:58 - 05641692 ____C (Swearware) C:\Users\Administration\Downloads\ComboFix (1).exe
2015-12-24 10:55 - 2015-12-24 10:56 - 00000000 ___DC C:\AdwCleaner
2015-12-24 10:54 - 2015-12-24 10:54 - 01743360 ____C C:\Users\Administration\Downloads\AdwCleaner.exe
2015-12-24 10:48 - 2015-12-24 10:48 - 00001095 ____C C:\Users\Administration\Desktop\JRT.txt
2015-12-24 10:46 - 2015-12-24 10:46 - 01599336 ____C (Malwarebytes) C:\Users\Administration\Downloads\JRT.exe
2015-12-24 10:45 - 2015-12-24 10:45 - 05641692 ____C (Swearware) C:\Users\Administration\Downloads\ComboFix.exe
2015-12-24 10:42 - 2015-12-24 11:20 - 02032072 ____C (Bleeping Computer, LLC) C:\Users\Administration\Downloads\rkill.com
2015-12-24 10:30 - 2015-12-29 11:58 - 00000000 ___DC C:\NPE
2015-12-24 10:17 - 2015-12-30 17:03 - 00192216 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-24 10:16 - 2015-12-29 12:04 - 00004496 ____C C:\Users\Administration\Desktop\Rkill.txt
2015-12-24 10:16 - 2015-12-29 12:04 - 00000000 ___DC C:\Users\Administration\Desktop\rkill
2015-12-24 10:15 - 2015-12-29 13:21 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-24 10:15 - 2015-12-24 10:15 - 00001118 ____C C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-24 10:15 - 2015-12-24 10:15 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-24 10:15 - 2015-10-05 09:50 - 00109272 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-24 10:15 - 2015-10-05 09:50 - 00064216 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-24 10:15 - 2015-10-05 09:50 - 00025816 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-24 09:53 - 2015-12-24 09:53 - 00000000 ___DC C:\ProgramData\Malwarebytes
2015-12-24 09:09 - 2015-12-30 09:03 - 00000000 ___DC C:\Users\Administration\AppData\Local\NPE
2015-12-24 08:56 - 2015-12-31 14:21 - 11694080 ____C C:\Users\Administration\Desktop\COCentre_Appl V8.11.accdb
2015-12-22 14:06 - 2015-12-22 14:06 - 00095232 ____C C:\Users\Administration\Documents\Marrakai store trading hr christmas 1.pub
2015-12-22 09:46 - 2015-12-22 09:46 - 00000000 ___DC C:\Users\Administration\Desktop\Invoice
2015-12-17 17:16 - 2015-12-11 16:53 - 74092544 ____C C:\Users\Administration\Desktop\COCentre_Data 010314 From Friday 111215.mdb
2015-12-17 17:07 - 2015-12-17 17:07 - 00002713 ____C C:\Users\Public\Desktop\Skype.lnk
2015-12-17 17:07 - 2015-12-17 17:07 - 00000000 __RDC C:\Program Files (x86)\Skype
2015-12-17 17:07 - 2015-12-17 17:07 - 00000000 ___DC C:\ProgramData\Package Cache
2015-12-17 17:07 - 2015-12-17 17:07 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-17 13:46 - 2015-12-17 13:46 - 00002180 ____C C:\Users\Administration\Desktop\COM Maintenance V1.6 - Shortcut.lnk
2015-12-16 15:04 - 2015-12-23 15:48 - 00065536 ____C C:\Users\Administration\Desktop\DCMI 2015.box
2015-12-14 17:05 - 2015-12-11 16:27 - 04316060 ____C C:\Users\Administration\Desktop\dcocm grand christmas.tif
2015-12-14 09:38 - 2015-12-14 09:38 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-12-14 09:38 - 2015-12-14 09:38 - 00000000 ___DC C:\Program Files\7-Zip
2015-12-12 23:49 - 2015-12-12 23:49 - 00000000 ___DC C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-10 13:10 - 2015-11-12 01:51 - 25837568 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-10 13:10 - 2015-11-12 01:30 - 12856832 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-10 13:10 - 2015-11-12 01:14 - 00279040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-10 13:10 - 2015-11-12 01:14 - 00128000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-10 13:10 - 2015-11-12 01:11 - 20366848 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-10 13:10 - 2015-11-12 00:42 - 00092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-10 13:10 - 2015-11-10 09:43 - 00496640 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-10 13:10 - 2015-11-10 09:41 - 00064000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-10 13:10 - 2015-11-10 09:38 - 02280448 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-10 13:10 - 2015-11-10 09:34 - 00476160 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-10 13:10 - 2015-11-10 09:32 - 00663552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-10 13:10 - 2015-11-10 09:16 - 04514816 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-10 13:10 - 2015-11-10 09:11 - 00880128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-10 13:10 - 2015-11-10 09:07 - 00230400 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-10 13:10 - 2015-11-10 09:06 - 02050560 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-10 13:10 - 2015-11-10 09:06 - 00687104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-10 13:10 - 2015-11-10 09:06 - 00325632 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-10 13:10 - 2015-11-10 08:55 - 01048576 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-10 13:10 - 2015-11-10 08:47 - 02011136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-10 13:10 - 2015-11-10 08:44 - 01311744 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-10 13:10 - 2015-11-10 08:42 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-10 13:10 - 2015-11-09 07:45 - 02887168 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-10 13:10 - 2015-11-09 07:45 - 00571392 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-10 13:10 - 2015-11-09 07:34 - 05923840 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-10 13:10 - 2015-11-09 07:32 - 00615936 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-10 13:10 - 2015-11-09 07:31 - 00817664 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-10 13:10 - 2015-11-09 07:02 - 00315392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-10 13:10 - 2015-11-09 07:02 - 00145408 ____C (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-10 13:10 - 2015-11-09 06:55 - 01032704 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-10 13:10 - 2015-11-09 06:48 - 00262144 ____C (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-10 13:10 - 2015-11-09 06:46 - 00372224 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-10 13:10 - 2015-11-09 06:45 - 00798208 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-10 13:10 - 2015-11-09 06:45 - 00718336 ____C (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-10 13:10 - 2015-11-09 06:44 - 14456832 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-10 13:10 - 2015-11-09 06:43 - 02123264 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-10 13:10 - 2015-11-09 06:23 - 02880000 ____C (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-10 13:10 - 2015-11-09 06:23 - 02487808 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-10 13:10 - 2015-11-09 06:11 - 01546752 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-10 13:10 - 2015-11-09 06:00 - 00800768 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-10 13:10 - 2015-11-05 18:29 - 00145408 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-10 13:09 - 2015-11-22 16:29 - 07455064 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-10 13:09 - 2015-11-22 16:29 - 01735000 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-10 13:09 - 2015-11-22 16:29 - 01659568 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-10 13:09 - 2015-11-22 16:29 - 01519592 ____C (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-10 13:09 - 2015-11-22 16:29 - 01487008 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-10 13:09 - 2015-11-22 16:29 - 01355848 ____C (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-10 13:09 - 2015-11-22 16:28 - 01499920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-10 13:09 - 2015-11-22 04:02 - 00016896 ____C (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-10 13:09 - 2015-11-22 03:20 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-10 13:09 - 2015-11-22 02:29 - 01706496 ____C (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-10 13:09 - 2015-11-22 02:19 - 01344000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-10 13:09 - 2015-11-22 02:17 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-10 13:09 - 2015-11-22 02:10 - 00414208 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-10 13:09 - 2015-11-09 10:11 - 01540728 ____C (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-10 13:09 - 2015-11-09 08:00 - 04176384 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-10 13:09 - 2015-11-09 06:53 - 01994752 ____C (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-10 13:09 - 2015-11-09 06:43 - 01383936 ____C (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-10 13:09 - 2015-11-09 06:31 - 01753600 ____C (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-10 13:09 - 2015-11-09 06:22 - 01559552 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-10 13:09 - 2015-11-09 06:18 - 01376256 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-10 13:09 - 2015-11-09 06:12 - 01490944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-10 13:09 - 2015-10-23 03:13 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-10 13:09 - 2015-10-23 03:13 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-10 13:09 - 2015-10-23 03:13 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-10 13:09 - 2015-10-23 03:13 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-10 13:09 - 2015-10-23 02:29 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-10 13:09 - 2015-10-23 02:29 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-10 13:09 - 2015-10-23 02:29 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-10 13:09 - 2015-10-23 02:29 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-10 13:09 - 2015-10-23 01:51 - 01200128 ____C (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-10 13:09 - 2015-10-23 01:51 - 00323072 ____C (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-10 13:09 - 2015-10-23 01:28 - 00868864 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-10 13:09 - 2015-10-23 01:28 - 00200704 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-10 13:09 - 2015-10-22 23:38 - 00513456 ____C C:\WINDOWS\SysWOW64\locale.nls
2015-12-10 13:09 - 2015-10-22 23:38 - 00513456 ____C C:\WINDOWS\system32\locale.nls
2015-12-10 13:09 - 2015-10-11 02:50 - 00186880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-10 13:09 - 2015-10-04 05:11 - 01385280 ____C (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-10 13:09 - 2015-10-04 05:11 - 01124384 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-10 13:08 - 2015-11-21 08:17 - 00136904 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-10 13:08 - 2015-11-21 03:48 - 00052224 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-10 13:08 - 2015-11-21 02:28 - 03706880 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-10 13:08 - 2015-11-21 02:17 - 00035840 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-10 13:08 - 2015-11-21 02:16 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-10 13:08 - 2015-11-21 02:14 - 00409088 ____C (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-10 13:08 - 2015-11-21 02:14 - 00095744 ____C (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-10 13:08 - 2015-11-21 02:13 - 00897024 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-10 13:08 - 2015-11-21 02:12 - 02243584 ____C (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-10 13:08 - 2015-11-21 02:00 - 00029696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-10 13:08 - 2015-11-21 01:59 - 00124928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-10 13:08 - 2015-11-21 01:58 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-10 13:08 - 2015-11-21 01:57 - 00726528 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-10 13:08 - 2015-10-29 01:19 - 02775552 ____C (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-10 13:08 - 2015-10-29 00:59 - 02462720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-10 13:08 - 2015-10-11 16:04 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-10 13:08 - 2015-10-11 16:04 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-10 13:08 - 2015-10-11 16:04 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-10 13:08 - 2015-10-11 16:04 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-10 13:08 - 2015-10-11 16:04 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-10 13:08 - 2015-10-11 04:11 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-10 13:08 - 2015-10-11 04:11 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-10 13:08 - 2015-10-09 01:41 - 00060928 ____C (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-10 13:08 - 2015-10-09 01:20 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-10 13:08 - 2015-10-06 03:58 - 00146432 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-10 13:08 - 2015-10-06 03:55 - 00572928 ____C (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-09 11:14 - 2015-12-09 11:14 - 00001091 ____C C:\Users\Administration\Downloads\addineyeV2.html
2015-12-09 11:10 - 2015-12-09 11:11 - 16086737 ____C C:\Users\Administration\Downloads\Astrakhan May-June 2011.m4v (1).mp4
2015-12-09 11:10 - 2015-12-09 11:10 - 16086737 ____C C:\Users\Administration\Downloads\Astrakhan May-June 2011.m4v.mp4
2015-12-07 21:47 - 2015-12-31 08:14 - 00000000 ___DC C:\WINDOWS\System32\Tasks\Remediation
2015-12-02 12:16 - 2015-12-23 15:48 - 336658432 ____C C:\Users\Administration\Desktop\DCMI 2015.MYO
2015-12-01 16:47 - 2015-12-02 11:11 - 37945344 ____C C:\OP 2005 Upgraded 2015.MYO
2015-12-01 16:47 - 2015-12-02 11:11 - 00065536 ____C C:\OP 2005 Upgraded 2015.box
2015-12-01 16:32 - 2015-12-02 10:51 - 00065536 ____C C:\OP 2006 Upgraded 2015.box
2015-12-01 16:31 - 2015-12-02 10:51 - 54755328 ____C C:\OP 2006 Upgraded 2015.MYO

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-31 14:29 - 2013-11-21 15:23 - 00000000 ___DC C:\ProgramData\Norton
2015-12-31 14:29 - 2013-11-21 15:21 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2015-12-31 14:27 - 2013-08-22 23:06 - 00000000 ___DC C:\Windows
2015-12-31 14:25 - 2013-12-30 09:35 - 00003990 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FAB7F8E2-6A25-44AB-9292-69AF594BDFC9}
2015-12-31 14:15 - 2013-12-24 13:34 - 00000052 ____C C:\WINDOWS\BRPP2KA.INI
2015-12-31 13:59 - 2014-01-06 11:39 - 00000946 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-31 13:52 - 2015-06-16 10:41 - 00000986 ____C C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1913235342-3225301714-2944181721-1119UA.job
2015-12-31 13:31 - 2014-01-24 12:44 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-31 13:06 - 2013-11-21 14:24 - 00000160 _____ C:\WINDOWS\system32\config\netlogon.ftl
2015-12-31 09:52 - 2015-06-16 10:41 - 00000934 ____C C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1913235342-3225301714-2944181721-1119Core.job
2015-12-31 09:45 - 2013-12-24 16:06 - 00013846 __SHC C:\Users\Administration\.pr_stat_data
2015-12-31 09:35 - 2013-12-28 13:42 - 00000000 ___DC C:\Users\Administration
2015-12-31 09:35 - 2013-12-27 15:09 - 00000281 __SHC C:\Users\Administration\.pr_data
2015-12-31 09:16 - 2013-11-21 14:36 - 00000000 ___DC C:\Users\Administration\AppData\Local\Packages
2015-12-31 09:10 - 2013-12-27 15:04 - 00000000 ___DC C:\Users\Administration\Documents\My Library
2015-12-31 08:16 - 2013-11-14 22:13 - 00869412 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-31 08:16 - 2013-08-22 23:06 - 00000000 ___DC C:\WINDOWS\Inf
2015-12-31 08:12 - 2014-12-11 15:06 - 00000000 _SHDC C:\Users\Administration\IntelGraphicsProfiles
2015-12-31 08:12 - 2014-02-27 11:44 - 00000000 __RDC C:\Users\Administration\Dropbox
2015-12-31 08:12 - 2014-02-27 11:42 - 00000000 ___DC C:\Users\Administration\AppData\Roaming\Dropbox
2015-12-31 08:12 - 2014-01-06 11:39 - 00000942 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-31 08:11 - 2013-08-23 00:15 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-12-30 14:58 - 2013-12-24 12:27 - 00000426 ____C C:\WINDOWS\MYOBP.INI
2015-12-30 14:58 - 2013-12-24 12:27 - 00000039 ____C C:\WINDOWS\MYOB.INI
2015-12-30 14:42 - 2012-07-26 17:29 - 00000000 ___DC C:\WINDOWS\CbsTemp
2015-12-29 08:31 - 2014-01-24 12:44 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-26 18:18 - 2013-08-23 01:08 - 00826872 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-26 18:18 - 2013-08-23 01:08 - 00176632 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-24 14:55 - 2013-12-03 16:04 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1913235342-3225301714-2944181721-1119
2015-12-24 13:39 - 2013-12-31 08:19 - 00000000 ___DC C:\Users\Administration\AppData\Local\CrashDumps
2015-12-24 13:32 - 2013-08-23 01:06 - 00000000 __SDC C:\WINDOWS\Downloaded Program Files
2015-12-24 11:08 - 2014-02-13 17:28 - 00000000 ___DC C:\Users\Public\Downloads\Norton
2015-12-24 11:00 - 2013-12-31 15:54 - 00000000 ___DC C:\Users\Administration\AppData\Local\ElevatedDiagnostics
2015-12-24 09:47 - 2014-05-08 16:58 - 00001086 ____C C:\Users\Public\Desktop\VLC media player.lnk
2015-12-24 09:47 - 2013-12-24 15:53 - 00002061 ____C C:\Users\Public\Desktop\PressReader.lnk
2015-12-24 09:47 - 2013-12-24 12:23 - 00001570 ____C C:\Users\Public\Desktop\MYOB AccountRight Plus v19.lnk
2015-12-24 09:45 - 2014-08-05 11:33 - 00000000 ___DC C:\WINDOWS\system32\appmgmt
2015-12-24 09:45 - 2013-12-27 14:33 - 00001167 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-24 09:24 - 2013-08-23 01:06 - 00000000 ___DC C:\WINDOWS\system32\NDF
2015-12-24 08:47 - 2013-08-22 22:55 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-24 08:45 - 2013-08-22 22:55 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-22 10:54 - 2013-12-24 12:23 - 00000000 ___DC C:\Plus19
2015-12-22 09:46 - 2015-10-23 10:23 - 00000000 ___DC C:\Users\Administration\.oracle_jre_usage
2015-12-22 09:46 - 2014-08-05 11:43 - 00000000 ___DC C:\Users\Administration\AppData\Roaming\Oracle
2015-12-21 10:09 - 2014-01-20 16:53 - 00000000 ___DC C:\Users\Administration\AppData\Roaming\AUSkey
2015-12-17 17:21 - 2015-05-12 13:12 - 00000000 ___DC C:\Users\Administration\AppData\Roaming\Skype
2015-12-17 17:07 - 2015-05-12 13:12 - 00000000 ___DC C:\ProgramData\Skype
2015-12-17 17:07 - 2015-04-05 04:58 - 00000000 __SDC C:\WINDOWS\SysWOW64\GWX
2015-12-17 17:07 - 2015-04-05 04:58 - 00000000 __SDC C:\WINDOWS\system32\GWX
2015-12-17 08:02 - 2014-01-06 11:40 - 00002203 ____C C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 17:22 - 2013-12-30 15:49 - 00024862 ____C C:\Users\Administration\AppData\Roaming\Comma Separated Values.ADR
2015-12-16 12:09 - 2014-12-08 17:45 - 00001697 ____C C:\Users\Administration\Desktop\Residents V1.08 - Shortcut.lnk
2015-12-16 12:09 - 2014-10-09 11:22 - 00002166 ____C C:\Users\Administration\Desktop\EmergencyReliefFunding V2.6 - Shortcut.lnk
2015-12-16 12:09 - 2014-01-03 08:40 - 00002747 ____C C:\Users\Administration\Desktop\DCOCM Letterhead template.lnk
2015-12-16 12:09 - 2014-01-03 08:40 - 00002747 ____C C:\Users\Administration\Desktop\DCOCM A5 Letterhead Template.lnk
2015-12-14 15:02 - 2015-10-20 12:34 - 18350080 ____C C:\Users\Administration\Desktop\COC 2015.MYO
2015-12-14 09:04 - 2013-12-24 13:34 - 00000480 ____C C:\WINDOWS\BRWMARK.INI
2015-12-12 05:26 - 2013-12-03 15:53 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-12 05:26 - 2013-12-03 15:52 - 00000000 ___DC C:\ProgramData\Microsoft Help
2015-12-12 05:25 - 2012-07-26 14:56 - 00000167 ____C C:\WINDOWS\win.ini
2015-12-11 08:18 - 2013-08-23 00:14 - 04311632 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 03:53 - 2014-07-25 03:22 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-11 03:52 - 2014-01-16 08:19 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2015-12-11 03:52 - 2014-01-16 08:19 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 15:25 - 2013-08-23 01:06 - 00000000 ___DC C:\WINDOWS\SysWOW64\en-GB
2015-12-10 15:25 - 2013-08-23 01:06 - 00000000 ___DC C:\WINDOWS\system32\en-GB
2015-12-10 13:52 - 2013-11-21 14:55 - 00000000 ___DC C:\WINDOWS\system32\MRT
2015-12-10 13:50 - 2013-11-21 14:55 - 140158008 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-07 21:47 - 2015-06-11 07:08 - 00000000 ___DC C:\Program Files\Common Files\AV
2015-12-03 14:19 - 2014-01-06 11:39 - 00000000 ___DC C:\Users\Administration\AppData\Local\Google
2015-12-02 20:54 - 2014-01-06 11:39 - 00003918 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 20:54 - 2014-01-06 11:39 - 00003682 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2013-12-30 15:49 - 2015-12-16 17:22 - 0024862 ____C () C:\Users\Administration\AppData\Roaming\Comma Separated Values.ADR
2014-08-06 16:40 - 2014-08-13 08:30 - 0009432 ____C () C:\Users\Administration\AppData\Roaming\Comma Separated Values.EML
2013-12-03 15:59 - 2013-12-03 15:59 - 0007606 ____C () C:\Users\Administration\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Administration\AppData\Local\Temp\{16DD5937-8A6A-4e65-A874-E19C3B0708A5}_NBRTWizard__{D110E8A4-CBA8-4885-BBDE-ADDC46C7CEFF}.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-31 08:22

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by Administration (2015-12-31 14:29:36)
Running from C:\Users\Administration\Desktop
Windows 8.1 Pro (X64) (2013-12-28 04:37:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Admin (S-1-5-21-1839648308-3417406115-3898103215-1002 - Limited - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1839648308-3417406115-3898103215-500 - Administrator - Disabled)
Darwin (S-1-5-21-1839648308-3417406115-3898103215-1001 - Administrator - Enabled) => C:\Users\Darwin
Guest (S-1-5-21-1839648308-3417406115-3898103215-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AUSkey software 1.4.4 (HKLM-x32\...\{24D37B30-83B4-46A7-A691-30F2FCEAE58E}) (Version: 1.4.4 - ABR)
Corel Graphics - Windows Shell Extension (HKLM\...\_{2CDF0D0A-C58C-4136-9978-F029B2723B0D}) (Version: 16.4.0.1280 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.4.1280 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.4.1280 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Content (HKLM-x32\...\_{C221B72F-C0AC-4DD7-B27E-701B1E9DE23A}) (Version: 16.0 -  Corel Corporation)
CorelDRAW Graphics Suite X6 - Content (x32 Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - CS (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - CT (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.2 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM T3 (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - JP (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.7 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.7 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.4.1.1281 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.7 - Corel Corporation) Hidden
Dropbox (HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Licensing Service (03000201) (x32 Version: 03.00.02.15 - Protexis Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MYOB AccountRight Plus v19.9 (HKLM-x32\...\InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}) (Version: 19.9.0 - MYOB Technology Pty Ltd)
MYOB AccountRight Plus v19.9 (x32 Version: 19.9.0 - MYOB Technology Pty Ltd) Hidden
MYOB ODBC Direct v10 AUS (HKLM-x32\...\InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}) (Version: 10.1.0 - MYOB Technology Pty Ltd)
MYOB ODBC Direct v10 AUS (x32 Version: 10.1.0 - MYOB Technology Pty Ltd) Hidden
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.5.15 - Symantec Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFtk - The PDF Toolkit version 2.02 (HKLM-x32\...\{C65EA7B8-FC21-4896-AD44-9CE952BB1255}_is1) (Version: 2.02 - PDF Labs)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.12.0927.0 -  NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Server 2012 Essentials Connector (HKLM\...\{C1E4D639-4A33-4314-809E-89BD0EF48522}) (Version: 6.2.9805.6 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1913235342-3225301714-2944181721-1119_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Administration\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BB6FB11-D3C2-4133-AEC4-B0A607FECECD} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {212A1219-3FA9-42B9-AFA7-77F68E223415} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {31B836CB-5CC8-4444-B36B-59B5E60A5D47} - System32\Tasks\Microsoft\Windows\Windows Server\RenewClientCertificate => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {3E89D8DA-2997-4FC1-B2A8-43F85F3E5A68} - System32\Tasks\Microsoft\Windows\Windows Server\ConfigureRDPGroup => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {483B5695-B4DD-4C78-B8FC-326C8256CBB3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {4D7DEACB-B428-43BD-8F11-94F5448D42C6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {5673C877-5722-44B8-9228-4CDC677060AC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1913235342-3225301714-2944181721-1119UA => C:\Users\Administration\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {582DBD24-F544-43B8-A9D2-463145CA066B} - System32\Tasks\Microsoft\Windows\Windows Server\InstallAddIns => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {63319943-54A9-4B6B-A785-29D7CED8405F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6EAF90F5-35DE-4848-A2EC-16821DC340DA} - System32\Tasks\Microsoft\Windows\Windows Server\UploadCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {70761CE9-7571-4C1C-96A3-1BEEF02928E7} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {79B47685-A8C2-4BB0-93DC-1B943687CB79} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {7D56898B-DEE0-4073-95F2-487F1ADB4849} - System32\Tasks\Microsoft\Windows\Windows Server\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {824A7254-91EE-4FAC-97DE-32AB2E15A164} - System32\Tasks\Microsoft\Windows\Windows Server\Backup => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {8B290399-DF34-45F9-8A09-2F155B6A2700} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {8CD577A1-713F-4372-A431-C4D9FC1B1311} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {92C24A67-9842-4D76-BF10-13363002A216} - System32\Tasks\Microsoft\Windows\Windows Server\SaveCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {98C31793-A0C6-480D-9635-70E264ED7B0A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9E502F53-4074-4EA6-8355-A2AE8B9138E5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\WSCStub.exe [2015-11-23] (Symantec Corporation)
Task: {B639445F-3FD6-4730-B0BA-F825836D1168} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D2319C26-BD00-4D53-B5E8-D0E813ED2721} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {D7DA2E53-832B-46CC-A0F6-4337705624BF} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {DD05437E-DACD-4BF4-BA78-A6CBAA52E3E2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {E552BA73-0C51-4F6C-9931-296B561C7D7E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2015-11-23] (Symantec Corporation)
Task: {E5D5B88F-B5F3-4116-BA26-20FB0BDF6EDF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F7AFF4F7-0807-42E7-BF16-8BEA63CBB462} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1913235342-3225301714-2944181721-1119Core => C:\Users\Administration\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {FC63C82D-E0E9-4118-8078-4BC97C8C8CB0} - System32\Tasks\Microsoft\Windows\Windows Server\Health Definition Updates => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)
Task: {FE4A5010-E42E-4335-8077-C6C77A7A8D26} - System32\Tasks\Microsoft\Windows\Windows Server\RepaireVpnRoutes => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-09-07] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1913235342-3225301714-2944181721-1119Core.job => C:\Users\Administration\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1913235342-3225301714-2944181721-1119UA.job => C:\Users\Administration\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-12-28 13:41 - 2013-07-04 03:02 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 ____C () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-21 00:02 - 2015-08-09 04:50 - 00404376 ____C () C:\WINDOWS\system32\igfxTray.exe
2014-09-25 13:33 - 2014-09-25 13:33 - 02210480 ____C () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2015-10-13 15:10 - 2015-10-13 15:10 - 01428648 ____C () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2013-12-28 13:41 - 2015-12-31 08:11 - 00025088 ____C () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2013-12-28 13:41 - 2013-07-04 03:02 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-12-12 23:49 - 2015-10-31 10:29 - 00034768 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00019408 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00022848 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00023352 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00042296 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-12 23:49 - 2015-10-31 10:29 - 00116688 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 23:49 - 2015-10-31 10:29 - 00093640 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 23:49 - 2015-10-31 10:29 - 00018376 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00019760 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00105928 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-12 23:49 - 2015-10-31 10:29 - 00392144 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 23:49 - 2015-12-09 07:06 - 00381752 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 23:49 - 2015-10-31 10:29 - 00692688 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00020816 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00109520 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 01737032 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00020808 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00020800 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00021840 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00038696 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00024528 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00020936 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00114640 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00021320 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00124880 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00030160 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00043472 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00175560 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00028616 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00024016 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00048592 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00024392 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00036296 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 23:49 - 2015-10-31 10:30 - 00024016 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00117056 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00023376 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 23:49 - 2015-10-31 10:29 - 00134608 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-12 23:49 - 2015-10-31 10:29 - 00134088 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00240584 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00020280 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00052024 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00021304 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00350152 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00084792 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-12 23:49 - 2015-12-09 07:06 - 01826608 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 23:49 - 2015-10-31 10:30 - 00083912 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 03891504 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 01950000 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00519984 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00133936 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00225080 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00207672 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00024904 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00486704 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-12 23:49 - 2015-12-09 07:06 - 00357680 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-05 07:15 - 2015-10-31 10:31 - 00019920 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-05 07:15 - 2015-10-31 10:30 - 00786904 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 16:15 - 2015-10-31 10:30 - 00063448 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-05 07:15 - 2015-10-31 10:30 - 00019408 ____C () C:\Users\Administration\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 22:55 - 2013-08-22 22:55 - 00000824 ____C C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\Control Panel\Desktop\\Wallpaper -> C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.20 - 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1913235342-3225301714-2944181721-1119\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0E0FEA9A-9C61-4578-B42E-51A67E4B7586}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{78497442-D94B-496C-9317-DA91CA062845}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CC32921E-0E48-4A8D-8F56-00AE839E9C77}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{58D32FFE-792A-43D6-A615-0EDC1D93E9E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{CA0FA9F4-4AFD-46E2-959A-31D0DD514FAF}] => (Allow) C:\Users\Administration\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{35474D00-1605-4060-9335-56B558A1C02A}] => (Allow) C:\Users\Administration\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6982E29E-BAEF-465D-BC84-7805BD8E8ACB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7D7FECAD-04CE-47E6-A266-A88AC7634F29}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{635D00B1-D9CA-483C-AFB6-DDB2F42C1B49}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{038D924A-75AC-4AE8-8D89-8D48BD5B204B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{09C4B17A-09C3-465D-9DAE-7D8B31ED711C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{43363A21-0CD0-418E-8479-6D4C9BAEAC4F}C:\users\administration\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\administration\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{00D735C8-ADBE-4045-8884-31AB9592B32E}C:\users\administration\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\administration\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2FE5DB51-4841-4EC3-A20E-BCA5427B05A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{55DB3CC6-482E-44C5-A94D-EC93831E6171}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9075180C-FEEB-4E65-BB7E-816A91B28967}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A174C65D-E49E-4C38-A642-012D96699478}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2015 08:31:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/30/2015 02:42:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/30/2015 11:42:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/30/2015 10:02:13 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/30/2015 09:44:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/30/2015 09:23:34 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/30/2015 09:23:34 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/30/2015 09:19:17 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/30/2015 09:19:12 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/29/2015 02:25:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 15.0.4779.1001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 788

Start Time: 01d141f4f982158a

Termination Time: 26

Application Path: C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE

Report Id: 4ac95fed-ade8-11e5-bfb9-74d02b7a3b02

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (12/31/2015 11:47:37 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/31/2015 11:36:39 AM) (Source: DCOM) (EventID: 10010) (User: DARWINCHRISTIAN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/31/2015 10:01:52 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (12/31/2015 08:11:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (12/31/2015 08:11:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:38:54 on ‎30/‎12/‎2015 was unexpected.

Error: (12/31/2015 08:11:42 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256843963232

Error: (12/30/2015 05:06:28 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (12/30/2015 05:06:28 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (12/30/2015 05:06:27 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (12/30/2015 05:06:27 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 35%
Total physical RAM: 7875.95 MB
Available physical RAM: 5114.45 MB
Total Virtual: 9091.95 MB
Available Virtual: 5844.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.38 GB) (Free:1.41 GB) NTFS
Drive d: (Storage) (Fixed) (Total:455.99 GB) (Free:433.48 GB) NTFS
Drive e: (Lexar) (Removable) (Total:7.32 GB) (Free:0.12 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 83DEA43B)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=149 MB) - (Type=DE)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)

==================== End of Addition.txt ============================



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:23 AM

Posted 31 December 2015 - 10:39 AM

Happy New Year!
 

I do have a question about an error that pops up on start-up

 
I am sorry, not my cup of tea. :)
 
Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
    2015-12-22 09:46 - 2015-12-22 09:46 - 00000000 ___DC C:\Users\Administration\Desktop\Invoice
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
No need to post the log!
 

cleandeeprybka.gif


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif(you can donate in your local currency)
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated:
 

Java 8 Update 65



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:23 AM

Posted 02 January 2016 - 04:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users