Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple instances of iexplorer.exe


  • This topic is locked This topic is locked
24 replies to this topic

#1 Vakarelov

Vakarelov

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 24 October 2014 - 12:22 PM

Hello,

 

Recently I noticed that the computer is running multiple intances of iexplorer.exe. The processes seem to do nothing. A new one gets started every few muntes or so by cvshost with PID that does not appear in the task list.

 

I have tried may malware/virus removal tools.

 

Here is the log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.71.2
Run by Orlin Vakarelov at 12:40:37 on 2014-10-24
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3933.647 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\System32\rpcnetp.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\FolderSize\FolderSize.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\System Explorer\SystemExplorer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Box\Box Sync\BoxSync.exe
C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\prevhost.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\LyX 2.0\bin\lyx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\IPS\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: <No Name>:  - LocalServer32 - <no file>
uRun: [Folder Size] C:\Program Files\FolderSize\FolderSize.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Orlin Vakarelov\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -update plugin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
mRun: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
mRun: [SystemExplorerAutoStart] "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\ORLINV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:1
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8D733903-BBE3-437B-9F14-E9E2B73FC291} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8D733903-BBE3-437B-9F14-E9E2B73FC291}\2456C6B696E6F535F607869616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{8D733903-BBE3-437B-9F14-E9E2B73FC291}\24F626546716E637055726C69636 : DHCPNameServer = 184.16.4.22 198.224.152.119 184.16.33.54
TCP: Interfaces\{8D733903-BBE3-437B-9F14-E9E2B73FC291}\64F657270205F696E6473702745756374737 : DHCPNameServer = 172.31.1.1 64.59.168.13 8.8.8.8
TCP: Interfaces\{C8114805-FD75-4D76-99AD-66906B6A04D2} : DHCPNameServer = 192.168.42.129
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
AppInit_DLLs= C:\Windows\System32\actuser.dll actuser.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [BoxSync] "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Orlin Vakarelov\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Orlin Vakarelov\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\Orlin Vakarelov\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-5-20 56208]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymDS64.sys [2013-5-25 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymEFA64.sys [2013-5-25 1139800]
R1 acnamfd;Cisco AnyConnect Network Access Manager Filter Driver;C:\Windows\System32\drivers\acnamfd.sys [2014-7-21 55664]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [2014-9-12 1586904]
R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC};Symantec Endpoint Protection 12.1.3001.165.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [2013-5-25 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20141022.012\IDSvia64.sys [2014-10-23 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.sys [2013-5-25 224416]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\symnets.sys [2013-5-25 433752]
R3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2013-1-24 112496]
R3 acwebsecagent;Cisco AnyConnect Web Security Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe [2014-6-10 1001384]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-8-22 266240]
R3 cleanhlp;cleanhlp;C:\EEK\bin\cleanhlp64.sys [2014-10-22 57024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-21 142640]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-19 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2009-7-13 64160]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S3 BoxSyncUpdateService;Box Sync Update Service;C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [2014-9-24 28696]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-22 103064]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-15 410008]
S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-15 102808]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-3-4 5430272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-18 20992]
S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2013-10-14 23968]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-22 203672]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SyDvCtrl64.sys [2013-5-25 34800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-18 59392]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2013-12-25 16384]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-10-24 15:59:43    --------    d-----w-    C:\FRST
2014-10-24 14:43:47    --------    d-----w-    C:\Users\Orlin Vakarelov\AppData\Local\CrashDumps
2014-10-24 13:26:39    --------    d-----w-    C:\Users\Orlin Vakarelov\AppData\Local\rohitab.com
2014-10-24 13:24:09    --------    d-----w-    C:\Program Files\rohitab.com
2014-10-24 13:23:47    --------    d-----w-    C:\Users\Orlin Vakarelov\AppData\Local\Downloaded Installations
2014-10-22 19:43:48    --------    d-----w-    C:\EEK
2014-10-22 13:31:47    37624    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-10-22 13:31:42    --------    d-----w-    C:\ProgramData\RogueKiller
2014-10-20 19:29:07    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-10-20 17:47:24    --------    d-----w-    C:\Windows\ERUNT
2014-10-20 13:35:10    98816    ----a-w-    C:\Windows\sed.exe
2014-10-20 13:35:10    256000    ----a-w-    C:\Windows\PEV.exe
2014-10-20 13:35:10    208896    ----a-w-    C:\Windows\MBR.exe
2014-10-20 13:11:36    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-17 17:55:39    --------    d-----w-    C:\Users\Orlin Vakarelov\AppData\Roaming\ABBYY
2014-10-17 17:36:33    --------    d-----w-    C:\Users\Orlin Vakarelov\AppData\Local\ABBYY
2014-10-17 17:36:33    --------    d-----w-    C:\Program Files (x86)\ABBYY FineReader 12
2014-10-17 17:34:57    --------    d-----w-    C:\ProgramData\ABBYY
2014-10-08 18:06:40    499712    ------w-    C:\Windows\SysWow64\msvcp71.dll
2014-10-08 18:06:40    348160    ------w-    C:\Windows\SysWow64\msvcr71.dll
.
==================== Find3M  ====================
.
2014-10-20 21:37:55    17920    ----a-w-    C:\Windows\SysWow64\rpcnetp.dll
2014-10-20 21:33:11    17920    ----a-w-    C:\Windows\SysWow64\rpcnetp.exe
2014-10-20 21:33:11    17920    ----a-w-    C:\Windows\System32\rpcnetp.exe
2014-09-10 17:04:22    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 17:04:22    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-18 22:29:49    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53    5833728    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55    4232704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17    2104832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13    2310656    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-18 21:08:54    2014208    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-08-01 11:53:22    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
.
============= FINISH: 12:43:17.88 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:27 PM

Posted 29 October 2014 - 09:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 Vakarelov

Vakarelov
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 29 October 2014 - 10:48 AM

Dear nasdaq,

 

Thank you! Here are the files:

 

# AdwCleaner v4.002 - Report created 29/10/2014 at 11:20:09
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Orlin Vakarelov - VAKLAP2
# Running from : C:\Users\Orlin Vakarelov\AppData\Local\Temp\mozOpenDownload\adwcleaner_4.002.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Windows\System32\roboot64.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [1800 octets] - [29/10/2014 11:12:36]
AdwCleaner[S0].txt - [1728 octets] - [29/10/2014 11:20:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1788 octets] ##########
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01
Ran by Orlin Vakarelov (administrator) on VAKLAP2 on 29-10-2014 11:31:24
Running from S:\Softwere\Antivirus\Virus Scans
Loaded Profile: Orlin Vakarelov (Available profiles: Orlin Vakarelov)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
() C:\Windows\System32\rpcnetp.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
() C:\Program Files\Everything\Everything.exe
(Brio) C:\Program Files\FolderSize\FolderSize.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Users\Orlin Vakarelov\AppData\Local\Google\Update\GoogleUpdate.exe
(Dropbox, Inc.) C:\Users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Farbar) \\STOREGE2\Data\Softwere\Antivirus\Virus Scans\frst64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5571144 2014-10-13] (Box, Inc.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-05] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3830632 2014-07-28] (Mister Group)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2530832876-4176528664-1138455990-1001\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-13] (Brio)
HKU\S-1-5-21-2530832876-4176528664-1138455990-1001\...\Run: [Google Update] => C:\Users\Orlin Vakarelov\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-13] (Google Inc.)
AppInit_DLLs: C:\Windows\System32\actuser.dll => C:\Windows\System32\actuser.dll [93096 2014-06-10] (Cisco Systems, Inc.)
AppInit_DLLs:  actuser.dll => C:\Windows\system32\actuser.dll [93096 2014-06-10] (Cisco Systems, Inc.)
AppInit_DLLs-x32: C:\Windows\System32\actuser.dll => C:\Windows\SysWOW64\actuser.dll [64936 2014-06-10] (Cisco Systems, Inc.)
AppInit_DLLs-x32:  actuser.dll => C:\Windows\SysWOW64\actuser.dll [64936 2014-06-10] (Cisco Systems, Inc.)
Startup: C:\Users\Orlin Vakarelov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0000BoxSyncFileLocked] -> {472d7e0f-709e-3d42-adf8-3ccc2f0ed21c} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncNotSynced] -> {697ea78e-7d56-3e3d-9463-70807d4e6c6c} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncProblem] -> {d9161200-fd91-3d5f-91bf-3b63c48f2ee4} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncSynced] -> {3e98134b-38c1-3752-87b3-7dc5a5c95620} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2F91E3942454CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "backup.ftp", "201.144.252.115"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "201.144.252.115"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "201.144.252.115"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "201.148.23.30"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "201.148.23.30"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "201.148.23.30"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "201.148.23.30"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Users\Orlin Vakarelov\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Orlin Vakarelov\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Orlin Vakarelov\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Orlin Vakarelov\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Orlin Vakarelov\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Orlin Vakarelov\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\searchplugins\philpapers.xml
FF SearchPlugin: C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\searchplugins\youtube.xml
FF Extension: LyZ - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\lyz@zotero.org [2013-05-19]
FF Extension: Item History for Zotero - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\zotero-item-history@mystery-lab.com [2014-06-13]
FF Extension: Zotero - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\zotero@chnm.gmu.edu [2013-05-19]
FF Extension: Zotero Word for Windows Integration - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\zoteroWinWordIntegration@zotero.org [2014-09-05]
FF Extension: FireShot - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-28]
FF Extension: OpenDownload² - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\{210249CE-F888-11DD-B868-4CB456D89593} [2014-08-01]
FF Extension: iMacros for Firefox - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-10-22]
FF Extension: DownloadHelper - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Add to Amazon Wish List Button - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\amznUWL2@amazon.com.xpi [2013-05-19]
FF Extension: Autofill Forms - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\autofillForms@blueimp.net.xpi [2013-05-19]
FF Extension: Craigslist Peek - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\craigslistpeek@tech4computer.xpi [2013-05-19]
FF Extension: MEGA - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\firefox@mega.co.nz.xpi [2013-11-30]
FF Extension: SpeechUtil - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\listen@speechutli.com.xpi [2013-05-19]
FF Extension: Multi Links - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\multilinks@plugin.xpi [2013-05-19]
FF Extension: Paste Email Plus - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\pasteemailplus@guid.customsoftwareconsult.com.xpi [2013-07-24]
FF Extension: Smart Referer - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\smart-referer@meh.paranoid.pk.xpi [2013-05-19]
FF Extension: Test Pilot - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-05-19]
FF Extension: TinEye Reverse Image Search - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\tineye@ideeinc.com.xpi [2013-07-19]
FF Extension: Zotero Scholar Citations - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\zoteroscholarcitations@beloglazov.info.xpi [2013-05-19]
FF Extension: FlashGot - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-05-19]
FF Extension: NoScript - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-05-19]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-05-19]
FF Extension: Adblock Plus - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-19]
FF Extension: DownThemAll! - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-05-19]
FF Extension: Greasemonkey - C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-19]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF [2013-10-03]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48"
CHR Profile: C:\Users\Orlin Vakarelov\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (My Shortcuts) - C:\Users\Orlin Vakarelov\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcpobipejlbogodeiendpdgcdambjgo [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Orlin Vakarelov\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 acwebsecagent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe [1001384 2014-06-10] (Cisco Systems, Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2014-09-24] (Box, Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ciscod.exe; C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe [71592 2014-06-10] (Cisco Systems, Inc.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe [7599616 2009-08-18] () [File not signed]
R2 nam; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe [872872 2014-06-10] (Cisco Systems, Inc.)
R2 namlm; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe [275368 2014-06-10] (Cisco Systems, Inc.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368 2013-05-25] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe [2316184 2013-05-25] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe [334736 2013-05-25] (Symantec Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 acnamfd; C:\Windows\System32\DRIVERS\acnamfd.sys [55664 2014-06-10] (Cisco Systems, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC}; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [169048 2013-05-25] (Symantec Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-22] (Emsisoft GmbH)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-12] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20141028.011\IDSvia64.sys [525016 2014-05-12] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20141028.016\ENG64.SYS [129752 2014-08-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20141028.016\EX64.SYS [2137304 2014-08-22] (Symantec Corporation)
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [64160 2009-07-13] (O2Micro )
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [23968 2013-02-07] (Resplendence Software Projects Sp.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSP64.SYS [796760 2013-05-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSPX64.SYS [36952 2013-05-25] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SyDvCtrl64.sys [34800 2013-05-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMDS64.SYS [493656 2013-05-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMEFA64.SYS [1139800 2013-05-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-09-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.SYS [224416 2013-05-25] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMNETS.SYS [433752 2013-05-25] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159472 2013-09-28] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [91944 2013-05-25] (Symantec Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-10] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 11:12 - 2014-10-29 11:20 - 00000000 ____D () C:\AdwCleaner
2014-10-26 18:18 - 2014-10-26 18:21 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Roaming\Add-in Express
2014-10-26 18:17 - 2014-10-26 18:17 - 13360477 _____ () C:\Users\Orlin Vakarelov\Downloads\merge-tables-excel-v3-3-11-849.zip
2014-10-26 18:08 - 2014-10-26 18:08 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Roaming\Prodiance
2014-10-24 13:41 - 2014-10-24 13:50 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Roaming\Everything
2014-10-24 13:41 - 2014-10-24 13:41 - 00000993 _____ () C:\Users\Orlin Vakarelov\Desktop\Search Everything.lnk
2014-10-24 13:41 - 2014-10-24 13:41 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2014-10-24 13:41 - 2014-10-24 13:41 - 00000000 ____D () C:\Program Files\Everything
2014-10-24 12:37 - 2014-10-24 12:43 - 00022402 _____ () C:\Users\Orlin Vakarelov\Desktop\dds.txt
2014-10-24 12:37 - 2014-10-24 12:43 - 00008776 _____ () C:\Users\Orlin Vakarelov\Desktop\attach.txt
2014-10-24 11:59 - 2014-10-29 11:31 - 00000000 ____D () C:\FRST
2014-10-24 11:43 - 2014-10-24 11:45 - 00001372 _____ () C:\Users\Orlin Vakarelov\Desktop\Kill iExplorer.lnk
2014-10-24 10:43 - 2014-10-24 10:43 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Local\CrashDumps
2014-10-24 09:26 - 2014-10-24 09:26 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Local\rohitab.com
2014-10-24 09:24 - 2014-10-24 09:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rohitab.com
2014-10-24 09:24 - 2014-10-24 09:24 - 00000000 ____D () C:\Program Files\rohitab.com
2014-10-24 09:23 - 2014-10-24 09:23 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Local\Downloaded Installations
2014-10-22 15:44 - 2014-10-22 15:44 - 00000743 _____ () C:\Users\Orlin Vakarelov\Desktop\Start Emsisoft Emergency Kit.lnk
2014-10-22 15:43 - 2014-10-22 15:45 - 00000000 ____D () C:\EEK
2014-10-22 09:31 - 2014-10-22 10:16 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-22 09:31 - 2014-10-22 09:31 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-20 15:28 - 2014-10-20 15:28 - 00030170 _____ () C:\ComboFix.txt
2014-10-20 14:12 - 2014-10-20 14:12 - 00001979 _____ () C:\Users\Orlin Vakarelov\Desktop\JRT.txt
2014-10-20 13:47 - 2014-10-20 13:47 - 00000000 ____D () C:\Windows\ERUNT
2014-10-20 13:44 - 2014-10-20 13:46 - 00002838 _____ () C:\Users\Orlin Vakarelov\Desktop\Rkill.txt
2014-10-20 09:35 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-20 09:35 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-20 09:35 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-20 09:35 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-20 09:35 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-20 09:35 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-20 09:35 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-20 09:35 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-20 09:33 - 2014-10-20 15:28 - 00000000 ____D () C:\Qoobox
2014-10-20 09:32 - 2014-10-20 15:19 - 00000000 ____D () C:\Windows\erdnt
2014-10-20 09:27 - 2014-10-24 12:34 - 00000000 ____D () C:\Users\Orlin Vakarelov\Desktop\Virus Scans
2014-10-20 09:26 - 2013-05-21 09:43 - 00001028 _____ () C:\Windows\system32\Drivers\etc\hosts - Copy
2014-10-20 09:12 - 2014-10-20 09:11 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-20 09:11 - 2014-10-20 09:11 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-20 09:11 - 2014-10-20 09:11 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-20 09:11 - 2014-10-20 09:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-20 09:11 - 2014-10-20 09:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 13:55 - 2014-10-17 13:55 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Roaming\ABBYY
2014-10-17 13:43 - 2014-10-17 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 12
2014-10-17 13:36 - 2014-10-17 13:52 - 00000000 ____D () C:\Program Files (x86)\ABBYY FineReader 12
2014-10-17 13:36 - 2014-10-17 13:36 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Local\ABBYY
2014-10-17 13:34 - 2014-10-17 13:34 - 00000000 ____D () C:\ProgramData\ABBYY
2014-10-17 13:22 - 2014-10-17 13:06 - 333425504 _____ (ABISMAL) C:\Users\Orlin Vakarelov\Downloads\ABBYY FineReader 12.0.101.264 Professional RePack by ABISMAL888.exe
2014-10-17 09:55 - 2014-10-17 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-17 09:55 - 2014-10-17 09:55 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-17 09:37 - 2014-10-17 09:37 - 00068606 _____ () C:\Users\Orlin Vakarelov\Desktop\provider_for_google_calendar-1.0.1-tb+sm.xpi
2014-10-17 09:33 - 2014-10-17 09:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-17 09:31 - 2014-10-17 09:31 - 00114328 _____ () C:\Users\Orlin Vakarelov\Desktop\provider_for_google_calendar-0.32-tb+sm.xpi
2014-10-08 14:06 - 2003-03-18 20:14 - 00499712 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-10-08 14:06 - 2003-02-21 04:42 - 00348160 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 11:36 - 2013-05-18 18:08 - 01727512 _____ () C:\Windows\WindowsUpdate.log
2014-10-29 11:36 - 2009-07-14 00:45 - 00014544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-29 11:36 - 2009-07-14 00:45 - 00014544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-29 11:30 - 2009-07-14 00:51 - 00684098 _____ () C:\Windows\setupact.log
2014-10-29 11:27 - 2014-07-28 12:25 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Local\Box Sync
2014-10-29 11:27 - 2013-05-19 12:20 - 00000000 ___RD () C:\Users\Orlin Vakarelov\Documents\Dropbox
2014-10-29 11:27 - 2013-05-19 10:01 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Roaming\Dropbox
2014-10-29 11:25 - 2013-07-11 14:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-29 11:25 - 2013-05-20 03:26 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-10-29 11:24 - 2013-05-20 03:25 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-10-29 11:24 - 2013-05-19 09:17 - 00047402 _____ () C:\Windows\PFRO.log
2014-10-29 11:24 - 2013-05-18 18:05 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2014-10-29 11:24 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-29 11:21 - 2013-11-11 14:39 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530832876-4176528664-1138455990-1001UA.job
2014-10-29 11:21 - 2013-07-11 14:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-29 11:20 - 2013-11-30 14:45 - 00000398 __RSH () C:\ProgramData\ntuser.pol
2014-10-29 11:10 - 2013-12-22 12:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-29 10:17 - 2014-07-23 11:51 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Local\Audible
2014-10-29 09:21 - 2013-11-11 14:38 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530832876-4176528664-1138455990-1001Core.job
2014-10-29 02:22 - 2013-05-18 20:20 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Roaming\Mozilla
2014-10-29 02:00 - 2014-06-16 15:42 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Local\Adobe
2014-10-24 13:51 - 2013-05-19 15:54 - 00002286 ____H () C:\Users\Orlin Vakarelov\Documents\Default.rdp
2014-10-24 13:51 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-24 13:04 - 2013-12-22 12:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-24 13:04 - 2013-12-22 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-24 13:04 - 2013-12-22 12:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-24 09:16 - 2013-11-11 14:39 - 00003942 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2530832876-4176528664-1138455990-1001UA
2014-10-24 09:16 - 2013-11-11 14:38 - 00003546 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2530832876-4176528664-1138455990-1001Core
2014-10-24 09:16 - 2013-07-11 14:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 09:16 - 2013-07-11 14:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 09:26 - 2013-05-20 23:04 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-10-22 09:26 - 2013-05-20 23:04 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-10-22 09:26 - 2013-05-20 23:04 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-10-22 09:26 - 2013-05-20 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-10-20 20:12 - 2014-07-28 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2014-10-20 20:10 - 2013-10-15 14:31 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-20 17:33 - 2013-05-18 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-20 15:28 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-10-20 15:18 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-20 15:16 - 2013-10-30 08:52 - 00000000 ____D () C:\Program Files (x86)\Sleeper
2014-10-20 09:13 - 2013-11-03 09:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-17 10:00 - 2013-06-05 08:57 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Roaming\Skype
2014-10-17 09:57 - 2013-06-05 08:56 - 00000000 ____D () C:\ProgramData\Skype
2014-10-17 09:55 - 2014-07-21 11:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-17 09:40 - 2013-05-19 10:00 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Local\Thunderbird
2014-10-16 07:58 - 2013-12-17 18:40 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-15 19:12 - 2014-08-22 10:37 - 00000336 _____ () C:\Windows\BRCALIB.INI
2014-10-14 11:35 - 2013-05-19 15:55 - 00000000 ____D () C:\Users\Orlin Vakarelov\Documents\books
2014-10-14 11:17 - 2013-05-19 16:41 - 00000000 ____D () C:\Users\Orlin Vakarelov\Documents\My Digital Editions
2014-10-13 12:41 - 2013-05-19 13:02 - 00007612 _____ () C:\Users\Orlin Vakarelov\AppData\Local\Resmon.ResmonCfg
2014-10-13 12:11 - 2014-05-26 15:31 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-10-10 09:10 - 2013-05-22 16:50 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-10-08 14:10 - 2014-07-23 09:34 - 00000000 ____D () C:\Program Files (x86)\Audible
2014-10-08 14:07 - 2014-07-23 09:34 - 00001969 _____ () C:\Users\Orlin Vakarelov\Desktop\Audible Manager.lnk
2014-10-08 14:06 - 2014-07-23 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2014-10-08 13:33 - 2013-05-24 13:41 - 00000000 ____D () C:\Users\Orlin Vakarelov\AppData\Roaming\vlc
2014-10-07 15:54 - 2013-05-19 16:41 - 00000000 ____D () C:\Users\Orlin Vakarelov\Documents\My Kindle Content
2014-10-01 13:21 - 2013-12-22 09:59 - 00000000 ____D () C:\Program Files (x86)\Team MediaPortal

Some content of TEMP:
====================
C:\Users\Orlin Vakarelov\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Orlin Vakarelov\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdnoiot.dll
C:\Users\Orlin Vakarelov\AppData\Local\Temp\Quarantine.exe
C:\Users\Orlin Vakarelov\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-28 20:20

==================== End Of Log ============================

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:27 PM

Posted 29 October 2014 - 01:30 PM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKLM-x32\...\Run: [] => [X]
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48"
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\Windows\system32\autochk.exe:BAK
AlternateDataStreams: C:\Program Files\Common Files\System:Tg15TQZbwiQUmcAyPPkI03tXrT
AlternateDataStreams: C:\ProgramData\Microsoft:Et2LwZYsG0yMhAKW0ExF7x0Mtz
AlternateDataStreams: C:\ProgramData\Microsoft:nMp0yBRpqUci1cTAmbIM8
AlternateDataStreams: C:\ProgramData\TEMP:A303874

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#5 Vakarelov

Vakarelov
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 29 October 2014 - 05:57 PM

HI,

 

I ran the programs. I still get iexplorer.exe starting. There are four instances in the last 50 minuts, since the restart.

 

Here are the needed logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-10-2014 01
Ran by Orlin Vakarelov at 2014-10-29 17:50:41 Run:1
Running from C:\Users\Orlin Vakarelov\Desktop\Virus Scans
Loaded Profile: Orlin Vakarelov (Available profiles: Orlin Vakarelov)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM-x32\...\Run: [] => [X]
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48"
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\Windows\system32\autochk.exe:BAK
AlternateDataStreams: C:\Program Files\Common Files\System:Tg15TQZbwiQUmcAyPPkI03tXrT
AlternateDataStreams: C:\ProgramData\Microsoft:Et2LwZYsG0yMhAKW0ExF7x0Mtz
AlternateDataStreams: C:\ProgramData\Microsoft:nMp0yBRpqUci1cTAmbIM8
AlternateDataStreams: C:\ProgramData\TEMP:A303874

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
catchme => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
"C:\Windows\system32\autochk.exe" => ":BAK" ADS not found.
C:\Program Files\Common Files\System => ":Tg15TQZbwiQUmcAyPPkI03tXrT" ADS removed successfully.
C:\ProgramData\Microsoft => ":Et2LwZYsG0yMhAKW0ExF7x0Mtz" ADS removed successfully.
C:\ProgramData\Microsoft => ":nMp0yBRpqUci1cTAmbIM8" ADS removed successfully.
"C:\ProgramData\TEMP" => ":A303874" ADS not found.

==== End of Fixlog ====

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Symantec Endpoint Protection   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 71  
 Java version out of Date!
 Adobe Flash Player 15.0.0.189  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
 Mozilla Thunderbird (31.2.0)
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Orlin Vakarelov Desktop Virus Scans SecurityCheck.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:27 PM

Posted 30 October 2014 - 08:50 AM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#7 Vakarelov

Vakarelov
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 30 October 2014 - 03:58 PM

11:59:27.0176 0x1578  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
12:00:04.0209 0x1578  ============================================================
12:00:04.0209 0x1578  Current date / time: 2014/10/30 12:00:04.0209
12:00:04.0209 0x1578  SystemInfo:
12:00:04.0209 0x1578  
12:00:04.0209 0x1578  OS Version: 6.1.7601 ServicePack: 1.0
12:00:04.0209 0x1578  Product type: Workstation
12:00:04.0209 0x1578  ComputerName: VAKLAP2
12:00:04.0210 0x1578  UserName: Orlin Vakarelov
12:00:04.0210 0x1578  Windows directory: C:\Windows
12:00:04.0210 0x1578  System windows directory: C:\Windows
12:00:04.0210 0x1578  Running under WOW64
12:00:04.0210 0x1578  Processor architecture: Intel x64
12:00:04.0210 0x1578  Number of processors: 2
12:00:04.0210 0x1578  Page size: 0x1000
12:00:04.0210 0x1578  Boot type: Normal boot
12:00:04.0210 0x1578  ============================================================
12:00:07.0152 0x1578  KLMD registered as C:\Windows\system32\drivers\30730612.sys
12:00:07.0572 0x1578  System UUID: {8A03866F-FDB2-6F11-3C76-5C6DD2F92C24}
12:00:08.0569 0x1578  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:00:08.0580 0x1578  ============================================================
12:00:08.0580 0x1578  \Device\Harddisk0\DR0:
12:00:08.0580 0x1578  MBR partitions:
12:00:08.0580 0x1578  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F10C0, BlocksNum 0x56216740
12:00:08.0580 0x1578  ============================================================
12:00:08.0668 0x1578  C: <-> \Device\Harddisk0\DR0\Partition1
12:00:08.0668 0x1578  ============================================================
12:00:08.0669 0x1578  Initialize success
12:00:08.0669 0x1578  ============================================================
12:00:28.0567 0x096c  ============================================================
12:00:28.0567 0x096c  Scan started
12:00:28.0567 0x096c  Mode: Manual;
12:00:28.0567 0x096c  ============================================================
12:00:28.0567 0x096c  KSN ping started
12:00:29.0136 0x096c  KSN ping finished: true
12:00:31.0467 0x096c  ================ Scan system memory ========================
12:00:31.0467 0x096c  System memory - ok
12:00:31.0468 0x096c  ================ Scan services =============================
12:00:31.0641 0x096c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:00:31.0652 0x096c  1394ohci - ok
12:00:31.0731 0x096c  [ F7E8CCA186531AA605320E570304B4E9, 130F311F5A96078BD19FB5869C55647EC32B7463438184DE6920AE5726A9372D ] acnamfd         C:\Windows\system32\DRIVERS\acnamfd.sys
12:00:31.0735 0x096c  acnamfd - ok
12:00:31.0783 0x096c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:00:31.0811 0x096c  ACPI - ok
12:00:31.0825 0x096c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:00:31.0829 0x096c  AcpiPmi - ok
12:00:31.0866 0x096c  [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
12:00:31.0873 0x096c  acsock - ok
12:00:31.0973 0x096c  [ 14C56C0BFBDFD10B572F6D05E9ED8D0B, 62F3DB354DAD21394D6985243B2525C0EC0E18F0C90041F90F2E7AF349043EF9 ] acwebsecagent   C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe
12:00:32.0009 0x096c  acwebsecagent - ok
12:00:32.0077 0x096c  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:00:32.0081 0x096c  AdobeARMservice - ok
12:00:32.0216 0x096c  [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:00:32.0226 0x096c  AdobeFlashPlayerUpdateSvc - ok
12:00:32.0271 0x096c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:00:32.0322 0x096c  adp94xx - ok
12:00:32.0359 0x096c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:00:32.0384 0x096c  adpahci - ok
12:00:32.0407 0x096c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:00:32.0427 0x096c  adpu320 - ok
12:00:32.0556 0x096c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:00:32.0559 0x096c  AeLookupSvc - ok
12:00:32.0675 0x096c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
12:00:32.0697 0x096c  AFD - ok
12:00:32.0772 0x096c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:00:32.0778 0x096c  agp440 - ok
12:00:32.0807 0x096c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:00:32.0812 0x096c  ALG - ok
12:00:32.0854 0x096c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:00:32.0857 0x096c  aliide - ok
12:00:32.0890 0x096c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:00:32.0893 0x096c  amdide - ok
12:00:32.0920 0x096c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:00:32.0924 0x096c  AmdK8 - ok
12:00:32.0948 0x096c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:00:32.0952 0x096c  AmdPPM - ok
12:00:33.0005 0x096c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:00:33.0011 0x096c  amdsata - ok
12:00:33.0043 0x096c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:00:33.0053 0x096c  amdsbs - ok
12:00:33.0071 0x096c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:00:33.0074 0x096c  amdxata - ok
12:00:33.0136 0x096c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
12:00:33.0140 0x096c  AppID - ok
12:00:33.0149 0x096c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:00:33.0153 0x096c  AppIDSvc - ok
12:00:33.0198 0x096c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
12:00:33.0203 0x096c  Appinfo - ok
12:00:33.0300 0x096c  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:00:33.0304 0x096c  Apple Mobile Device - ok
12:00:33.0357 0x096c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:00:33.0367 0x096c  AppMgmt - ok
12:00:33.0385 0x096c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:00:33.0390 0x096c  arc - ok
12:00:33.0407 0x096c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:00:33.0412 0x096c  arcsas - ok
12:00:33.0569 0x096c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:00:33.0579 0x096c  aspnet_state - ok
12:00:33.0603 0x096c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:00:33.0605 0x096c  AsyncMac - ok
12:00:33.0633 0x096c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:00:33.0634 0x096c  atapi - ok
12:00:33.0692 0x096c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:00:33.0726 0x096c  AudioEndpointBuilder - ok
12:00:33.0764 0x096c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:00:33.0785 0x096c  AudioSrv - ok
12:00:33.0817 0x096c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:00:33.0822 0x096c  AxInstSV - ok
12:00:33.0858 0x096c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:00:33.0875 0x096c  b06bdrv - ok
12:00:33.0897 0x096c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:00:33.0905 0x096c  b57nd60a - ok
12:00:33.0936 0x096c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:00:33.0940 0x096c  BDESVC - ok
12:00:33.0958 0x096c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:00:33.0960 0x096c  Beep - ok
12:00:34.0008 0x096c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:00:34.0034 0x096c  BFE - ok
12:00:34.0263 0x096c  [ B20C7345F7EAD6C5E3EFA52E044411B6, 63DC57908D77B77907A278AD219240AEDD502272D5D3D35D5339172CDE36DA86 ] BHDrvx64        C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys
12:00:34.0374 0x096c  BHDrvx64 - ok
12:00:34.0515 0x096c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
12:00:34.0596 0x096c  BITS - ok
12:00:34.0614 0x096c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:00:34.0618 0x096c  blbdrive - ok
12:00:34.0833 0x096c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:00:34.0850 0x096c  Bonjour Service - ok
12:00:34.0913 0x096c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:00:34.0919 0x096c  bowser - ok
12:00:35.0037 0x096c  [ C52093BEF318FFCC1130E9D66F3ED5DD, 4E69AAC810B7D5D6B5C566A3D7CA44FEFCA326927D1FCEF0F201F916AE8EDBC5 ] BoxSyncUpdateService C:\Program Files\Box\Box Sync\SyncUpdaterService.exe
12:00:35.0040 0x096c  BoxSyncUpdateService - ok
12:00:35.0065 0x096c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:00:35.0068 0x096c  BrFiltLo - ok
12:00:35.0079 0x096c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:00:35.0082 0x096c  BrFiltUp - ok
12:00:35.0103 0x096c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:00:35.0109 0x096c  BridgeMP - ok
12:00:35.0143 0x096c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:00:35.0150 0x096c  Browser - ok
12:00:35.0195 0x096c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:00:35.0213 0x096c  Brserid - ok
12:00:35.0231 0x096c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:00:35.0234 0x096c  BrSerWdm - ok
12:00:35.0253 0x096c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:00:35.0256 0x096c  BrUsbMdm - ok
12:00:35.0269 0x096c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:00:35.0272 0x096c  BrUsbSer - ok
12:00:35.0331 0x096c  [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
12:00:35.0348 0x096c  BrYNSvc - ok
12:00:35.0393 0x096c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:00:35.0398 0x096c  BTHMODEM - ok
12:00:35.0425 0x096c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:00:35.0431 0x096c  bthserv - ok
12:00:35.0495 0x096c  [ 56685951208AC81CF923B9B08BEDF3B7, F5FF438B9A54AD8D54E82DE60E1771C9685A95D5E590D69EB1E4E78D3B9B7769 ] ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC} C:\Windows\system32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys
12:00:35.0506 0x096c  ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC} - ok
12:00:35.0525 0x096c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:00:35.0531 0x096c  cdfs - ok
12:00:35.0572 0x096c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
12:00:35.0580 0x096c  cdrom - ok
12:00:35.0616 0x096c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:00:35.0621 0x096c  CertPropSvc - ok
12:00:35.0645 0x096c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:00:35.0649 0x096c  circlass - ok
12:00:35.0709 0x096c  [ 27DF3A0309581FAC3449555845653EAC, B8A5ED2397CF37D90CDFB90FF7B526E70F961DFFC6120FC8DDCA01C7A4CF94FE ] ciscod.exe      C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe
12:00:35.0713 0x096c  ciscod.exe - ok
12:00:35.0799 0x096c  [ B794DCF38C965FA2F93C45A7C3D582C5, 0E483EAF835B85AA4B6F449F9BB68AF0A3EE4192D29CD72F4B812F1E4D9E9A7C ] cleanhlp        C:\EEK\bin\cleanhlp64.sys
12:00:35.0803 0x096c  cleanhlp - ok
12:00:35.0892 0x096c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
12:00:35.0908 0x096c  CLFS - ok
12:00:36.0053 0x096c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:00:36.0060 0x096c  clr_optimization_v2.0.50727_32 - ok
12:00:36.0203 0x096c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:00:36.0210 0x096c  clr_optimization_v2.0.50727_64 - ok
12:00:36.0635 0x096c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:00:36.0643 0x096c  clr_optimization_v4.0.30319_32 - ok
12:00:36.0715 0x096c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:00:36.0748 0x096c  clr_optimization_v4.0.30319_64 - ok
12:00:36.0869 0x096c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:00:36.0872 0x096c  CmBatt - ok
12:00:36.0903 0x096c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:00:36.0906 0x096c  cmdide - ok
12:00:36.0974 0x096c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
12:00:36.0994 0x096c  CNG - ok
12:00:37.0201 0x096c  [ E5D795A7F9E3A5359DD6EA82A8A1373D, 6C0F34F81460429CCC6E24F31F86340AE780619C5A3972CCC7A5E61582EAD70B ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
12:00:37.0212 0x096c  CnxtHdAudService - ok
12:00:37.0255 0x096c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:00:37.0258 0x096c  Compbatt - ok
12:00:37.0343 0x096c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:00:37.0346 0x096c  CompositeBus - ok
12:00:37.0379 0x096c  COMSysApp - ok
12:00:37.0446 0x096c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:00:37.0449 0x096c  crcdisk - ok
12:00:37.0565 0x096c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:00:37.0573 0x096c  CryptSvc - ok
12:00:37.0650 0x096c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
12:00:37.0672 0x096c  CSC - ok
12:00:37.0860 0x096c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
12:00:37.0890 0x096c  CscService - ok
12:00:37.0946 0x096c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:00:37.0998 0x096c  DcomLaunch - ok
12:00:38.0038 0x096c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:00:38.0063 0x096c  defragsvc - ok
12:00:38.0100 0x096c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:00:38.0106 0x096c  DfsC - ok
12:00:38.0136 0x096c  [ 421D371E96480DD3A14EA37D0D2757D1, A2E8224AF48CBFBEE169771C79388E50EDBACA62CBA5F83CAF50B20375080509 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:00:38.0142 0x096c  dg_ssudbus - ok
12:00:38.0190 0x096c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:00:38.0214 0x096c  Dhcp - ok
12:00:38.0235 0x096c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:00:38.0242 0x096c  discache - ok
12:00:38.0277 0x096c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:00:38.0282 0x096c  Disk - ok
12:00:38.0320 0x096c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:00:38.0330 0x096c  Dnscache - ok
12:00:38.0357 0x096c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:00:38.0384 0x096c  dot3svc - ok
12:00:38.0456 0x096c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:00:38.0465 0x096c  DPS - ok
12:00:38.0493 0x096c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:00:38.0496 0x096c  drmkaud - ok
12:00:38.0574 0x096c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:00:38.0613 0x096c  DXGKrnl - ok
12:00:38.0639 0x096c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:00:38.0643 0x096c  EapHost - ok
12:00:38.0799 0x096c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:00:38.0909 0x096c  ebdrv - ok
12:00:39.0121 0x096c  [ 03E1B8BA59327D186C7C533A6998FEF9, 224937A697B55BD9CCD790771DBE9D135021AD1DC3E6D6AC7C431C56F0FFBBB5 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:00:39.0142 0x096c  eeCtrl - ok
12:00:39.0182 0x096c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
12:00:39.0185 0x096c  EFS - ok
12:00:39.0383 0x096c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:00:39.0414 0x096c  ehRecvr - ok
12:00:39.0446 0x096c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:00:39.0453 0x096c  ehSched - ok
12:00:39.0548 0x096c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:00:39.0571 0x096c  elxstor - ok
12:00:39.0758 0x096c  [ 142EA7DF1851C563571F2DCFC7AFBB40, 14DE008B68D127F246A64290DFCBD7ECDE8FF7932B3BAE660EB131860E826EAD ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:00:39.0765 0x096c  EraserUtilRebootDrv - ok
12:00:39.0790 0x096c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:00:39.0792 0x096c  ErrDev - ok
12:00:39.0862 0x096c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:00:39.0878 0x096c  EventSystem - ok
12:00:39.0901 0x096c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:00:39.0908 0x096c  exfat - ok
12:00:39.0927 0x096c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:00:39.0934 0x096c  fastfat - ok
12:00:39.0974 0x096c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:00:40.0000 0x096c  Fax - ok
12:00:40.0021 0x096c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:00:40.0024 0x096c  fdc - ok
12:00:40.0043 0x096c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:00:40.0045 0x096c  fdPHost - ok
12:00:40.0058 0x096c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:00:40.0060 0x096c  FDResPub - ok
12:00:40.0076 0x096c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:00:40.0080 0x096c  FileInfo - ok
12:00:40.0099 0x096c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:00:40.0101 0x096c  Filetrace - ok
12:00:40.0112 0x096c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:00:40.0115 0x096c  flpydisk - ok
12:00:40.0143 0x096c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:00:40.0153 0x096c  FltMgr - ok
12:00:40.0202 0x096c  [ 813155B27B68DACCBAECCCEEA60BD8BF, 24BD34825B0D1A1DCB9BD1834733B21A8EB2DA49B9B31F8B1AFC1D71DC8CE823 ] FolderSize      C:\Program Files\FolderSize\FolderSizeSvc.exe
12:00:40.0210 0x096c  FolderSize - ok
12:00:40.0278 0x096c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
12:00:40.0331 0x096c  FontCache - ok
12:00:40.0403 0x096c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:00:40.0408 0x096c  FontCache3.0.0.0 - ok
12:00:40.0422 0x096c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:00:40.0425 0x096c  FsDepends - ok
12:00:40.0452 0x096c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:00:40.0455 0x096c  Fs_Rec - ok
12:00:40.0491 0x096c  [ 82D4BD620F7E27EA268EA0E2F701A7AE, 744014A791C07CF3B9387ADECB94552D8B6AC523433F7063411198509155F3E9 ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
12:00:40.0495 0x096c  FTDIBUS - ok
12:00:40.0525 0x096c  [ 1FA21FF2D7B50B528D8B73DB34AD06BC, 77B670CA00AC56C59307F154608462197DDF9A367701A5C687B4A93AFB759554 ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
12:00:40.0530 0x096c  FTSER2K - ok
12:00:40.0572 0x096c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:00:40.0583 0x096c  fvevol - ok
12:00:40.0621 0x096c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:00:40.0626 0x096c  gagp30kx - ok
12:00:40.0669 0x096c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:00:40.0672 0x096c  GEARAspiWDM - ok
12:00:40.0824 0x096c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:00:40.0860 0x096c  gpsvc - ok
12:00:40.0972 0x096c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:00:40.0978 0x096c  gupdate - ok
12:00:40.0988 0x096c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:00:40.0993 0x096c  gupdatem - ok
12:00:41.0017 0x096c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:00:41.0021 0x096c  hcw85cir - ok
12:00:41.0137 0x096c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:00:41.0153 0x096c  HdAudAddService - ok
12:00:41.0203 0x096c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:00:41.0207 0x096c  HDAudBus - ok
12:00:41.0223 0x096c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:00:41.0225 0x096c  HidBatt - ok
12:00:41.0248 0x096c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:00:41.0252 0x096c  HidBth - ok
12:00:41.0263 0x096c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:00:41.0266 0x096c  HidIr - ok
12:00:41.0286 0x096c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
12:00:41.0288 0x096c  hidserv - ok
12:00:41.0316 0x096c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:00:41.0318 0x096c  HidUsb - ok
12:00:41.0343 0x096c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:00:41.0348 0x096c  hkmsvc - ok
12:00:41.0379 0x096c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:00:41.0388 0x096c  HomeGroupListener - ok
12:00:41.0459 0x096c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:00:41.0470 0x096c  HomeGroupProvider - ok
12:00:41.0509 0x096c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:00:41.0513 0x096c  HpSAMD - ok
12:00:41.0575 0x096c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:00:41.0619 0x096c  HTTP - ok
12:00:41.0652 0x096c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:00:41.0654 0x096c  hwpolicy - ok
12:00:41.0689 0x096c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:00:41.0696 0x096c  i8042prt - ok
12:00:41.0748 0x096c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:00:41.0774 0x096c  iaStorV - ok
12:00:41.0849 0x096c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:00:41.0893 0x096c  idsvc - ok
12:00:42.0159 0x096c  [ 47D561365913893120FC651419745FDA, B1D61C40A2EA1CF2440FF8C154C085600B2E6B68F4376B4D33B5AC1E87D9181E ] IDSVia64        C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20141029.011\IDSvia64.sys
12:00:42.0182 0x096c  IDSVia64 - ok
12:00:42.0264 0x096c  IEEtwCollectorService - ok
12:00:42.0945 0x096c  [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF, 1543345ED76F0FEF907A32E0838F8B01F0FB361565B13ADD34F552FF48D38DD6 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:00:43.0248 0x096c  igfx - ok
12:00:43.0299 0x096c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:00:43.0302 0x096c  iirsp - ok
12:00:43.0353 0x096c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:00:43.0388 0x096c  IKEEXT - ok
12:00:43.0408 0x096c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:00:43.0427 0x096c  intelide - ok
12:00:43.0453 0x096c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:00:43.0457 0x096c  intelppm - ok
12:00:43.0544 0x096c  [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:00:43.0546 0x096c  IntuitUpdateServiceV4 - ok
12:00:43.0576 0x096c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:00:43.0582 0x096c  IPBusEnum - ok
12:00:43.0612 0x096c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:00:43.0618 0x096c  IpFilterDriver - ok
12:00:43.0666 0x096c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:00:43.0700 0x096c  iphlpsvc - ok
12:00:43.0730 0x096c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:00:43.0735 0x096c  IPMIDRV - ok
12:00:43.0771 0x096c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:00:43.0778 0x096c  IPNAT - ok
12:00:43.0840 0x096c  [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:00:43.0874 0x096c  iPod Service - ok
12:00:43.0905 0x096c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:00:43.0908 0x096c  IRENUM - ok
12:00:43.0944 0x096c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:00:43.0947 0x096c  isapnp - ok
12:00:43.0984 0x096c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:00:44.0001 0x096c  iScsiPrt - ok
12:00:44.0036 0x096c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:00:44.0040 0x096c  kbdclass - ok
12:00:44.0073 0x096c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:00:44.0076 0x096c  kbdhid - ok
12:00:44.0092 0x096c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
12:00:44.0095 0x096c  KeyIso - ok
12:00:44.0143 0x096c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:00:44.0148 0x096c  KSecDD - ok
12:00:44.0220 0x096c  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:00:44.0228 0x096c  KSecPkg - ok
12:00:44.0261 0x096c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:00:44.0263 0x096c  ksthunk - ok
12:00:44.0347 0x096c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:00:44.0366 0x096c  KtmRm - ok
12:00:44.0472 0x096c  [ 305BB2AC00D46542E0A653AB63F4ABB1, E3BE57A0EBB1194656D20C11688863A7864B06223419F688D82881F9F49604B6 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
12:00:44.0490 0x096c  LADF_CaptureOnly - ok
12:00:44.0523 0x096c  [ 28CDDC7D478A6313F55077416DCBD0DE, EE4174FC9444856DF0693D1A5F16EB88352A3B012AA82D49C462980703981A7A ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
12:00:44.0528 0x096c  LADF_RenderOnly - ok
12:00:44.0596 0x096c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:00:44.0610 0x096c  LanmanServer - ok
12:00:44.0662 0x096c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:00:44.0671 0x096c  LanmanWorkstation - ok
12:00:44.0739 0x096c  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
12:00:44.0742 0x096c  LGBusEnum - ok
12:00:44.0790 0x096c  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
12:00:44.0793 0x096c  LGVirHid - ok
12:00:44.0830 0x096c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:00:44.0834 0x096c  lltdio - ok
12:00:44.0901 0x096c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:00:44.0935 0x096c  lltdsvc - ok
12:00:44.0963 0x096c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:00:44.0966 0x096c  lmhosts - ok
12:00:44.0997 0x096c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:00:45.0003 0x096c  LSI_FC - ok
12:00:45.0019 0x096c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:00:45.0026 0x096c  LSI_SAS - ok
12:00:45.0045 0x096c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:00:45.0050 0x096c  LSI_SAS2 - ok
12:00:45.0074 0x096c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:00:45.0081 0x096c  LSI_SCSI - ok
12:00:45.0109 0x096c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:00:45.0116 0x096c  luafv - ok
12:00:45.0164 0x096c  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:00:45.0169 0x096c  MBAMProtector - ok
12:00:45.0221 0x096c  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:00:45.0236 0x096c  MBAMScheduler - ok
12:00:45.0286 0x096c  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:00:45.0320 0x096c  MBAMService - ok
12:00:45.0349 0x096c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:00:45.0356 0x096c  Mcx2Svc - ok
12:00:45.0379 0x096c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:00:45.0383 0x096c  megasas - ok
12:00:45.0411 0x096c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:00:45.0428 0x096c  MegaSR - ok
12:00:45.0451 0x096c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:00:45.0456 0x096c  MMCSS - ok
12:00:45.0476 0x096c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:00:45.0479 0x096c  Modem - ok
12:00:45.0513 0x096c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:00:45.0515 0x096c  monitor - ok
12:00:45.0564 0x096c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:00:45.0568 0x096c  mouclass - ok
12:00:45.0605 0x096c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:00:45.0608 0x096c  mouhid - ok
12:00:45.0657 0x096c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:00:45.0662 0x096c  mountmgr - ok
12:00:45.0749 0x096c  [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:00:45.0755 0x096c  MozillaMaintenance - ok
12:00:45.0789 0x096c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:00:45.0794 0x096c  mpio - ok
12:00:45.0851 0x096c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:00:45.0855 0x096c  mpsdrv - ok
12:00:45.0955 0x096c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:00:45.0992 0x096c  MpsSvc - ok
12:00:46.0029 0x096c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:00:46.0036 0x096c  MRxDAV - ok
12:00:46.0098 0x096c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:00:46.0106 0x096c  mrxsmb - ok
12:00:46.0144 0x096c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:00:46.0158 0x096c  mrxsmb10 - ok
12:00:46.0179 0x096c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:00:46.0186 0x096c  mrxsmb20 - ok
12:00:46.0206 0x096c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:00:46.0209 0x096c  msahci - ok
12:00:46.0245 0x096c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:00:46.0252 0x096c  msdsm - ok
12:00:46.0287 0x096c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:00:46.0297 0x096c  MSDTC - ok
12:00:46.0332 0x096c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:00:46.0335 0x096c  Msfs - ok
12:00:46.0350 0x096c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:00:46.0352 0x096c  mshidkmdf - ok
12:00:46.0374 0x096c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:00:46.0377 0x096c  msisadrv - ok
12:00:46.0413 0x096c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:00:46.0422 0x096c  MSiSCSI - ok
12:00:46.0430 0x096c  msiserver - ok
12:00:46.0451 0x096c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:00:46.0454 0x096c  MSKSSRV - ok
12:00:46.0473 0x096c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:00:46.0475 0x096c  MSPCLOCK - ok
12:00:46.0490 0x096c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:00:46.0493 0x096c  MSPQM - ok
12:00:46.0530 0x096c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:00:46.0564 0x096c  MsRPC - ok
12:00:46.0583 0x096c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:00:46.0586 0x096c  mssmbios - ok
12:00:46.0606 0x096c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:00:46.0608 0x096c  MSTEE - ok
12:00:46.0624 0x096c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:00:46.0627 0x096c  MTConfig - ok
12:00:46.0647 0x096c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:00:46.0651 0x096c  Mup - ok
12:00:46.0723 0x096c  MySQL - ok
12:00:46.0799 0x096c  [ 697E40601D8219A7B6309F3C72EFAC62, D369889023C782630FA5617BC9EEB2AA324E1077F4F88653D1C6D460EE9B248F ] nam             C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe
12:00:46.0842 0x096c  nam - ok
12:00:46.0867 0x096c  [ 5F0A4EED82C14509532FC15063810745, 23FD76CD925FB9F5731F998CB1EF7F0D9A28C4D03621EF8C523622ACD86FBB3F ] namlm           C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe
12:00:46.0884 0x096c  namlm - ok
12:00:46.0925 0x096c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:00:46.0959 0x096c  napagent - ok
12:00:46.0991 0x096c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:00:47.0005 0x096c  NativeWifiP - ok
12:00:47.0164 0x096c  [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG          C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20141029.001\ENG64.SYS
12:00:47.0172 0x096c  NAVENG - ok
12:00:47.0573 0x096c  [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15         C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20141029.001\EX64.SYS
12:00:47.0641 0x096c  NAVEX15 - ok
12:00:47.0827 0x096c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:00:47.0879 0x096c  NDIS - ok
12:00:47.0898 0x096c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:00:47.0901 0x096c  NdisCap - ok
12:00:47.0923 0x096c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:00:47.0926 0x096c  NdisTapi - ok
12:00:47.0953 0x096c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:00:47.0957 0x096c  Ndisuio - ok
12:00:47.0980 0x096c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:00:47.0989 0x096c  NdisWan - ok
12:00:48.0019 0x096c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:00:48.0023 0x096c  NDProxy - ok
12:00:48.0038 0x096c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:00:48.0044 0x096c  NetBIOS - ok
12:00:48.0084 0x096c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:00:48.0109 0x096c  NetBT - ok
12:00:48.0124 0x096c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
12:00:48.0128 0x096c  Netlogon - ok
12:00:48.0166 0x096c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:00:48.0193 0x096c  Netman - ok
12:00:48.0233 0x096c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:00:48.0257 0x096c  NetMsmqActivator - ok
12:00:48.0268 0x096c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:00:48.0275 0x096c  NetPipeActivator - ok
12:00:48.0374 0x096c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:00:48.0395 0x096c  netprofm - ok
12:00:48.0408 0x096c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:00:48.0414 0x096c  NetTcpActivator - ok
12:00:48.0426 0x096c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:00:48.0433 0x096c  NetTcpPortSharing - ok
12:00:48.0808 0x096c  [ 39EDE676D17F37AF4573C2B33EC28ACA, 6C897C8B72D7AC1385302E58509688790CC5F428E967485F92C3CD646907EF59 ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
12:00:49.0064 0x096c  NETw5s64 - ok
12:00:49.0315 0x096c  [ 263796D4F50DF61C0C7CA86F746B5767, 36CA0A4F6198237B6BA98737EF83A404F95EB27A12C7A5A239480D5E6ABB23FA ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
12:00:49.0578 0x096c  netw5v64 - ok
12:00:49.0630 0x096c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:00:49.0633 0x096c  nfrd960 - ok
12:00:49.0688 0x096c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:00:49.0704 0x096c  NlaSvc - ok
12:00:49.0728 0x096c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:00:49.0731 0x096c  Npfs - ok
12:00:49.0775 0x096c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:00:49.0779 0x096c  nsi - ok
12:00:49.0791 0x096c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:00:49.0794 0x096c  nsiproxy - ok
12:00:50.0106 0x096c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:00:50.0176 0x096c  Ntfs - ok
12:00:50.0202 0x096c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:00:50.0203 0x096c  Null - ok
12:00:50.0257 0x096c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:00:50.0262 0x096c  nvraid - ok
12:00:50.0327 0x096c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:00:50.0335 0x096c  nvstor - ok
12:00:50.0373 0x096c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:00:50.0380 0x096c  nv_agp - ok
12:00:50.0436 0x096c  [ D955D5DE998DB2476BF0892BE3A96C26, 3828FC1D4A4F9CD685E6D938B92370A602B84A3ACE2C9A674B3B59E633B0AE07 ] O2FLASH         C:\Windows\system32\DRIVERS\o2flash.exe
12:00:50.0440 0x096c  O2FLASH - ok
12:00:50.0459 0x096c  [ 46F4C4AA9A70B3A7C8B4D25846EE6AF3, CB54A8BEF5B5A5CF04EB0EDEF440C16D903FE8CFC7F36B146C1E5AFB2365269A ] O2MDRDR         C:\Windows\system32\DRIVERS\o2mdx64.sys
12:00:50.0467 0x096c  O2MDRDR - ok
12:00:50.0501 0x096c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:00:50.0505 0x096c  ohci1394 - ok
12:00:50.0578 0x096c  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:00:50.0587 0x096c  ose64 - ok
12:00:50.0787 0x096c  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:00:50.0900 0x096c  osppsvc - ok
12:00:50.0946 0x096c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:00:50.0957 0x096c  p2pimsvc - ok
12:00:50.0987 0x096c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:00:51.0013 0x096c  p2psvc - ok
12:00:51.0031 0x096c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:00:51.0036 0x096c  Parport - ok
12:00:51.0060 0x096c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:00:51.0064 0x096c  partmgr - ok
12:00:51.0085 0x096c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:00:51.0093 0x096c  PcaSvc - ok
12:00:51.0116 0x096c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:00:51.0122 0x096c  pci - ok
12:00:51.0143 0x096c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:00:51.0144 0x096c  pciide - ok
12:00:51.0165 0x096c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:00:51.0173 0x096c  pcmcia - ok
12:00:51.0184 0x096c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:00:51.0187 0x096c  pcw - ok
12:00:51.0214 0x096c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:00:51.0240 0x096c  PEAUTH - ok
12:00:51.0305 0x096c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:00:51.0356 0x096c  PeerDistSvc - ok
12:00:51.0439 0x096c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:00:51.0443 0x096c  PerfHost - ok
12:00:51.0545 0x096c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:00:51.0615 0x096c  pla - ok
12:00:51.0669 0x096c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:00:51.0695 0x096c  PlugPlay - ok
12:00:51.0710 0x096c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:00:51.0716 0x096c  PNRPAutoReg - ok
12:00:51.0743 0x096c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:00:51.0758 0x096c  PNRPsvc - ok
12:00:51.0854 0x096c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:00:51.0878 0x096c  PolicyAgent - ok
12:00:51.0947 0x096c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:00:51.0957 0x096c  Power - ok
12:00:51.0981 0x096c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:00:51.0987 0x096c  PptpMiniport - ok
12:00:52.0026 0x096c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:00:52.0030 0x096c  Processor - ok
12:00:52.0090 0x096c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:00:52.0102 0x096c  ProfSvc - ok
12:00:52.0116 0x096c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:00:52.0119 0x096c  ProtectedStorage - ok
12:00:52.0166 0x096c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:00:52.0172 0x096c  Psched - ok
12:00:52.0229 0x096c  [ BC08F7F3C53CBEE68670ED1314E290FD, EC683DDE60AFED297D28BC7570BB6DA27A94F52417AD6DE1FBE265255F4051DD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
12:00:52.0233 0x096c  PxHlpa64 - ok
12:00:52.0357 0x096c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:00:52.0414 0x096c  ql2300 - ok
12:00:52.0437 0x096c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:00:52.0442 0x096c  ql40xx - ok
12:00:52.0486 0x096c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:00:52.0496 0x096c  QWAVE - ok
12:00:52.0514 0x096c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:00:52.0516 0x096c  QWAVEdrv - ok
12:00:52.0533 0x096c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:00:52.0535 0x096c  RasAcd - ok
12:00:52.0577 0x096c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:00:52.0580 0x096c  RasAgileVpn - ok
12:00:52.0605 0x096c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:00:52.0611 0x096c  RasAuto - ok
12:00:52.0637 0x096c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:00:52.0642 0x096c  Rasl2tp - ok
12:00:52.0672 0x096c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:00:52.0688 0x096c  RasMan - ok
12:00:52.0713 0x096c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:00:52.0718 0x096c  RasPppoe - ok
12:00:52.0745 0x096c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:00:52.0749 0x096c  RasSstp - ok
12:00:52.0771 0x096c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:00:52.0781 0x096c  rdbss - ok
12:00:52.0795 0x096c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:00:52.0797 0x096c  rdpbus - ok
12:00:52.0808 0x096c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:00:52.0810 0x096c  RDPCDD - ok
12:00:52.0839 0x096c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:00:52.0844 0x096c  RDPDR - ok
12:00:52.0870 0x096c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:00:52.0872 0x096c  RDPENCDD - ok
12:00:52.0881 0x096c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:00:52.0886 0x096c  RDPREFMP - ok
12:00:52.0950 0x096c  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:00:52.0952 0x096c  RdpVideoMiniport - ok
12:00:52.0980 0x096c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:00:52.0989 0x096c  RDPWD - ok
12:00:53.0018 0x096c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:00:53.0026 0x096c  rdyboost - ok
12:00:53.0055 0x096c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:00:53.0061 0x096c  RemoteAccess - ok
12:00:53.0094 0x096c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:00:53.0102 0x096c  RemoteRegistry - ok
12:00:53.0120 0x096c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:00:53.0125 0x096c  RpcEptMapper - ok
12:00:53.0149 0x096c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:00:53.0152 0x096c  RpcLocator - ok
12:00:53.0216 0x096c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
12:00:53.0233 0x096c  RpcSs - ok
12:00:53.0256 0x096c  [ 76BE772BA2F6549558AF20CE077FC1D7, FF813017836CD5157EEBB5084A17614F9753431F199A9E2F1664E5B77EAF75A8 ] rspLLL          C:\Windows\system32\DRIVERS\rspLLL64.sys
12:00:53.0258 0x096c  rspLLL - ok
12:00:53.0271 0x096c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:00:53.0274 0x096c  rspndr - ok
12:00:53.0298 0x096c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:00:53.0300 0x096c  s3cap - ok
12:00:53.0315 0x096c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
12:00:53.0318 0x096c  SamSs - ok
12:00:53.0345 0x096c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:00:53.0351 0x096c  sbp2port - ok
12:00:53.0396 0x096c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:00:53.0409 0x096c  SCardSvr - ok
12:00:53.0442 0x096c  [ 3570E8B9016621C5BC8754B026DDB3B8, A8D2CCB00877EBDC3C9168065D4F13C104DAFF1FCFC932CD49C75F5C0D10DCF6 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
12:00:53.0449 0x096c  SCDEmu - ok
12:00:53.0468 0x096c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:00:53.0471 0x096c  scfilter - ok
12:00:53.0692 0x096c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:00:53.0755 0x096c  Schedule - ok
12:00:53.0789 0x096c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:00:53.0792 0x096c  SCPolicySvc - ok
12:00:53.0834 0x096c  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
12:00:53.0838 0x096c  sdbus - ok
12:00:53.0875 0x096c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:00:53.0886 0x096c  SDRSVC - ok
12:00:53.0909 0x096c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:00:53.0911 0x096c  secdrv - ok
12:00:53.0931 0x096c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:00:53.0934 0x096c  seclogon - ok
12:00:53.0948 0x096c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
12:00:53.0952 0x096c  SENS - ok
12:00:53.0975 0x096c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:00:53.0979 0x096c  SensrSvc - ok
12:00:54.0282 0x096c  [ 94E826672988FBCE0979F7800EB770C9, 713AF15002F64201A913670A4F9BDD59816D1D55A95B4175E4FEA467D8919BFB ] SepMasterService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
12:00:54.0290 0x096c  SepMasterService - ok
12:00:54.0305 0x096c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:00:54.0308 0x096c  Serenum - ok
12:00:54.0332 0x096c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:00:54.0337 0x096c  Serial - ok
12:00:54.0375 0x096c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:00:54.0378 0x096c  sermouse - ok
12:00:54.0448 0x096c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:00:54.0457 0x096c  SessionEnv - ok
12:00:54.0502 0x096c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
12:00:54.0504 0x096c  sffdisk - ok
12:00:54.0522 0x096c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:00:54.0525 0x096c  sffp_mmc - ok
12:00:54.0542 0x096c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
12:00:54.0545 0x096c  sffp_sd - ok
12:00:54.0554 0x096c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:00:54.0558 0x096c  sfloppy - ok
12:00:54.0614 0x096c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:00:54.0649 0x096c  SharedAccess - ok
12:00:54.0692 0x096c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:00:54.0726 0x096c  ShellHWDetection - ok
12:00:54.0748 0x096c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:00:54.0752 0x096c  SiSRaid2 - ok
12:00:54.0773 0x096c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:00:54.0779 0x096c  SiSRaid4 - ok
12:00:54.0842 0x096c  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:00:54.0859 0x096c  SkypeUpdate - ok
12:00:54.0883 0x096c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:00:54.0889 0x096c  Smb - ok
12:00:55.0051 0x096c  [ 12627BC6B9125E93338B030E5F3FE322, 72A89F5925EA0603FAF0128E2B0D8823AA22EDBC61AC6D1C41DD59829763F877 ] SmcService      C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
12:00:55.0135 0x096c  SmcService - ok
12:00:55.0171 0x096c  [ A2E01BE605FB5696D8561883582710BA, 434A9950F7584CB150BCB382E6DA3A5FE8E6003B416F083E5A054B38D81CBAAA ] SNAC            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe
12:00:55.0187 0x096c  SNAC - ok
12:00:55.0217 0x096c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:00:55.0220 0x096c  SNMPTRAP - ok
12:00:55.0237 0x096c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:00:55.0239 0x096c  spldr - ok
12:00:55.0274 0x096c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:00:55.0299 0x096c  Spooler - ok
12:00:55.0955 0x096c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:00:56.0051 0x096c  sppsvc - ok
12:00:56.0082 0x096c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:00:56.0087 0x096c  sppuinotify - ok
12:00:56.0352 0x096c  [ 193154DCA42A098683BBC693CF0DCBF6, FC115024DDB20130C87988AD3981E17437A278F2FCB05E2C3F7D86417F8472DF ] SRTSP           C:\Windows\system32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSP64.SYS
12:00:56.0386 0x096c  SRTSP - ok
12:00:56.0414 0x096c  [ 0E76CEF892C45734F7AED09FDDF35D4D, C25AF31E411AC3A090859C883132B9AE6A80C8D791168FF219BC0895E35A0359 ] SRTSPX          C:\Windows\system32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSPX64.SYS
12:00:56.0417 0x096c  SRTSPX - ok
12:00:56.0578 0x096c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:00:56.0599 0x096c  srv - ok
12:00:56.0766 0x096c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:00:56.0784 0x096c  srv2 - ok
12:00:56.0893 0x096c  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:00:56.0906 0x096c  SrvHsfHDA - ok
12:00:57.0216 0x096c  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:00:57.0262 0x096c  SrvHsfV92 - ok
12:00:57.0436 0x096c  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:00:57.0467 0x096c  SrvHsfWinac - ok
12:00:57.0530 0x096c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:00:57.0538 0x096c  srvnet - ok
12:00:57.0581 0x096c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:00:57.0594 0x096c  SSDPSRV - ok
12:00:57.0621 0x096c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:00:57.0629 0x096c  SstpSvc - ok
12:00:57.0743 0x096c  [ A97BFF59B3B983FDBDCD8AE6CF3C1E2D, 2FE0401BA152E856495902939F34F391D5572A7B6EBD340D114D08AC280F713B ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:00:57.0753 0x096c  ssudmdm - ok
12:00:57.0788 0x096c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:00:57.0792 0x096c  stexstor - ok
12:00:57.0843 0x096c  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
12:00:57.0846 0x096c  StillCam - ok
12:00:57.0973 0x096c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:00:58.0002 0x096c  stisvc - ok
12:00:58.0043 0x096c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:00:58.0047 0x096c  storflt - ok
12:00:58.0086 0x096c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:00:58.0090 0x096c  storvsc - ok
12:00:58.0119 0x096c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:00:58.0121 0x096c  swenum - ok
12:00:58.0351 0x096c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:00:58.0373 0x096c  SwitchBoard - ok
12:00:58.0508 0x096c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:00:58.0531 0x096c  swprv - ok
12:00:58.0586 0x096c  [ 78E04DAACEBEEA41259FF5D6ACD0F565, 3798643DA5C9B7C9C24FE2D58C4EABBF1FD981431C0D5F79D4B44B72B189FAD2 ] SyDvCtrl        C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SyDvCtrl64.sys
12:00:58.0589 0x096c  SyDvCtrl - ok
12:00:58.0712 0x096c  [ E174C8BC572E93AEEE1036DEDAC5F225, 73D0181B9B87FC5F4932FF4681B826D7AE50C3BDAA9AA9938D2E3FC66D447AD6 ] SymDS           C:\Windows\system32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMDS64.SYS
12:00:58.0734 0x096c  SymDS - ok
12:00:58.0943 0x096c  [ 599872BAD7CFB45C7CE47CDED4B726D8, 5B15B1B22C3ACA1BC56CAFCAFFC2E974C75C77C0AB7355FBA91F2147C0911499 ] SymEFA          C:\Windows\system32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMEFA64.SYS
12:00:58.0990 0x096c  SymEFA - ok
12:00:59.0070 0x096c  [ F19E5E37ED8134B9E5F6287F2D3A75D7, 5804D6DF529213CCF7CD2C345483940554CAA5C6EA065A1B09AA54D114C612F8 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:00:59.0078 0x096c  SymEvent - ok
12:00:59.0151 0x096c  [ ADF37F1A715D6C56C8E065FD8569A9A4, 33E895CB326F62D4D22E345563B0641EB88D23B2104A07E8CEBE5ED150882767 ] SymIRON         C:\Windows\system32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.SYS
12:00:59.0162 0x096c  SymIRON - ok
12:00:59.0262 0x096c  [ 9CDCA70485BD6B9D230365F67C31F132, 137995F1F0124E3A10AAA25551F811602BB5FE8361AE8CBA899C6B98486F4CF3 ] SYMNETS         C:\Windows\system32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMNETS.SYS
12:00:59.0280 0x096c  SYMNETS - ok
12:00:59.0677 0x096c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
12:00:59.0730 0x096c  SysMain - ok
12:00:59.0797 0x096c  [ D9355B8939719F00E21C053932C00192, ABDBADC8F4B39D109D774248FBDBB00EB42A24085D4F1F19D5C3531929DC7EEC ] SysPlant        C:\Windows\system32\Drivers\SysPlant.sys
12:00:59.0805 0x096c  SysPlant - ok
12:01:00.0037 0x096c  [ 196E20CE11EDB0EA3EDA491FCD3C943B, DDE0CA36C1E2C15621CAB6CCD84EB3F415F800B62629C213016B0C2FB04E7035 ] SystemExplorerHelpService C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
12:01:00.0071 0x096c  SystemExplorerHelpService - ok
12:01:00.0094 0x096c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:01:00.0101 0x096c  TabletInputService - ok
12:01:00.0179 0x096c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:01:00.0197 0x096c  TapiSrv - ok
12:01:00.0237 0x096c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:01:00.0244 0x096c  TBS - ok
12:01:00.0519 0x096c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:01:00.0570 0x096c  Tcpip - ok
12:01:00.0648 0x096c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:01:00.0690 0x096c  TCPIP6 - ok
12:01:00.0738 0x096c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:01:00.0740 0x096c  tcpipreg - ok
12:01:00.0798 0x096c  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
12:01:00.0800 0x096c  tdcmdpst - ok
12:01:00.0843 0x096c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:01:00.0870 0x096c  TDPIPE - ok
12:01:00.0898 0x096c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:01:00.0918 0x096c  TDTCP - ok
12:01:00.0964 0x096c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:01:00.0971 0x096c  tdx - ok
12:01:01.0087 0x096c  [ 1B31AAF5DABC0EA169DF05B510AB4E52, F539142BD2D808169823A6A6D276BD7148CE066C5B69C219C66DF3AB35E5E54A ] Teefer2         C:\Windows\system32\DRIVERS\Teefer.sys
12:01:01.0092 0x096c  Teefer2 - ok
12:01:01.0125 0x096c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:01:01.0192 0x096c  TermDD - ok
12:01:01.0626 0x096c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
12:01:01.0658 0x096c  TermService - ok
12:01:01.0707 0x096c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:01:01.0713 0x096c  Themes - ok
12:01:01.0750 0x096c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:01:01.0755 0x096c  THREADORDER - ok
12:01:01.0799 0x096c  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
12:01:01.0809 0x096c  TODDSrv - ok
12:01:01.0843 0x096c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:01:01.0852 0x096c  TrkWks - ok
12:01:01.0959 0x096c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:01:01.0969 0x096c  TrustedInstaller - ok
12:01:02.0010 0x096c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:01:02.0014 0x096c  tssecsrv - ok
12:01:02.0039 0x096c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:01:02.0043 0x096c  TsUsbFlt - ok
12:01:02.0076 0x096c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:01:02.0083 0x096c  tunnel - ok
12:01:02.0126 0x096c  [ 9A744CC3D804EC38A6C2C65BC3C6FCD8, 28CDF1A8614444F4A7249FB7189B423579CA91D1373138CD3E6C048CE6D2799F ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
12:01:02.0129 0x096c  TVALZ - ok
12:01:02.0162 0x096c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:01:02.0167 0x096c  uagp35 - ok
12:01:02.0241 0x096c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:01:02.0256 0x096c  udfs - ok
12:01:02.0291 0x096c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:01:02.0295 0x096c  UI0Detect - ok
12:01:02.0349 0x096c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:01:02.0352 0x096c  uliagpkx - ok
12:01:02.0398 0x096c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:01:02.0402 0x096c  umbus - ok
12:01:02.0447 0x096c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:01:02.0450 0x096c  UmPass - ok
12:01:02.0517 0x096c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:01:02.0531 0x096c  UmRdpService - ok
12:01:02.0594 0x096c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:01:02.0613 0x096c  upnphost - ok
12:01:02.0704 0x096c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:01:02.0710 0x096c  usbaudio - ok
12:01:02.0764 0x096c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:01:02.0770 0x096c  usbccgp - ok
12:01:02.0802 0x096c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:01:02.0808 0x096c  usbcir - ok
12:01:02.0872 0x096c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:01:02.0876 0x096c  usbehci - ok
12:01:02.0953 0x096c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:01:02.0969 0x096c  usbhub - ok
12:01:03.0017 0x096c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:01:03.0020 0x096c  usbohci - ok
12:01:03.0065 0x096c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:01:03.0068 0x096c  usbprint - ok
12:01:03.0095 0x096c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:01:03.0100 0x096c  USBSTOR - ok
12:01:03.0128 0x096c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:01:03.0131 0x096c  usbuhci - ok
12:01:03.0171 0x096c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
12:01:03.0180 0x096c  usbvideo - ok
12:01:03.0240 0x096c  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
12:01:03.0243 0x096c  usb_rndisx - ok
12:01:03.0276 0x096c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:01:03.0282 0x096c  UxSms - ok
12:01:03.0307 0x096c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
12:01:03.0311 0x096c  VaultSvc - ok
12:01:03.0360 0x096c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:01:03.0363 0x096c  vdrvroot - ok
12:01:03.0502 0x096c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:01:03.0528 0x096c  vds - ok
12:01:03.0570 0x096c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:01:03.0574 0x096c  vga - ok
12:01:03.0587 0x096c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:01:03.0589 0x096c  VgaSave - ok
12:01:03.0649 0x096c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:01:03.0659 0x096c  vhdmp - ok
12:01:03.0684 0x096c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:01:03.0686 0x096c  viaide - ok
12:01:03.0728 0x096c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:01:03.0736 0x096c  vmbus - ok
12:01:03.0754 0x096c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:01:03.0757 0x096c  VMBusHID - ok
12:01:03.0783 0x096c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:01:03.0787 0x096c  volmgr - ok
12:01:03.0818 0x096c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:01:03.0844 0x096c  volmgrx - ok
12:01:03.0875 0x096c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:01:03.0890 0x096c  volsnap - ok
12:01:03.0940 0x096c  [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
12:01:03.0950 0x096c  vpcbus - ok
12:01:04.0000 0x096c  [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:01:04.0005 0x096c  vpcnfltr - ok
12:01:04.0028 0x096c  [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
12:01:04.0032 0x096c  vpcusb - ok
12:01:04.0050 0x096c  [ 63F4E10873BEB4124028C6D1A66B0968, 57088A18CC4BD5A31F40E7118A5DDAA1731A06B91D3870471FBEA705B38E0A57 ] vpcuxd          C:\Windows\system32\DRIVERS\vpcuxd.sys
12:01:04.0053 0x096c  vpcuxd - ok
12:01:04.0098 0x096c  [ 207B6539799CC1C112661A9B620DD233, 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
12:01:04.0126 0x096c  vpcvmm - ok
12:01:04.0198 0x096c  [ B9B364EAD1438DD80A820D214E821D28, FF93A9289961378CA89D708519CB27D9ABB27D8556985AB4A40DEEFE86F1FBE0 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
12:01:04.0218 0x096c  vpnagent - ok
12:01:04.0262 0x096c  [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva           C:\Windows\system32\DRIVERS\vpnva64-6.sys
12:01:04.0266 0x096c  vpnva - ok
12:01:04.0311 0x096c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:01:04.0319 0x096c  vsmraid - ok
12:01:04.0435 0x096c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:01:04.0520 0x096c  VSS - ok
12:01:04.0535 0x096c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:01:04.0540 0x096c  vwifibus - ok
12:01:04.0578 0x096c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:01:04.0582 0x096c  vwififlt - ok
12:01:04.0614 0x096c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:01:04.0615 0x096c  vwifimp - ok
12:01:04.0677 0x096c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:01:04.0687 0x096c  W32Time - ok
12:01:04.0704 0x096c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:01:04.0707 0x096c  WacomPen - ok
12:01:04.0761 0x096c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:01:04.0765 0x096c  WANARP - ok
12:01:04.0784 0x096c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:01:04.0788 0x096c  Wanarpv6 - ok
12:01:05.0000 0x096c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:01:05.0056 0x096c  WatAdminSvc - ok
12:01:05.0155 0x096c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:01:05.0233 0x096c  wbengine - ok
12:01:05.0253 0x096c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:01:05.0262 0x096c  WbioSrvc - ok
12:01:05.0297 0x096c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:01:05.0322 0x096c  wcncsvc - ok
12:01:05.0338 0x096c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:01:05.0343 0x096c  WcsPlugInService - ok
12:01:05.0356 0x096c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:01:05.0358 0x096c  Wd - ok
12:01:05.0402 0x096c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:01:05.0445 0x096c  Wdf01000 - ok
12:01:05.0464 0x096c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:01:05.0469 0x096c  WdiServiceHost - ok
12:01:05.0476 0x096c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:01:05.0480 0x096c  WdiSystemHost - ok
12:01:05.0518 0x096c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
12:01:05.0546 0x096c  WebClient - ok
12:01:05.0576 0x096c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:01:05.0602 0x096c  Wecsvc - ok
12:01:05.0623 0x096c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:01:05.0630 0x096c  wercplsupport - ok
12:01:05.0652 0x096c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:01:05.0660 0x096c  WerSvc - ok
12:01:05.0680 0x096c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:01:05.0683 0x096c  WfpLwf - ok
12:01:05.0694 0x096c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:01:05.0698 0x096c  WIMMount - ok
12:01:05.0722 0x096c  WinDefend - ok
12:01:05.0737 0x096c  WinHttpAutoProxySvc - ok
12:01:05.0816 0x096c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:01:05.0829 0x096c  Winmgmt - ok
12:01:06.0124 0x096c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:01:06.0179 0x096c  WinRM - ok
12:01:06.0277 0x096c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:01:06.0281 0x096c  WinUsb - ok
12:01:06.0465 0x096c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:01:06.0508 0x096c  Wlansvc - ok
12:01:06.0724 0x096c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:01:06.0727 0x096c  WmiAcpi - ok
12:01:06.0797 0x096c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:01:06.0807 0x096c  wmiApSrv - ok
12:01:06.0890 0x096c  WMPNetworkSvc - ok
12:01:06.0938 0x096c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:01:06.0944 0x096c  WPCSvc - ok
12:01:06.0998 0x096c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:01:07.0007 0x096c  WPDBusEnum - ok
12:01:07.0036 0x096c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:01:07.0039 0x096c  ws2ifsl - ok
12:01:07.0099 0x096c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
12:01:07.0107 0x096c  wscsvc - ok
12:01:07.0113 0x096c  WSearch - ok
12:01:07.0604 0x096c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:01:07.0678 0x096c  wuauserv - ok
12:01:07.0764 0x096c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:01:07.0815 0x096c  WudfPf - ok
12:01:07.0838 0x096c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:01:07.0861 0x096c  WUDFRd - ok
12:01:07.0899 0x096c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:01:07.0908 0x096c  wudfsvc - ok
12:01:07.0980 0x096c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:01:08.0009 0x096c  WwanSvc - ok
12:01:08.0088 0x096c  [ B3EEACF62445E24FBB2CD4B0FB4DB026, 2E5B6220094C47754233EDA59E6514CE47AC6C6879F367C72B2C02330EABE8E0 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
12:01:08.0106 0x096c  yukonw7 - ok
12:01:08.0128 0x096c  ================ Scan global ===============================
12:01:08.0156 0x096c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:01:08.0212 0x096c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:01:08.0237 0x096c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:01:08.0276 0x096c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:01:08.0341 0x096c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:01:08.0358 0x096c  [ Global ] - ok
12:01:08.0359 0x096c  ================ Scan MBR ==================================
12:01:08.0374 0x096c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:01:09.0115 0x096c  \Device\Harddisk0\DR0 - ok
12:01:09.0116 0x096c  ================ Scan VBR ==================================
12:01:09.0123 0x096c  [ 51472BD73D25979732639F3518455F03 ] \Device\Harddisk0\DR0\Partition1
12:01:09.0149 0x096c  \Device\Harddisk0\DR0\Partition1 - ok
12:01:09.0150 0x096c  ================ Scan generic autorun ======================
12:01:09.0311 0x096c  [ 320681DF28D82CDCA7E3EED0846625DB, 7F709ADFB0FE36BEC857A928E9CB29BB5B6C0BAD98824D0302C7BB7185100CB9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
12:01:09.0327 0x096c  AdobeAAMUpdater-1.0 - ok
12:01:09.0940 0x096c  [ 2AA3480A3980B77338057E55CF8F5469, 508A75BBBDBD4714CC31F74607B79D48B0CF12C2CA36AFDD184B1CEDB0D842F5 ] C:\Program Files\Logitech Gaming Software\LCore.exe
12:01:10.0196 0x096c  Launch LCore - ok
12:01:11.0028 0x096c  [ 43AE0E5116064582C6F0546B3B9B685F, 0BBB80C5B8F118A5AC97A73049F2C15D1E8168C34C5C7BC56C45AC82C476341D ] C:\Program Files\Box\Box Sync\BoxSync.exe
12:01:11.0215 0x096c  BoxSync - ok
12:01:11.0324 0x096c  [ FE18DDEA98D90DBF850AFCA0158ABEC8, 8EC0099B560CC23DA6D26A71A202667D1A7C4BC37CE0F9F3458EA40440541D06 ] C:\Program Files\Everything\Everything.exe
12:01:11.0378 0x096c  Everything - ok
12:01:11.0411 0x096c  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:01:11.0436 0x096c  SwitchBoard - ok
12:01:11.0503 0x096c  [ 3EE19173AC7BB16AD239B195D97C13B0, A9E5FC90F20DC7500A186C9D184ED55BC04038FFC6D97714E64C660EAE808A98 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
12:01:11.0545 0x096c  AdobeCS6ServiceManager - ok
12:01:11.0690 0x096c  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:01:11.0748 0x096c  Adobe ARM - ok
12:01:11.0883 0x096c  [ 505E8BDA9F740F45846C68EAD3FDB7E3, DEDB705065DA99941048DBCE7A3100548BB09383DA472730C4DF2AE62B16F774 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
12:01:11.0886 0x096c  Adobe Acrobat Speed Launcher - ok
12:01:12.0052 0x096c  [ 778615BE018111F244F1618EBCA97F54, FA8859EE35933605B44D4BCC199CC72E3A04AC878DDB0A4A4B1E0E41C6E7C0A9 ] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
12:01:12.0090 0x096c  Acrobat Assistant 8.0 - ok
12:01:12.0181 0x096c  [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
12:01:12.0184 0x096c  APSDaemon - ok
12:01:12.0360 0x096c  [ D3F0452392C45081D8866A92C86D1C7C, A746ED0D69FC51D974B445AB387C7315B70D7555B7499945A1D64F3E8A865340 ] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe
12:01:12.0374 0x096c  ISUSPM - ok
12:01:12.0468 0x096c  [ 9EAB34F5526707C377B6828A75F92FB4, 458512F22350F842D28ADE3B650FB48DF27ECF62D1ABEB888DBE69B7844D3FAA ] C:\Program Files\PowerISO\PWRISOVM.EXE
12:01:12.0484 0x096c  PWRISOVM.EXE - ok
12:01:12.0795 0x096c  [ F2CFB706F83880F712F116BD786B52A7, 6F5ABCE4EFB6D6B6D78A64A76EACFC30C37541373547ED0FBEE319E15A584D39 ] C:\Program Files (x86)\System Explorer\SystemExplorer.exe
12:01:12.0893 0x096c  SystemExplorerAutoStart - ok
12:01:12.0946 0x096c  [ 22B6BC5733A4447721BC8FA8A2BE7BE2, D58E032C7094E63E17ACB1BB93686F7821797FAC9317D18957D924538ED6958E ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
12:01:12.0970 0x096c  Cisco AnyConnect Secure Mobility Agent for Windows - ok
12:01:13.0051 0x096c  [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
12:01:13.0067 0x096c  SunJavaUpdateSched - ok
12:01:13.0105 0x096c  [ 243C0BA28FFD8252DD5C2259C956A4C2, 92176538FC190669CE7560627409555989E2D474D2923E7BDAD057F98AF4EE93 ] C:\Program Files\FolderSize\FolderSize.exe
12:01:13.0112 0x096c  Folder Size - ok
12:01:13.0209 0x096c  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
12:01:13.0275 0x096c  Sidebar - ok
12:01:13.0364 0x096c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\Orlin Vakarelov\AppData\Local\Google\Update\GoogleUpdate.exe
12:01:13.0370 0x096c  Google Update - ok
12:01:13.0371 0x096c  Waiting for KSN requests completion. In queue: 145
12:01:14.0499 0x096c  AV detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\WSCSavNotifier.exe ( 12.1.3001.165 ), 0x71000 ( enabled : updated )
12:01:14.0521 0x096c  FW detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe ( 12.1.3001.165 ), 0x41010 ( enabled )
12:01:15.0108 0x096c  ============================================================
12:01:15.0109 0x096c  Scan finished
12:01:15.0109 0x096c  ============================================================
12:01:15.0127 0x0ab4  Detected object count: 0
12:01:15.0127 0x0ab4  Actual detected object count: 0
 

 

______________

 

aswMBR version 1.0.1.2172 Copyright© 2014 AVAST Software
Run date: 2014-10-30 12:02:49
-----------------------------
12:02:49.572    OS Version: Windows x64 6.1.7601 Service Pack 1
12:02:49.572    Number of processors: 2 586 0x170A
12:02:49.573    ComputerName: VAKLAP2  UserName:
12:02:51.542    Initialize success
12:02:51.931    VM: initialized successfully
12:02:51.933    VM: Intel CPU virtualization not supported
12:02:51.954    supported disk I/O ataport.SYS
12:04:29.181    AVAST engine defs: 14103001
12:04:41.424    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:04:41.428    Disk 0 Vendor: WDC_WD7500BPKT-75PK4T0 01.01A01 Size: 715404MB BusType: 11
12:04:41.656    Disk 0 MBR read successfully I/O
12:04:41.660    Disk 0 MBR scan
12:04:41.668    Disk 0 Windows 7 default MBR code
12:04:41.674    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
12:04:41.695    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       705580 MB offset 3084480
12:04:41.702    Disk 0 Boot: NTFS     code=1
12:04:41.740    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         8317 MB offset 1448115160
12:04:41.936    Disk 0 scanning C:\Windows\system32\drivers
12:05:19.033    Service scanning
12:05:28.718    Service BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys **LOCKED** 5
12:05:36.130    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
12:05:36.492    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
12:05:39.710    Service IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20141029.011\IDSvia64.sys **LOCKED** 5
12:05:45.946    Service NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20141029.001\ENG64.SYS **LOCKED** 5
12:05:46.153    Service NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20141029.001\EX64.SYS **LOCKED** 5
12:05:58.502    Service SyDvCtrl C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SyDvCtrl64.sys **LOCKED** 5
12:06:05.485    Modules scanning
12:06:05.500    Disk 0 trace - called modules:
12:06:05.524    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:06:05.534    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004884060]
12:06:05.544    3 CLASSPNP.SYS[fffff88001b4443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046ef060]
12:06:07.831    AVAST engine scan C:\Windows
12:06:12.974    AVAST engine scan C:\Windows\system32
12:13:01.375    AVAST engine scan C:\Windows\system32\drivers
12:15:34.182    AVAST engine scan C:\Users\Orlin Vakarelov
12:57:33.074    Disk 0 statistics 4584365/22/0 @ 1.02 MB/s
12:57:33.085    Scan stopped
12:58:10.466    Disk 0 MBR has been saved successfully to "C:\Users\Orlin Vakarelov\Desktop\Virus Scans\MBR.dat"
12:58:10.472    The log file has been saved successfully to "C:\Users\Orlin Vakarelov\Desktop\Virus Scans\aswMBR.txt"

 

Attached Files

  • Attached File  MBR.zip   614bytes   0 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:27 PM

Posted 31 October 2014 - 07:07 AM

Your logs are clean.

Your logs are clean.

I just want to make sure the the process is iexplorer.exe (iexplore with an r at the end)

If it is we may be dealing with a WORM.
SEE HERE
http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-chrome&search=iexplorer.exe


--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

#9 Vakarelov

Vakarelov
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 01 November 2014 - 10:42 PM

Hi, the processes are iexplore.exe. See the attached image.

 

Here are the logs:

 

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Orlin Vakarelov [Administrator]
Mode : Delete -- Date : 10/31/2014  23:47:41

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 4 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                   activate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                   practivate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                   lmlicenses.wip4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1                   lm.licenses.adobe.com

¤¤¤ Antirootkit : 126 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\DRIVERS\o2mdx64.sys)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74f69e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74f69c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateUserProcess : C:\Windows\System32\SYSFER.DLL @ 0x74f69b85 (jmp 0xfffffffffdaf7e05)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenKeyEx : C:\Windows\System32\SYSFER.DLL @ 0x74f69ced (jmp 0xfffffffffdaf7aed)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74f69c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74f69e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : C:\Windows\System32\SYSFER.DLL @ 0x74f69e55 (jmp 0xfffffffffdaf8675)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : C:\Windows\System32\SYSFER.DLL @ 0x74f69e55 (jmp 0xfffffffffdaf8675)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtRenameKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69d65 (jmp 0xfffffffffdaf76d5)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtOpenKeyEx : C:\Windows\System32\SYSFER.DLL @ 0x74f69ced (jmp 0xfffffffffdaf7aed)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74f69e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74f69c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - ZwOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - ZwCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74f69c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - ZwDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - ZwDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74f69e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74f69c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74f69c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74f69e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ CRYPTBASE.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtDeleteFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69bc1 (jmp 0xfffffffffdaf7dc1)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74f69c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtDeleteKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69d29 (jmp 0xfffffffffdaf7f19)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ rsaenh.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ rsaenh.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ netutils.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtOpenKeyEx : C:\Windows\System32\SYSFER.DLL @ 0x74f69ced (jmp 0xfffffffffdaf7aed)
[IAT:Inl] (explorer.exe @ iertutil.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ WININET.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ WININET.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ netshell.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ IPHLPAPI.DLL) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74f69e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ CSCDLL.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ CSCAPI.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ntshrui.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ srvcli.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ksuser.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74f69e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ dhcpcsvc.DLL) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ wkscli.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtMapViewOfSection : C:\Windows\System32\SYSFER.DLL @ 0x74f69c39 (jmp 0xfffffffffdaf8709)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtDeleteFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69bc1 (jmp 0xfffffffffdaf7dc1)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ DEVRTL.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ drprov.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ drprov.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ntlanman.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ntlanman.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ DAVHLPR.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ncrypt.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ ncrypt.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ ncrypt.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ bcrypt.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ bcrypt.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74f69e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ bcryptprimitives.dll) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)
[IAT:Inl] (explorer.exe @ bcryptprimitives.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ bcryptprimitives.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74f69e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtSetInformationFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69da1 (jmp 0xfffffffffdaf8881)
[IAT:Inl] (explorer.exe @ mswsock.dll) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ wshtcpip.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74f69e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ wship6.dll) ntdll.dll - NtTerminateProcess : C:\Windows\System32\SYSFER.DLL @ 0x74f69e19 (jmp 0xfffffffffdaf88a9)
[IAT:Inl] (explorer.exe @ rasadhlp.dll) ntdll.dll - NtCreateFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69b0d (jmp 0xfffffffffdaf830d)
[IAT:Inl] (explorer.exe @ msv1_0.DLL) ntdll.dll - NtOpenKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69cb1 (jmp 0xfffffffffdaf88e1)
[IAT:Inl] (explorer.exe @ msv1_0.DLL) ntdll.dll - NtSetValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69ddd (jmp 0xfffffffffdaf852d)
[IAT:Inl] (explorer.exe @ msv1_0.DLL) ntdll.dll - NtCreateKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69b49 (jmp 0xfffffffffdaf86c9)
[IAT:Inl] (explorer.exe @ msv1_0.DLL) ntdll.dll - NtDeleteValueKey : C:\Windows\System32\SYSFER.DLL @ 0x74f69bfd (jmp 0xfffffffffdaf7dbd)
[IAT:Inl] (explorer.exe @ sfc_os.DLL) ntdll.dll - NtOpenFile : C:\Windows\System32\SYSFER.DLL @ 0x74f69c75 (jmp 0xfffffffffdaf8695)

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] n5e6olma.default : user_pref("network.proxy.http", "201.148.23.30"); -> Not selected
[PUM.Proxy][FIREFX:Config] n5e6olma.default : user_pref("network.proxy.http_port", 8080); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPKT-75PK4T0 ATA Device +++++
--- User ---
[MBR] aa599f490f210f8f548a642cb88ec2a3
[BSP] 449136d08b8364e83e9e0f6e1c0e0bab : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3084480 | Size: 705580 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1448115160 | Size: 8317 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_10222014_100752.log - RKreport_DEL_10222014_105055.log - RKreport_SCN_10222014_095807.log - RKreport_SCN_10222014_104609.log
RKreport_SCN_10312014_234629.log

 

 

--------------------

 

ComboFix 14-10-29.01 - Orlin Vakarelov 11/01/2014   0:01.3.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3933.357 [GMT -4:00]
Running from: c:\users\Orlin Vakarelov\Desktop\Virus Scans\ComboFix2.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Orlin Vakarelov\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfehhz_.dll
c:\users\ORLINV~1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfehhz_.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-02 to 2014-11-02  )))))))))))))))))))))))))))))))
.
.
2014-11-01 04:55 . 2014-11-01 04:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-31 04:40 . 2014-09-13 01:58    77312    ----a-w-    c:\windows\system32\packager.dll
2014-10-31 04:40 . 2014-09-13 01:40    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2014-10-31 04:40 . 2014-09-18 02:00    3241472    ----a-w-    c:\windows\system32\msi.dll
2014-10-31 04:40 . 2014-09-18 01:32    2363904    ----a-w-    c:\windows\SysWow64\msi.dll
2014-10-31 04:40 . 2014-09-04 05:23    424448    ----a-w-    c:\windows\system32\rastls.dll
2014-10-31 04:40 . 2014-09-04 05:04    372736    ----a-w-    c:\windows\SysWow64\rastls.dll
2014-10-29 15:12 . 2014-10-29 15:20    --------    d-----w-    C:\AdwCleaner
2014-10-26 22:18 . 2014-10-26 22:21    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Roaming\Add-in Express
2014-10-26 22:08 . 2014-10-26 22:08    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Roaming\Prodiance
2014-10-24 17:41 . 2014-11-01 04:56    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Roaming\Everything
2014-10-24 17:41 . 2014-10-24 17:41    --------    d-----w-    c:\program files\Everything
2014-10-24 15:59 . 2014-10-29 21:50    --------    d-----w-    C:\FRST
2014-10-24 14:43 . 2014-10-24 14:43    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Local\CrashDumps
2014-10-24 13:26 . 2014-10-24 13:26    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Local\rohitab.com
2014-10-24 13:24 . 2014-10-24 13:24    --------    d-----w-    c:\program files\rohitab.com
2014-10-24 13:23 . 2014-10-24 13:23    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Local\Downloaded Installations
2014-10-22 19:43 . 2014-10-22 19:45    --------    d-----w-    C:\EEK
2014-10-22 13:31 . 2014-11-01 03:38    37624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-10-22 13:31 . 2014-10-22 13:31    --------    d-----w-    c:\programdata\RogueKiller
2014-10-20 17:47 . 2014-10-20 17:47    --------    d-----w-    c:\windows\ERUNT
2014-10-20 13:13 . 2014-10-20 13:13    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-10-20 13:11 . 2014-10-20 13:11    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-17 17:55 . 2014-10-17 17:55    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Roaming\ABBYY
2014-10-17 17:36 . 2014-10-17 17:52    --------    d-----w-    c:\program files (x86)\ABBYY FineReader 12
2014-10-17 17:36 . 2014-10-17 17:36    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Local\ABBYY
2014-10-17 17:34 . 2014-10-17 17:34    --------    d-----w-    c:\programdata\ABBYY
2014-10-17 13:55 . 2014-10-17 13:55    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-10-17 13:33 . 2014-10-17 13:34    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
2014-10-08 18:06 . 2003-03-19 00:14    499712    ------w-    c:\windows\SysWow64\msvcp71.dll
2014-10-08 18:06 . 2003-02-21 08:42    348160    ------w-    c:\windows\SysWow64\msvcr71.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-01 12:17 . 2013-05-20 07:26    17920    ----a-w-    c:\windows\SysWow64\rpcnetp.dll
2014-11-01 12:14 . 2013-05-20 07:25    17920    ----a-w-    c:\windows\SysWow64\rpcnetp.exe
2014-11-01 12:14 . 2013-05-18 22:05    17920    ----a-w-    c:\windows\system32\rpcnetp.exe
2014-10-31 10:25 . 2013-05-18 19:49    103265616    ----a-w-    c:\windows\system32\MRT.exe
2014-10-24 17:04 . 2013-12-22 16:35    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-24 17:04 . 2013-12-22 16:35    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-23 02:07 . 2014-09-21 22:57    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-21 22:57    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-16 17:57    1729232    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-16 17:57    1729232    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-16 17:57    1729232    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Folder Size"="c:\program files\FolderSize\FolderSize.exe" [2013-02-13 169472]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-09-04 41360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-09-04 840592]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" [2010-05-21 324976]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2013-10-23 377368]
"SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2014-07-28 3830632]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2014-06-11 707496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
c:\users\Orlin Vakarelov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\System32\actuser.dll c:\windows\System32\actuser.dll c:\windows\System32\actuser.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 rpcnetp;rpcnetp;rpcnetp [x]
S1 acnamfd;Cisco AnyConnect Network Access Manager Filter Driver;c:\windows\system32\DRIVERS\acnamfd.sys;c:\windows\SYSNATIVE\DRIVERS\acnamfd.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [x]
S1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC};Symantec Endpoint Protection 12.1.3001.165.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20141030.011\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20141030.011\IDSvia64.sys [x]
S2 ciscod.exe;Cisco Security Service;c:\program files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe;c:\program files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 nam;Cisco AnyConnect Network Access Manager;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe [x]
S2 namlm;Cisco AnyConnect Network Access Manager Logon Module;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe [x]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
S3 acwebsecagent;Cisco AnyConnect Web Security Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-29 16:22    1089352    ----a-w-    c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-22 17:04]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 18:26]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 18:26]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530832876-4176528664-1138455990-1001Core.job
- c:\users\Orlin Vakarelov\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-11 19:27]
.
2014-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530832876-4176528664-1138455990-1001UA.job
- c:\users\Orlin Vakarelov\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-11 19:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-16 17:53    2334416    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-16 17:53    2334416    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-16 17:53    2334416    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncFileLocked]
@="{472d7e0f-709e-3d42-adf8-3ccc2f0ed21c}"
[HKEY_CLASSES_ROOT\CLSID\{472d7e0f-709e-3d42-adf8-3ccc2f0ed21c}]
2010-11-04 21:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncNotSynced]
@="{697ea78e-7d56-3e3d-9463-70807d4e6c6c}"
[HKEY_CLASSES_ROOT\CLSID\{697ea78e-7d56-3e3d-9463-70807d4e6c6c}]
2010-11-04 21:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncProblem]
@="{d9161200-fd91-3d5f-91bf-3b63c48f2ee4}"
[HKEY_CLASSES_ROOT\CLSID\{d9161200-fd91-3d5f-91bf-3b63c48f2ee4}]
2010-11-04 21:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncSynced]
@="{3e98134b-38c1-3752-87b3-7dc5a5c95620}"
[HKEY_CLASSES_ROOT\CLSID\{3e98134b-38c1-3752-87b3-7dc5a5c95620}]
2010-11-04 21:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
"BoxSync"="c:\program files\Box\Box Sync\BoxSync.exe" [2014-10-13 5571144]
"Everything"="c:\program files\Everything\Everything.exe" [2014-08-06 1441792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\actuser.dll c:\windows\System32\actuser.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.4.4 4.2.2.5
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f9,39,1b,26,c3,59,d0,ac,94,19,d3,0c,af,4a,50,76,87,5b,a1,34,c4,
   ca,8e,68,5b,e9,8a,05,64,5c,c3,d9,6e,f3,a5,cc,4d,86,ec,b0,79,b7,92,c9,70,3c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\System32\rpcnetp.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
c:\program files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Completion time: 2014-11-01  22:50:25 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-02 02:50
ComboFix2.txt  2014-10-20 19:28
.
Pre-Run: 422,491,926,528 bytes free
Post-Run: 424,246,444,032 bytes free
.
- - End Of File - - D660DF5F89059D45CD6E2146121266B5
A36C5E4F47E84449FF07ED3517B43A31
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:27 PM

Posted 02 November 2014 - 08:39 AM

Nothing suspicious on your RogueKiller log the file SYSFER.DLL is required by Symantec Endpoint Protection program.

#11 Vakarelov

Vakarelov
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 06 November 2014 - 08:44 AM

I still have the problem however. Something must be causing it. I had actulaly performed most of the steps suggeted here proir to creating the thread. When I said in the first message that I had run many malware/virus removal tools, this included the ones commonly used by this site. There are several similar porst here. I am ready for some more sofisticated, under-the-hood techniques to discover the problem.

 

Thanks!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:27 PM

Posted 06 November 2014 - 10:43 AM

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

What are the issues with this computer?

#13 Vakarelov

Vakarelov
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 09 November 2014 - 01:30 PM

I did that already! Please see my earlier post. Do you insist on doing it again?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:27 PM

Posted 09 November 2014 - 02:07 PM

Please run the AdwCleaner tool. It's been updated.
Delete the current version and get the latest.
Post a fresh log.

Forget about the FRST, run this one.


Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

#15 Vakarelov

Vakarelov
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 10 November 2014 - 09:35 AM

Here are the new longs:

 

 

 

# AdwCleaner v4.100 - Report created 09/11/2014 at 14:36:22
# DB v2014-11-07.1
# Updated 08/11/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Orlin Vakarelov - VAKLAP2
# Running from : C:\Users\Orlin Vakarelov\Desktop\Virus Scans\adwcleaner_4.100.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.3 (x86 en-US)


-\\ Google Chrome v38.0.2125.111

[C:\Users\Orlin Vakarelov\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3225826
[C:\Users\Orlin Vakarelov\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3225826
[C:\Users\Orlin Vakarelov\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Orlin Vakarelov\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Orlin Vakarelov\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48
[C:\Users\Orlin Vakarelov\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48
[C:\Users\Orlin Vakarelov\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48
[C:\Users\Orlin Vakarelov\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3225826&SearchSource=48

*************************

AdwCleaner[R0].txt - [1800 octets] - [29/10/2014 10:12:36]
AdwCleaner[R1].txt - [2419 octets] - [09/11/2014 14:32:51]
AdwCleaner[S0].txt - [1876 octets] - [29/10/2014 10:20:09]
AdwCleaner[S1].txt - [2351 octets] - [09/11/2014 14:36:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2411 octets] ##########
 

 

**********************************************

 

 

ComboFix 14-11-09.02 - Orlin Vakarelov 11/09/2014  15:11:06.4.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3933.2192 [GMT -5:00]
Running from: c:\users\Orlin Vakarelov\Desktop\Virus Scans\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-09 to 2014-11-09  )))))))))))))))))))))))))))))))
.
.
2014-11-09 20:34 . 2014-11-09 20:34    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-11-04 20:34 . 2014-11-04 20:35    --------    d-----w-    c:\program files (x86)\Compare It!
2014-10-31 04:40 . 2014-09-13 01:58    77312    ----a-w-    c:\windows\system32\packager.dll
2014-10-31 04:40 . 2014-09-13 01:40    67072    ----a-w-    c:\windows\SysWow64\packager.dll
2014-10-31 04:40 . 2014-09-18 02:00    3241472    ----a-w-    c:\windows\system32\msi.dll
2014-10-31 04:40 . 2014-09-18 01:32    2363904    ----a-w-    c:\windows\SysWow64\msi.dll
2014-10-31 04:40 . 2014-09-04 05:23    424448    ----a-w-    c:\windows\system32\rastls.dll
2014-10-31 04:40 . 2014-09-04 05:04    372736    ----a-w-    c:\windows\SysWow64\rastls.dll
2014-10-29 15:12 . 2014-11-09 19:36    --------    d-----w-    C:\AdwCleaner
2014-10-26 22:18 . 2014-10-26 22:21    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Roaming\Add-in Express
2014-10-26 22:08 . 2014-10-26 22:08    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Roaming\Prodiance
2014-10-24 17:41 . 2014-11-09 19:42    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Roaming\Everything
2014-10-24 17:41 . 2014-10-24 17:41    --------    d-----w-    c:\program files\Everything
2014-10-24 15:59 . 2014-10-29 21:50    --------    d-----w-    C:\FRST
2014-10-24 14:43 . 2014-10-24 14:43    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Local\CrashDumps
2014-10-24 13:26 . 2014-10-24 13:26    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Local\rohitab.com
2014-10-24 13:24 . 2014-10-24 13:24    --------    d-----w-    c:\program files\rohitab.com
2014-10-24 13:23 . 2014-10-24 13:23    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Local\Downloaded Installations
2014-10-22 19:43 . 2014-10-22 19:45    --------    d-----w-    C:\EEK
2014-10-22 13:31 . 2014-11-01 03:38    37624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-10-22 13:31 . 2014-10-22 13:31    --------    d-----w-    c:\programdata\RogueKiller
2014-10-20 17:47 . 2014-10-20 17:47    --------    d-----w-    c:\windows\ERUNT
2014-10-20 13:13 . 2014-10-20 13:13    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-10-20 13:11 . 2014-10-20 13:11    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-17 17:55 . 2014-10-17 17:55    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Roaming\ABBYY
2014-10-17 17:36 . 2014-10-17 17:52    --------    d-----w-    c:\program files (x86)\ABBYY FineReader 12
2014-10-17 17:36 . 2014-10-17 17:36    --------    d-----w-    c:\users\Orlin Vakarelov\AppData\Local\ABBYY
2014-10-17 17:34 . 2014-10-17 17:34    --------    d-----w-    c:\programdata\ABBYY
2014-10-17 13:55 . 2014-10-17 13:55    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-10-17 13:33 . 2014-10-17 13:34    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-09 19:41 . 2013-05-20 07:26    17920    ----a-w-    c:\windows\SysWow64\rpcnetp.dll
2014-11-09 19:39 . 2013-05-20 07:25    17920    ----a-w-    c:\windows\SysWow64\rpcnetp.exe
2014-11-09 19:39 . 2013-05-18 22:05    17920    ----a-w-    c:\windows\system32\rpcnetp.exe
2014-10-31 10:25 . 2013-05-18 19:49    103265616    ----a-w-    c:\windows\system32\MRT.exe
2014-10-24 17:04 . 2013-12-22 16:35    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-24 17:04 . 2013-12-22 16:35    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-23 02:07 . 2014-09-21 22:57    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-21 22:57    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-16 17:57    1729232    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-16 17:57    1729232    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-16 17:57    1729232    ----a-w-    c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Folder Size"="c:\program files\FolderSize\FolderSize.exe" [2013-02-13 169472]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2014-09-04 41360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-09-04 840592]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" [2010-05-21 324976]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2013-10-23 377368]
"SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2014-07-28 3830632]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2014-06-11 707496]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
c:\users\Orlin Vakarelov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\System32\actuser.dll c:\windows\System32\actuser.dll c:\windows\System32\actuser.dll c:\windows\System32\actuser.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 rpcnetp;rpcnetp;rpcnetp [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe;c:\program files\Box\Box Sync\SyncUpdaterService.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 acnamfd;Cisco AnyConnect Network Access Manager Filter Driver;c:\windows\system32\DRIVERS\acnamfd.sys;c:\windows\SYSNATIVE\DRIVERS\acnamfd.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [x]
S1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC};Symantec Endpoint Protection 12.1.3001.165.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20141104.011\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20141104.011\IDSvia64.sys [x]
S2 ciscod.exe;Cisco Security Service;c:\program files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe;c:\program files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 nam;Cisco AnyConnect Network Access Manager;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe [x]
S2 namlm;Cisco AnyConnect Network Access Manager Logon Module;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe [x]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
S3 acwebsecagent;Cisco AnyConnect Web Security Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acwebsecagent.exe [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-29 16:22    1089352    ----a-w-    c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-22 17:04]
.
2014-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 18:26]
.
2014-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 18:26]
.
2014-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530832876-4176528664-1138455990-1001Core.job
- c:\users\Orlin Vakarelov\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-11 19:27]
.
2014-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2530832876-4176528664-1138455990-1001UA.job
- c:\users\Orlin Vakarelov\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-11 19:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    BoxSyncFileLocked]
@="{9a216f5d-3530-3b1a-8006-9a1233402fba}"
[HKEY_CLASSES_ROOT\CLSID\{9a216f5d-3530-3b1a-8006-9a1233402fba}]
2010-11-04 21:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    BoxSyncNotSynced]
@="{4c3d7a5e-7476-3c21-9717-0614ce209c44}"
[HKEY_CLASSES_ROOT\CLSID\{4c3d7a5e-7476-3c21-9717-0614ce209c44}]
2010-11-04 21:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    BoxSyncProblem]
@="{aa0bacc8-a5df-34b0-acd8-e6739d92010e}"
[HKEY_CLASSES_ROOT\CLSID\{aa0bacc8-a5df-34b0-acd8-e6739d92010e}]
2010-11-04 21:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\    BoxSyncSynced]
@="{0f20db5b-365d-3cc6-82eb-41207f77bb71}"
[HKEY_CLASSES_ROOT\CLSID\{0f20db5b-365d-3cc6-82eb-41207f77bb71}]
2010-11-04 21:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-16 17:53    2334416    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-16 17:53    2334416    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-16 17:53    2334416    ----a-w-    c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Orlin Vakarelov\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-08-01 8290584]
"BoxSync"="c:\program files\Box\Box Sync\BoxSync.exe" [2014-11-01 5602232]
"Everything"="c:\program files\Everything\Everything.exe" [2014-08-06 1441792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\actuser.dll c:\windows\System32\actuser.dll c:\windows\System32\actuser.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Orlin Vakarelov\AppData\Roaming\Mozilla\Firefox\Profiles\n5e6olma.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f9,39,1b,26,c3,59,d0,ac,94,19,d3,0c,af,4a,50,76,87,5b,a1,34,c4,
   ca,8e,68,5b,e9,8a,05,64,5c,c3,d9,6e,f3,a5,cc,4d,86,ec,b0,79,b7,92,c9,70,3c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-09  15:40:37
ComboFix-quarantined-files.txt  2014-11-09 20:40
ComboFix2.txt  2014-11-02 02:50
.
Pre-Run: 429,717,794,816 bytes free
Post-Run: 429,252,087,808 bytes free
.
- - End Of File - - 69FFA604397837C732593199B2C2A90F
A36C5E4F47E84449FF07ED3517B43A31
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users