Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible hijacking, tough to find, mysterious history and tasks


  • This topic is locked This topic is locked
53 replies to this topic

#1 apolaris

apolaris

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 03 November 2014 - 02:49 AM

The following problems have been hitting my computer for about four days:

 

- Task manager shows two winlogon.exe, two csrss.exe, and two explorer.exe processes. All did not have "user names" or "descriptions" until today (though they have PIDs), when they were apparently assigned "SYSTEM" or occasionally my own name as user names. None of these existed until then; all of those ran once.

- The extra explorer.exe process occasionally ramps its working set up as high as 1,100,000 K on task manager. It also cannot be shut down in task manager unless I run it as an administrator and use "end process tree." If I do so, it does not in any way affect my system (my screen doesn't refresh itself or even blink), but it does restart itself at lower memory usage until it works its way back up.

- When it does this, it occasionally lags my system to near-freezing and, during the first day, it even prevented me from clicking anywhere on my start menu, including the search function and the shutdown menu. It also caused my computer not to load msconfig or regedit from task manager, though neither has given me trouble since.

- It does not run the extra processes in safe mode.

- None of the new processes do anything when "properties" is clicked to find a location.

- For some reason, random websites are now appearing in my browser history with multiple visited pages under most of their folders. Most seem to be legit sites relating to things I'd have no reason to visit, such as 123recipes, travel sites, PhD programs, fashion sales, video advertisements, Bratano (whatever that is), and North Carolina scuba diving. I have noticed more of this sites appear in history every time there's a spike in explorer activity, and it happens in IE's history, not Chrome's or Firefox's.

 

Before visiting bleepingcomputer, I had tried all of the following with no results: Norton Antivirus full system scan, then shut it down and used MalwareBytes full scan, TDSSKiller, HijackThis (technically this found a bunch of "file missing" issues), and ComboFix. Trying them in Safe Mode also made no difference. The following thread contains the steps I've taken since then and include all of the appropriate logs: 

http://www.bleepingcomputer.com/forums/t/554168/possible-hijacking-but-extremely-covert/

 

Cobian is currently establishing a ZIP compressed backup for my >65GB music and document libraries. They are going into a folder on my desktop.

 

My DDS log is here:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344
Run by Anthony at 2:02:32 on 2014-11-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2013.571 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\SysWOW64\WN311BFCS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\explorer.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Cobian Backup 11\cbService.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\windows\explorer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coieplg.dll
BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ips\ipsbho.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coieplg.dll
uRun: [BitTorrent] "C:\Users\Anthony\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
mRun: [AS00_WN311B] C:\Program Files (x86)\NETGEAR\WN311B\Utility\WN311B.exe /hide
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{10DECC02-7A11-4D94-AC6D-BC96A8E0C853} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{29385ADD-1D1B-49F3-8A83-F1320052F55E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{69036CF3-8F59-430B-82DD-F282FAA819DE} : DHCPNameServer = 192.168.1.1
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\avf67dw9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Anthony\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\1405000.01C\symds64.sys [2014-5-1 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\1405000.01C\symefa64.sys [2014-5-1 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [2014-10-27 1587416]
R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\System32\drivers\N360x64\1405000.01C\ccsetx64.sys [2014-5-1 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20141101.001\IDSviA64.sys [2014-10-31 633560]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\1405000.01C\ironx64.sys [2014-5-1 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\1405000.01C\symnets.sys [2014-5-1 433752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\windows\System32\drivers\AE1200w764.sys [2011-3-28 1254464]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-4-7 291328]
R3 SMARTMouseFilterx64;HID-compliant mouse;C:\windows\System32\drivers\SMARTMouseFilterx64.sys [2013-8-12 10240]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2013-8-12 9216]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\windows\System32\drivers\BVRPMPR5a64.SYS [2010-10-26 35840]
S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-6-10 19456]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\windows\System32\drivers\SMARTVTabletPCx64.sys [2013-8-12 22184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-6-10 57856]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2014-11-03 06:20:57 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-11-03 01:10:30 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2014-11-02 03:01:12 -------- d-----w- C:\Program Files (x86)\ESET
2014-11-02 02:37:48 -------- d-----w- C:\windows\ERUNT
2014-10-31 22:17:42 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-30 16:43:55 -------- d-----w- C:\Program Files (x86)\WhatsRunning
2014-10-30 16:14:25 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-10-30 16:12:15 -------- d-----w- C:\AdwCleaner
2014-10-30 07:44:11 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-30 06:45:14 -------- d-----w- C:\ComboFix
2014-10-30 04:47:40 128728 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-10-30 04:47:21 92888 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-10-30 04:47:21 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-10-30 04:47:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 20:43:19 -------- d--h--w- C:\ProgramData\{4BA6AB29-2EAB-46FC-8B33-A767B5DBB0F3}
2014-10-16 05:00:11 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-10-16 05:00:08 1943696 ----a-w- C:\windows\System32\dfshim.dll
2014-10-16 05:00:08 156824 ----a-w- C:\windows\SysWow64\mscorier.dll
2014-10-16 05:00:08 156312 ----a-w- C:\windows\System32\mscorier.dll
2014-10-16 05:00:08 1131664 ----a-w- C:\windows\SysWow64\dfshim.dll
2014-10-16 05:00:07 81560 ----a-w- C:\windows\SysWow64\mscories.dll
2014-10-16 05:00:07 73880 ----a-w- C:\windows\System32\mscories.dll
2014-10-16 04:58:54 3241472 ----a-w- C:\windows\System32\msi.dll
.
==================== Find3M  ====================
.
2014-11-03 00:04:54 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-03 00:04:54 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-10-10 02:05:59 276480 ----a-w- C:\windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-10-01 15:11:12 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\windows\SysWow64\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\windows\SysWow64\rastls.dll
2014-08-29 02:07:13 44032 ----a-w- C:\windows\System32\tsgqec.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\windows\System32\rdpcorets.dll
2014-08-29 02:07:12 5780480 ----a-w- C:\windows\System32\mstscax.dll
2014-08-29 02:07:10 322560 ----a-w- C:\windows\System32\aaclient.dll
2014-08-29 02:06:47 1125888 ----a-w- C:\windows\System32\mstsc.exe
2014-08-29 01:44:52 37376 ----a-w- C:\windows\SysWow64\tsgqec.dll
2014-08-29 01:44:51 4922368 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-08-29 01:44:49 269312 ----a-w- C:\windows\SysWow64\aaclient.dll
2014-08-29 01:44:19 1050112 ----a-w- C:\windows\SysWow64\mstsc.exe
2014-08-23 02:07:00 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-02-14 06:02:32 49940480 ----a-w- C:\Program Files (x86)\GUTFCEB.tmp
2012-08-13 08:58:22 473600 ----a-w- C:\Program Files\setup.exe
2012-08-13 08:58:22 3162112 ----a-w- C:\Program Files\openofficeorg341.msi
2010-05-21 15:59:50 3095040 ----a-w- C:\Program Files (x86)\openofficeorg32.msi
.
============= FINISH:  2:10:49.75 ===============
 
Attached File  attach.txt   6.07KB   0 downloads


BC AdBot (Login to Remove)

 


#2 apolaris

apolaris
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 03 November 2014 - 11:39 AM

A new symptom has just appeared: my Facebook account randomly "liked" a page called "Myanmar Model," which matches one of the pages that's been randomly appearing in my IE history. I'd never visited the site or the Facebook page myself.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:22 PM

Posted 08 November 2014 - 08:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554508 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 apolaris

apolaris
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 09 November 2014 - 10:50 PM

New DDS logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by Anthony at 22:39:02 on 2014-11-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2013.150 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Cobian Backup 11\cbService.exe
C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\SysWOW64\WN311BFCS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Users\Anthony\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\NETGEAR\WN311B\Utility\WN311B.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\ctfmon.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coieplg.dll
BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\java\jre1.8.0_25\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\java\jre1.8.0_25\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coieplg.dll
uRun: [BitTorrent] "C:\Users\Anthony\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
mRun: [AS00_WN311B] C:\Program Files (x86)\NETGEAR\WN311B\Utility\WN311B.exe /hide
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{10DECC02-7A11-4D94-AC6D-BC96A8E0C853} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{29385ADD-1D1B-49F3-8A83-F1320052F55E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{69036CF3-8F59-430B-82DD-F282FAA819DE} : DHCPNameServer = 192.168.1.1
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\avf67dw9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Anthony\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\1405000.01C\symds64.sys [2014-5-1 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\1405000.01C\symefa64.sys [2014-5-1 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [2014-11-3 1587416]
R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\System32\drivers\N360x64\1405000.01C\ccsetx64.sys [2014-5-1 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20141107.001\IDSviA64.sys [2014-11-7 633560]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\1405000.01C\ironx64.sys [2014-5-1 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\1405000.01C\symnets.sys [2014-5-1 433752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;C:\windows\System32\drivers\AE1200w764.sys [2011-3-28 1254464]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-4-7 291328]
R3 SMARTMouseFilterx64;HID-compliant mouse;C:\windows\System32\drivers\SMARTMouseFilterx64.sys [2013-8-12 10240]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2013-8-12 9216]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\windows\System32\drivers\BVRPMPR5a64.SYS [2010-10-26 35840]
S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-6-10 19456]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\windows\System32\drivers\SMARTVTabletPCx64.sys [2013-8-12 22184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-6-10 57856]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2014-11-04 03:49:28 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-03 06:20:57 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-11-03 01:10:30 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2014-11-02 03:01:12 -------- d-----w- C:\Program Files (x86)\ESET
2014-11-02 02:37:48 -------- d-----w- C:\windows\ERUNT
2014-10-31 22:17:42 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-30 16:43:55 -------- d-----w- C:\Program Files (x86)\WhatsRunning
2014-10-30 16:14:25 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-10-30 16:12:15 -------- d-----w- C:\AdwCleaner
2014-10-30 07:44:11 -------- d-sh--w- C:\$RECYCLE.BIN
2014-10-30 06:45:14 -------- d-----w- C:\ComboFix
2014-10-30 04:47:40 128728 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-10-30 04:47:21 92888 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-10-30 04:47:21 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-10-30 04:47:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 20:43:19 -------- d--h--w- C:\ProgramData\{4BA6AB29-2EAB-46FC-8B33-A767B5DBB0F3}
2014-10-16 05:00:11 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-10-16 05:00:08 1943696 ----a-w- C:\windows\System32\dfshim.dll
2014-10-16 05:00:08 156824 ----a-w- C:\windows\SysWow64\mscorier.dll
2014-10-16 05:00:08 156312 ----a-w- C:\windows\System32\mscorier.dll
2014-10-16 05:00:08 1131664 ----a-w- C:\windows\SysWow64\dfshim.dll
2014-10-16 05:00:07 81560 ----a-w- C:\windows\SysWow64\mscories.dll
2014-10-16 05:00:07 73880 ----a-w- C:\windows\System32\mscories.dll
2014-10-16 04:58:54 3241472 ----a-w- C:\windows\System32\msi.dll
.
==================== Find3M  ====================
.
2014-11-03 00:04:54 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-03 00:04:54 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-10-10 02:05:59 276480 ----a-w- C:\windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-10-01 15:11:12 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\windows\SysWow64\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\windows\SysWow64\rastls.dll
2014-08-29 02:07:13 44032 ----a-w- C:\windows\System32\tsgqec.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\windows\System32\rdpcorets.dll
2014-08-29 02:07:12 5780480 ----a-w- C:\windows\System32\mstscax.dll
2014-08-29 02:07:10 322560 ----a-w- C:\windows\System32\aaclient.dll
2014-08-29 02:06:47 1125888 ----a-w- C:\windows\System32\mstsc.exe
2014-08-29 01:44:52 37376 ----a-w- C:\windows\SysWow64\tsgqec.dll
2014-08-29 01:44:51 4922368 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-08-29 01:44:49 269312 ----a-w- C:\windows\SysWow64\aaclient.dll
2014-08-29 01:44:19 1050112 ----a-w- C:\windows\SysWow64\mstsc.exe
2014-08-23 02:07:00 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-02-14 06:02:32 49940480 ----a-w- C:\Program Files (x86)\GUTFCEB.tmp
2012-08-13 08:58:22 473600 ----a-w- C:\Program Files\setup.exe
2012-08-13 08:58:22 3162112 ----a-w- C:\Program Files\openofficeorg341.msi
2010-05-21 15:59:50 3095040 ----a-w- C:\Program Files (x86)\openofficeorg32.msi
.
============= FINISH: 22:45:34.35 ===============
 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 PM

Posted 10 November 2014 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#6 apolaris

apolaris
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 10 November 2014 - 12:47 PM

Here's the (second) ComboFix log (I don't have a log for when I ran it before visiting here):

 

ComboFix 14-11-10.02 - Anthony 11/10/2014  12:15:25.4.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2013.703 [GMT -5:00]
Running from: c:\users\Anthony\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-10 to 2014-11-10  )))))))))))))))))))))))))))))))
.
.
2014-11-10 17:32 . 2014-11-10 17:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-11-10 17:32 . 2014-11-10 17:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-10 17:32 . 2014-11-10 17:32 -------- d-----w- c:\users\Dad photos\AppData\Local\temp
2014-11-04 03:49 . 2014-11-04 03:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-11-04 03:49 . 2014-11-04 03:48 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-03 06:20 . 2014-11-03 06:30 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2014-11-03 01:10 . 2014-11-03 01:10 -------- d-----w- c:\program files (x86)\Xiph.Org
2014-11-02 03:01 . 2014-11-02 03:01 -------- d-----w- c:\program files (x86)\ESET
2014-11-02 02:37 . 2014-11-02 02:37 -------- d-----w- c:\windows\ERUNT
2014-10-31 22:17 . 2014-10-31 23:23 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-30 16:43 . 2014-10-30 16:47 -------- d-----w- c:\program files (x86)\WhatsRunning
2014-10-30 16:14 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-10-30 16:12 . 2014-11-02 02:29 -------- d-----w- C:\AdwCleaner
2014-10-30 04:47 . 2014-10-31 22:17 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-30 04:47 . 2014-10-31 22:17 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-30 04:47 . 2014-10-01 15:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-30 04:47 . 2014-10-30 04:47 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-29 20:43 . 2014-11-10 16:18 -------- d--h--w- c:\programdata\{4BA6AB29-2EAB-46FC-8B33-A767B5DBB0F3}
2014-10-16 05:00 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-16 05:00 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2014-10-16 05:00 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2014-10-16 05:00 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2014-10-16 05:00 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-10-16 05:00 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2014-10-16 05:00 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2014-10-16 04:58 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-03 00:04 . 2012-05-16 16:19 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-03 00:04 . 2011-06-05 05:08 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-16 07:00 . 2011-02-05 08:00 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-01 15:11 . 2011-04-22 01:02 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 04:54 . 2013-06-21 20:20 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-09-25 02:08 . 2014-10-01 14:26 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 14:26 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-24 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 13:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-31 14:53 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 01:48 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 01:48 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-02-14 06:02 . 2014-02-14 06:02 49940480 ----a-w- c:\program files (x86)\GUTFCEB.tmp
2012-08-13 08:58 . 2012-08-13 08:58 473600 ----a-w- c:\program files\setup.exe
2012-08-13 08:58 . 2012-08-13 08:58 3162112 ----a-w- c:\program files\openofficeorg341.msi
2010-05-21 15:59 . 2010-05-21 15:59 3095040 ----a-w- c:\program files (x86)\openofficeorg32.msi
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\Anthony\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-10-27 1388376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AS00_WN311B"="c:\program files (x86)\NETGEAR\WN311B\Utility\WN311B.exe" [2007-09-21 2150400]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-03-25 329312]
"Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2013-03-08 4407808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVTabletPCx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [x]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
R4 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R4 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1405000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1405000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20141030.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20141107.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20141107.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1405000.01C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1405000.01C\SYMNETS.SYS [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe;c:\program files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe [x]
S2 SMARTHelperService;SMART Helper Service;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [x]
S2 WN311BFCS;Netgear WN311B Wireless Control Service;c:\windows\system32\WN311BFCS.exe;c:\windows\SYSNATIVE\WN311BFCS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE1200w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE1200w764.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTMouseFilterx64.sys [x]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-27 23:39 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15 01:31]
.
2014-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15 01:31]
.
2014-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2038435613-138853392-2710362757-1000Core.job
- c:\users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-25 01:48]
.
2014-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2038435613-138853392-2710362757-1000UA.job
- c:\users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-25 01:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8312352]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-03-25 329312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\avf67dw9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{8BA85C75-763B-4103-94EB-9470F12FE0F7} - (no file)
ShellIconOverlayIdentifiers-{CD55129A-B1A1-438E-A425-CEBC7DC684EE} - (no file)
ShellIconOverlayIdentifiers-{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} - (no file)
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.5.0.28\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-10  12:37:46
ComboFix-quarantined-files.txt  2014-11-10 17:37
ComboFix2.txt  2012-07-09 23:36
.
Pre-Run: 236,431,286,272 bytes free
Post-Run: 236,557,156,352 bytes free
.
- - End Of File - - 8CF8E8AF55A4A07F2760CEEFEA00EDF8
8C9F9E03865C35F0F3829A23CDA42F5D

 



#7 apolaris

apolaris
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 10 November 2014 - 01:00 PM

FRST logs. I should note that the computer was not experiencing the symptoms when these were run. Should I perform the tasks again the next time symptoms appear?

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Anthony (administrator) on NEWCOMP on 10-11-2014 12:55:39
Running from C:\Users\Anthony\Desktop
Loaded Profile: Anthony (Available profiles: Anthony)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NetGear) C:\Windows\SysWOW64\WN311BFCS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccsvchst.exe
(NetGear) C:\Program Files (x86)\NETGEAR\WN311B\Utility\WN311B.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [329312 2012-03-25] (BillP Studios)
HKLM-x32\...\Run: [AS00_WN311B] => C:\Program Files (x86)\NETGEAR\WN311B\Utility\WN311B.exe [2150400 2007-09-21] (NetGear)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [329312 2012-03-25] (BillP Studios)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2038435613-138853392-2710362757-1000\...\Run: [BitTorrent] => C:\Users\Anthony\AppData\Roaming\BitTorrent\BitTorrent.exe [1388376 2014-10-27] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\20.5.0.28\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2038435613-138853392-2710362757-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS403
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll (SMART Technologies ULC.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\avf67dw9.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2038435613-138853392-2710362757-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2038435613-138853392-2710362757-1000: @talk.google.com/O1DPlugin -> C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2038435613-138853392-2710362757-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Anthony\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2038435613-138853392-2710362757-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Anthony\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2038435613-138853392-2710362757-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Anthony\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-06]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\coFFPlgn [2014-11-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Google Update) - C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-20]
CHR Extension: (Google Drive) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-20]
CHR Extension: (Adblock Plus) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-25]
CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-20]
CHR Extension: (AdBlock) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-25]
CHR Extension: (Goko Dominion Salvager) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaignighoceeemhinbbophdeogpnedjn [2014-01-08]
CHR Extension: (Google Wallet) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-20]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nggpimjphaddnmglppamgbjkjajhbkdm] - C:\ProgramData\Download and Sa\nggpimjphaddnmglppamgbjkjajhbkdm.crx [2014-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
S4 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [238328 2009-10-09] (WildTangent, Inc.)
S4 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [539952 2013-08-22] (SMART Technologies)
S4 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
R2 WN311BFCS; C:\windows\SysWOW64\WN311BFCS.exe [393216 2007-09-21] (NetGear) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20141107.001\IDSvia64.sys [633560 2014-08-27] (Symantec Corporation)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20141109.023\ENG64.SYS [129752 2014-10-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20141109.023\EX64.SYS [2137304 2014-10-24] (Symantec Corporation)
R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-08-12] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-08-12] (SMART Technologies)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-08-12] (SMART Technologies ULC)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 12:55 - 2014-11-10 12:56 - 00022301 _____ () C:\Users\Anthony\Desktop\FRST.txt
2014-11-10 12:55 - 2014-11-10 12:55 - 02116096 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe
2014-11-10 12:55 - 2014-11-10 12:55 - 00000000 ____D () C:\FRST
2014-11-10 12:51 - 2014-11-10 12:51 - 01107968 _____ (Farbar) C:\Users\Anthony\Desktop\FRST.exe
2014-11-10 12:37 - 2014-11-10 12:37 - 00020212 _____ () C:\ComboFix.txt
2014-11-10 12:07 - 2014-11-10 12:07 - 05598341 ____R (Swearware) C:\Users\Anthony\Desktop\ComboFix.exe
2014-11-09 22:37 - 2014-11-09 22:37 - 00688992 ____R (Swearware) C:\Users\Anthony\Desktop\dds.com
2014-11-09 21:19 - 2014-11-09 22:59 - 00000000 ____D () C:\Users\Anthony\Downloads\KOKIA Music Collection
2014-11-03 22:49 - 2014-11-03 22:48 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-03 22:48 - 2014-11-03 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-03 22:40 - 2014-11-03 22:40 - 00638888 _____ (Oracle Corporation) C:\Users\Anthony\Downloads\chromeinstall-8u25.exe
2014-11-03 02:11 - 2014-11-09 22:46 - 00007456 _____ () C:\Users\Anthony\Desktop\attach.txt
2014-11-03 02:11 - 2014-11-09 22:45 - 00017688 _____ () C:\Users\Anthony\Desktop\dds.txt
2014-11-03 01:34 - 2014-11-03 01:34 - 00688992 _____ (Swearware) C:\Users\Anthony\Downloads\dds (1).com
2014-11-03 01:33 - 2014-11-03 01:33 - 00688992 ____R (Swearware) C:\Users\Anthony\Downloads\dds.com
2014-11-03 01:30 - 2014-11-03 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-11-03 01:29 - 2014-11-03 01:29 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Anthony\Downloads\cbSetup (1).exe
2014-11-03 01:20 - 2014-11-03 01:30 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-11-03 01:17 - 2014-11-03 01:17 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Anthony\Downloads\cbSetup.exe
2014-11-03 00:15 - 2014-11-03 00:15 - 00012714 ____N () C:\Users\Anthony\Documents\Procexp.txt
2014-11-02 21:44 - 2014-11-02 21:44 - 01188194 _____ () C:\Users\Anthony\Downloads\ProcessExplorer.zip
2014-11-02 20:35 - 2014-11-03 10:12 - 00000000 ____D () C:\Users\Anthony\Downloads\Kokia pearl ~The Best Collection~
2014-11-02 20:24 - 2014-11-02 20:24 - 04432135 _____ () C:\Users\Anthony\Downloads\NeroAudioPlugins.zip
2014-11-02 20:22 - 2014-11-02 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-11-02 20:20 - 2014-11-02 20:20 - 02653944 _____ (Xiph.Org) C:\Users\Anthony\Downloads\opencodecs_0.85.17777 (1).exe
2014-11-02 20:10 - 2014-11-02 20:10 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-11-02 20:08 - 2014-11-02 20:08 - 02653944 _____ (Xiph.Org) C:\Users\Anthony\Downloads\opencodecs_0.85.17777.exe
2014-11-02 19:57 - 2014-11-02 19:57 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-02 19:57 - 2014-11-02 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 19:53 - 2014-11-02 19:54 - 00244032 _____ () C:\Users\Anthony\Downloads\Firefox Setup Stub 33.0.2.exe
2014-11-02 11:10 - 2014-11-02 11:20 - 00000000 ____D () C:\Users\Anthony\Downloads\Kokia - Pearl. The Best Collection
2014-11-01 22:01 - 2014-11-01 22:01 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-01 21:51 - 2014-11-01 21:51 - 00068637 _____ () C:\Users\Anthony\Desktop\JRT.txt
2014-11-01 21:37 - 2014-11-01 21:37 - 00000000 ____D () C:\windows\ERUNT
2014-11-01 21:35 - 2014-11-01 21:35 - 01706359 _____ (Thisisu) C:\Users\Anthony\Desktop\JRT.exe
2014-11-01 21:12 - 2014-11-01 21:12 - 01375089 _____ () C:\Users\Anthony\Desktop\adwcleaner_3.311.exe
2014-11-01 21:03 - 2014-11-01 21:03 - 00448512 _____ (OldTimer Tools) C:\Users\Anthony\Desktop\TFC.exe
2014-10-31 18:30 - 2014-10-31 18:30 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anthony\Desktop\rkill.exe
2014-10-31 18:26 - 2014-11-01 19:58 - 00002534 _____ () C:\Users\Anthony\Desktop\Rkill.txt
2014-10-31 18:26 - 2014-10-31 18:27 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Anthony\Desktop\rkill64.exe
2014-10-31 17:17 - 2014-10-31 18:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-31 17:16 - 2014-10-31 18:23 - 00000000 ____D () C:\Users\Anthony\Desktop\mbar
2014-10-31 17:14 - 2014-10-31 17:14 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Anthony\Desktop\mbar-1.07.0.1012.exe
2014-10-31 17:12 - 2014-10-31 17:12 - 00001057 _____ () C:\Users\Anthony\Desktop\MB31.txt
2014-10-31 16:22 - 2014-10-31 16:23 - 00047129 _____ () C:\Users\Anthony\Desktop\Result.txt
2014-10-31 16:21 - 2014-10-31 16:21 - 00401920 _____ (Farbar) C:\Users\Anthony\Desktop\MiniToolBox.exe
2014-10-31 16:19 - 2014-10-31 16:20 - 00002761 _____ () C:\Users\Anthony\Desktop\FSS.txt
2014-10-31 16:19 - 2014-10-31 16:19 - 00415232 _____ (Farbar) C:\Users\Anthony\Desktop\FSS.exe
2014-10-31 16:00 - 2014-10-31 16:01 - 00854448 _____ () C:\Users\Anthony\Desktop\SecurityCheck.exe
2014-10-30 11:43 - 2014-10-30 11:47 - 00000000 ____D () C:\Program Files (x86)\WhatsRunning
2014-10-30 11:43 - 2014-10-30 11:43 - 02044180 _____ (WhatsRunning.net ) C:\Users\Anthony\Desktop\WhatsRunning3_0_Setup.exe
2014-10-30 11:43 - 2014-10-30 11:43 - 00000992 _____ () C:\Users\Anthony\Desktop\What's Running.lnk
2014-10-30 11:43 - 2014-10-30 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\What's Running
2014-10-30 11:34 - 2014-10-30 11:34 - 00139264 _____ () C:\Users\Anthony\Desktop\SystemLook.exe
2014-10-30 11:31 - 2014-10-30 11:31 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Anthony\Desktop\tdsskiller.exe
2014-10-30 11:14 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-10-30 11:12 - 2014-11-01 21:29 - 00000000 ____D () C:\AdwCleaner
2014-10-29 23:47 - 2014-10-31 17:17 - 00128728 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 23:47 - 2014-10-31 17:17 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-29 23:47 - 2014-10-29 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 23:47 - 2014-10-29 23:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 23:47 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-29 15:43 - 2014-11-10 12:37 - 00000000 ___HD () C:\ProgramData\{4BA6AB29-2EAB-46FC-8B33-A767B5DBB0F3}
2014-10-29 15:43 - 2014-10-29 15:43 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-16 00:00 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-16 00:00 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-16 00:00 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-16 00:00 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-16 00:00 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-16 00:00 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-16 00:00 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-15 23:59 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-15 23:59 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-15 23:59 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-15 23:59 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 23:59 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 23:59 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 23:59 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 23:59 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 23:59 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 23:59 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 23:59 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 23:59 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 23:59 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 23:59 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 23:59 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-15 23:59 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 23:59 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 23:59 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-15 23:59 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 23:59 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-15 23:59 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-15 23:59 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 23:59 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 23:59 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 23:59 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-15 23:59 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-15 23:59 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 23:59 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-15 23:59 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-15 23:59 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-15 23:59 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 23:59 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 23:59 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 23:59 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-15 23:59 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 23:59 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 23:59 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-15 23:59 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 23:59 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-15 23:59 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 23:59 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 23:59 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 23:59 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 23:59 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-15 23:59 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-15 23:59 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-15 23:59 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 23:59 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 23:59 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-15 23:59 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 23:59 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 23:59 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 23:59 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 23:59 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-15 23:59 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 23:59 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 23:59 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-15 23:59 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 23:59 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-15 23:58 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 23:58 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 23:58 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 23:58 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 23:58 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 23:58 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 23:58 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 23:58 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 23:58 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2014-10-15 23:58 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-10-15 23:58 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 23:58 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 23:58 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 23:58 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 23:58 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-10-15 23:58 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 23:58 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-15 23:58 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 23:58 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-15 23:58 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-15 23:58 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-15 23:58 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 23:58 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-15 23:58 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-15 23:58 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-15 23:58 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 12:37 - 2013-05-14 20:31 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 12:37 - 2012-07-09 18:02 - 00000000 ____D () C:\Qoobox
2014-11-10 12:33 - 2012-12-24 20:48 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2038435613-138853392-2710362757-1000UA.job
2014-11-10 12:33 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2014-11-10 11:42 - 2013-06-22 15:46 - 00004976 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for newcomp-Anthony newcomp
2014-11-10 11:25 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 11:25 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 11:21 - 2011-09-25 10:53 - 01136720 _____ () C:\windows\WindowsUpdate.log
2014-11-10 11:17 - 2013-08-04 10:16 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\BitTorrent
2014-11-10 11:17 - 2013-05-14 20:31 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 11:14 - 2011-09-25 10:49 - 00157859 _____ () C:\windows\setupact.log
2014-11-10 11:14 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-09 02:24 - 2013-08-16 23:50 - 00000000 ____D () C:\Users\Anthony\Desktop\backups
2014-11-08 20:33 - 2012-12-24 20:48 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2038435613-138853392-2710362757-1000Core.job
2014-11-08 11:09 - 2011-09-25 10:48 - 00777416 _____ () C:\windows\PFRO.log
2014-11-06 00:04 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-05 12:00 - 2013-12-26 21:31 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\PlayCatanClient
2014-11-03 22:47 - 2013-10-18 00:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-03 22:47 - 2010-10-26 23:54 - 00000000 ____D () C:\Program Files (x86)\java
2014-11-02 21:05 - 2011-02-22 22:29 - 00000000 ____D () C:\Users\Anthony\AppData\Local\CrashDumps
2014-11-02 19:59 - 2011-05-09 21:52 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Mozilla
2014-11-02 19:57 - 2011-05-09 21:52 - 00001168 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-02 19:57 - 2011-05-09 21:52 - 00001156 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-02 19:57 - 2011-05-09 21:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-02 19:05 - 2010-10-27 16:58 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Adobe
2014-11-02 19:04 - 2012-05-16 11:19 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-02 19:04 - 2011-06-05 00:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-01 22:47 - 2010-04-07 03:47 - 00000000 ____D () C:\ProgramData\Norton
2014-11-01 15:51 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-01 07:43 - 2009-07-14 00:08 - 00032566 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-10-31 12:02 - 2013-07-08 01:37 - 00000000 ____D () C:\Nexon
2014-10-29 23:47 - 2014-03-21 13:04 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-29 23:47 - 2011-04-21 20:03 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Malwarebytes
2014-10-29 23:47 - 2011-04-21 20:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-29 23:47 - 2011-04-21 20:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-29 23:13 - 2010-11-12 16:16 - 00000000 ____D () C:\ProgramData\Kodak
2014-10-28 21:35 - 2011-05-09 21:52 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Mozilla
2014-10-27 18:41 - 2013-09-20 10:33 - 00002192 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-23 19:42 - 2013-06-21 15:11 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-20 12:58 - 2013-10-13 15:54 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Deployment
2014-10-19 12:50 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-10-19 00:14 - 2010-10-26 18:01 - 00000000 ____D () C:\Users\Anthony\Documents\WebCam Media
2014-10-18 19:28 - 2012-12-24 20:48 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2038435613-138853392-2710362757-1000UA
2014-10-18 19:28 - 2012-12-24 20:48 - 00003494 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2038435613-138853392-2710362757-1000Core
2014-10-16 08:43 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 08:42 - 2009-07-13 23:45 - 00486056 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-16 08:40 - 2014-04-29 23:51 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-16 02:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-16 02:19 - 2013-08-11 00:30 - 00000000 ____D () C:\windows\system32\MRT
2014-10-16 02:00 - 2011-02-05 03:00 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-14 22:32 - 2013-05-14 20:31 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-14 22:32 - 2013-05-14 20:31 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-17 19:28

==================== End Of Log ============================

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 PM

Posted 10 November 2014 - 02:46 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2038435613-138853392-2710362757-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-2038435613-138853392-2710362757-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Google Update) - C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR HKLM-x32\...\Chrome\Extension: [nggpimjphaddnmglppamgbjkjajhbkdm] - C:\ProgramData\Download and Sa\nggpimjphaddnmglppamgbjkjajhbkdm.crx [2014-05-01]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
HKU\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.

===
How is the computer running now?

#9 apolaris

apolaris
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 10 November 2014 - 03:45 PM

Today's been relatively without incident, other than random additions to history. I'll post another reply if incidents occur within the next few days. If none occur, I'll assume things are fixed.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Anthony at 2014-11-10 15:40:33 Run:1
Running from C:\Users\Anthony\Desktop
Loaded Profile: Anthony (Available profiles: Anthony)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2038435613-138853392-2710362757-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-2038435613-138853392-2710362757-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Google Update) - C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR HKLM-x32\...\Chrome\Extension: [nggpimjphaddnmglppamgbjkjajhbkdm] - C:\ProgramData\Download and Sa\nggpimjphaddnmglppamgbjkjajhbkdm.crx [2014-05-01]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
HKU\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

End
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2038435613-138853392-2710362757-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
FF Plugin HKU\S-1-5-21-2038435613-138853392-2710362757-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File => Error: No automatic fix found for this entry.
C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll not found.
C:\Users\Anthony\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll not found.
C:\Users\Anthony\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll not found.
C:\windows\SysWOW64\npDeployJava1.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nggpimjphaddnmglppamgbjkjajhbkdm" => Key deleted successfully.
"C:\ProgramData\Download and Sa\nggpimjphaddnmglppamgbjkjajhbkdm.crx" => File/Directory not found.
catchme => Service deleted successfully.
"HKU\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Classes\exefile" => Key deleted successfully.

==== End of Fixlog ====



#10 apolaris

apolaris
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 10 November 2014 - 09:34 PM

Okay, that definitely wasn't the end. My computer experienced two "spikes" today (from now on, I will define "spikes" to mean "incidents in which a second explorer.exe process began to use an exorbitant amount of memory and had no effect on my system when forcibly terminated by administrated task manager") and, for some reason, took over 20 seconds to load one 12-minute .flac file into Nero's CD burning software. Right now, nothing odd is happening.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 PM

Posted 11 November 2014 - 10:26 AM

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#12 apolaris

apolaris
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 11 November 2014 - 11:37 AM

RogueKiller V10.0.5.0 (x64) [Nov 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Anthony [Administrator]
Mode : Delete -- Date : 11/11/2014  11:35:47

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 18 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 36 (Driver: Loaded) ¤¤¤
[IAT:Inl] (explorer.exe) USER32.dll - SetFocus : Unknown @ 0x771b0298 (jmp 0xfffffffffffe3078)
[IAT:Inl] (explorer.exe) ole32.dll - CoCreateInstance : Unknown @ 0x7fefd4e0298 (jmp 0xfffffffffff08e08)
[IAT:Inl] (explorer.exe @ SHELL32.dll) USER32.dll - SetFocus : Unknown @ 0x771b0298 (jmp 0xfffffffffffe3078)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ole32.dll - CoCreateInstance : Unknown @ 0x7fefd4e0298 (jmp 0xfffffffffff08e08)
[IAT:Inl] (explorer.exe @ ole32.dll) USER32.dll - SetFocus : Unknown @ 0x771b0298 (jmp 0xfffffffffffe3078)
[IAT:Inl] (explorer.exe @ OLEAUT32.dll) ole32.dll - CoCreateInstance : Unknown @ 0x7fefd4e0298 (jmp 0xfffffffffff08e08)
[IAT:Inl] (explorer.exe @ OLEAUT32.dll) USER32.dll - SetFocus : Unknown @ 0x771b0298 (jmp 0xfffffffffffe3078)
[IAT:Inl] (explorer.exe @ EXPLORERFRAME.dll) USER32.dll - SetFocus : Unknown @ 0x771b0298 (jmp 0xfffffffffffe3078)
[IAT:Inl] (explorer.exe @ DUser.dll) USER32.dll - SetFocus : Unknown @ 0x771b0298 (jmp 0xfffffffffffe3078)
[IAT:Inl] (explorer.exe @ DUI70.dll) USER32.dll - SetFocus : Unknown @ 0x771b0298 (jmp 0xfffffffffffe3078)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) USER32.dll - SetFocus : Unknown @ 0x771b0298 (jmp 0xfffffffffffe3078)
[IAT:Inl] (explorer.exe @ PROPSYS.dll) ole32.dll - CoCreateInstance : Unknown @ 0x7fefd4e0298 (jmp 0xfffffffffff08e08)
[IAT:Inl] (explorer.exe @ iertutil.dll) KERNEL32.dll - GetUserDefaultLocaleName : Unknown @ 0x77190298 (jmp 0xffffffffffe84758)
[IAT:Inl] (explorer.exe @ WS2_32.dll) KERNEL32.dll - GetUserDefaultLocaleName : Unknown @ 0x77190298 (jmp 0xffffffffffe84758)
[IAT:Inl] (explorer.exe @ urlmon.dll) WININET.dll - InternetSetCookieExW : Unknown @ 0x7fefda90298 (jmp 0xffffffffffe2b3f8)
[IAT:Inl] (explorer.exe @ OLEACC.dll) ole32.dll - CoCreateInstance : Unknown @ 0x7fefd4e0298 (jmp 0xfffffffffff08e08)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) ole32.dll - CoCreateInstance : Unknown @ 0x7fefd4e0298 (jmp 0xfffffffffff08e08)
[IAT:Inl] (explorer.exe @ mshtml.dll) KERNEL32.dll - GetSystemDefaultLocaleName : Unknown @ 0x771a0298 (jmp 0xffffffffffe94708)
[IAT:Inl] (explorer.exe @ mshtml.dll) KERNEL32.dll - GetUserDefaultLocaleName : Unknown @ 0x77190298 (jmp 0xffffffffffe84758)
[IAT:Inl] (explorer.exe @ mshtml.dll) KERNEL32.dll - GetThreadPreferredUILanguages : Unknown @ 0x77180298 (jmp 0xffffffffffebb2c8)
[IAT:Inl] (explorer.exe @ mshtml.dll) USER32.dll - SetFocus : Unknown @ 0x771b0298 (jmp 0xfffffffffffe3078)
[IAT:Inl] (explorer.exe @ mshtml.dll) WININET.dll - InternetSetCookieExW : Unknown @ 0x7fefda90298 (jmp 0xffffffffffe2b3f8)
[IAT:Inl] (explorer.exe @ comctl32.dll) USER32.dll - SetFocus : Unknown @ 0x771b0298 (jmp 0xfffffffffffe3078)
[IAT:Inl] (explorer.exe @ ieframe.dll) KERNEL32.dll - GetSystemDefaultLocaleName : Unknown @ 0x771a0298 (jmp 0xffffffffffe94708)
[IAT:Inl] (explorer.exe @ ieframe.dll) KERNEL32.dll - GetUserDefaultLocaleName : Unknown @ 0x77190298 (jmp 0xffffffffffe84758)
[IAT:Inl] (explorer.exe @ ieframe.dll) KERNEL32.dll - GetThreadPreferredUILanguages : Unknown @ 0x77180298 (jmp 0xffffffffffebb2c8)
[IAT:Inl] (explorer.exe @ ieframe.dll) USER32.dll - SetFocus : Unknown @ 0x771b0298 (jmp 0xfffffffffffe3078)
[IAT:Inl] (explorer.exe @ ieframe.dll) WINMM.dll - PlaySoundW : Unknown @ 0x7fefadf0298 (jmp 0xfffffffffffee154)
[IAT:Inl] (explorer.exe @ ieframe.dll) urlmon.dll - ObtainUserAgentString : Unknown @ 0x7fefdea0298 (jmp 0xfffffffffff5b890)
[IAT:Inl] (explorer.exe @ jscript9.dll) KERNEL32.dll - GetUserDefaultLocaleName : Unknown @ 0x77190298 (jmp 0xffffffffffe84758)
[IAT:Inl] (explorer.exe @ d2d1.dll) ole32.dll - CoCreateInstance : Unknown @ 0x7fefd4e0298 (jmp 0xfffffffffff08e08)
[IAT:Inl] (explorer.exe @ uiautomationcore.dll) USER32.dll - SetFocus : Unknown @ 0x771b0298 (jmp 0xfffffffffffe3078)
[IAT:Inl] (explorer.exe @ uiautomationcore.dll) ole32.dll - CoCreateInstance : Unknown @ 0x7fefd4e0298 (jmp 0xfffffffffff08e08)
[IAT:Inl] (explorer.exe @ windowscodecs.dll) ole32.dll - CoCreateInstance : Unknown @ 0x7fefd4e0298 (jmp 0xfffffffffff08e08)
[IAT:Inl] (explorer.exe @ windowscodecsext.dll) ole32.dll - CoCreateInstance : Unknown @ 0x7fefd4e0298 (jmp 0xfffffffffff08e08)
[IAT:Inl] (explorer.exe @ msxml6.dll) ole32.dll - CoCreateInstance : Unknown @ 0x7fefd4e0298 (jmp 0xfffffffffff08e08)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] d144d40403f243a9ba822850aaa24118
[BSP] d82e9493b6b20eb635daff985fd19da3 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 33556480 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 33761280 | Size: 460454 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Multiple Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_11112014_112744.log



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:22 PM

Posted 11 November 2014 - 01:34 PM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

p.s. if you have a CD emulator disable it before running the tools listed above.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

HOW TO: Enable the CD Emulators... < restore only when we are finished.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.
===

#14 apolaris

apolaris
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 11 November 2014 - 03:52 PM

15:49:34.0320 0x10f8 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34

15:49:38.0876 0x10f8 ============================================================

15:49:38.0876 0x10f8 Current date / time: 2014/11/11 15:49:38.0876

15:49:38.0876 0x10f8 SystemInfo:

15:49:38.0876 0x10f8

15:49:38.0876 0x10f8 OS Version: 6.1.7601 ServicePack: 1.0

15:49:38.0876 0x10f8 Product type: Workstation

15:49:38.0876 0x10f8 ComputerName: NEWCOMP

15:49:38.0876 0x10f8 UserName: Anthony

15:49:38.0876 0x10f8 Windows directory: C:\windows

15:49:38.0876 0x10f8 System windows directory: C:\windows

15:49:38.0876 0x10f8 Running under WOW64

15:49:38.0876 0x10f8 Processor architecture: Intel x64

15:49:38.0876 0x10f8 Number of processors: 1

15:49:38.0876 0x10f8 Page size: 0x1000

15:49:38.0876 0x10f8 Boot type: Normal boot

15:49:38.0876 0x10f8 ============================================================

15:49:40.0249 0x10f8 KLMD registered as C:\windows\system32\drivers\83304348.sys

15:49:40.0580 0x10f8 System UUID: {D8ECAAFE-32F3-18B8-0694-F2B4B2157EBB}

15:49:41.0563 0x10f8 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:49:41.0594 0x10f8 ============================================================

15:49:41.0594 0x10f8 \Device\Harddisk0\DR0:

15:49:41.0594 0x10f8 MBR partitions:

15:49:41.0594 0x10f8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000

15:49:41.0594 0x10f8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x38353000

15:49:41.0594 0x10f8 ============================================================

15:49:41.0610 0x10f8 C: <-> \Device\Harddisk0\DR0\Partition2

15:49:41.0610 0x10f8 ============================================================

15:49:41.0610 0x10f8 Initialize success

15:49:41.0610 0x10f8 ============================================================

15:49:44.0485 0x23e8 ============================================================

15:49:44.0485 0x23e8 Scan started

15:49:44.0485 0x23e8 Mode: Manual;

15:49:44.0485 0x23e8 ============================================================

15:49:44.0485 0x23e8 KSN ping started

15:49:47.0288 0x23e8 KSN ping finished: true

15:49:48.0884 0x23e8 ================ Scan system memory ========================

15:49:48.0884 0x23e8 System memory - ok

15:49:48.0884 0x23e8 ================ Scan services =============================

15:49:49.0118 0x23e8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

15:49:49.0133 0x23e8 1394ohci - ok

15:49:49.0243 0x23e8 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

15:49:49.0243 0x23e8 ACDaemon - ok

15:49:49.0289 0x23e8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys

15:49:49.0305 0x23e8 ACPI - ok

15:49:49.0336 0x23e8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

15:49:49.0336 0x23e8 AcpiPmi - ok

15:49:49.0477 0x23e8 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

15:49:49.0492 0x23e8 AdobeARMservice - ok

15:49:49.0617 0x23e8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys

15:49:49.0617 0x23e8 adp94xx - ok

15:49:49.0664 0x23e8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\DRIVERS\adpahci.sys

15:49:49.0679 0x23e8 adpahci - ok

15:49:49.0695 0x23e8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys

15:49:49.0711 0x23e8 adpu320 - ok

15:49:49.0757 0x23e8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

15:49:49.0757 0x23e8 AeLookupSvc - ok

15:49:49.0851 0x23e8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\windows\system32\drivers\afd.sys

15:49:49.0867 0x23e8 AFD - ok

15:49:49.0929 0x23e8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys

15:49:49.0929 0x23e8 agp440 - ok

15:49:49.0976 0x23e8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe

15:49:49.0976 0x23e8 ALG - ok

15:49:50.0007 0x23e8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys

15:49:50.0023 0x23e8 aliide - ok

15:49:50.0069 0x23e8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys

15:49:50.0069 0x23e8 amdide - ok

15:49:50.0132 0x23e8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys

15:49:50.0132 0x23e8 AmdK8 - ok

15:49:50.0163 0x23e8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

15:49:50.0163 0x23e8 AmdPPM - ok

15:49:50.0194 0x23e8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys

15:49:50.0194 0x23e8 amdsata - ok

15:49:50.0225 0x23e8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys

15:49:50.0257 0x23e8 amdsbs - ok

15:49:50.0272 0x23e8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys

15:49:50.0288 0x23e8 amdxata - ok

15:49:50.0381 0x23e8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys

15:49:50.0381 0x23e8 AppID - ok

15:49:50.0428 0x23e8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll

15:49:50.0444 0x23e8 AppIDSvc - ok

15:49:50.0496 0x23e8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll

15:49:50.0496 0x23e8 Appinfo - ok

15:49:50.0589 0x23e8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\DRIVERS\arc.sys

15:49:50.0589 0x23e8 arc - ok

15:49:50.0620 0x23e8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\DRIVERS\arcsas.sys

15:49:50.0620 0x23e8 arcsas - ok

15:49:50.0854 0x23e8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

15:49:50.0854 0x23e8 aspnet_state - ok

15:49:50.0886 0x23e8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

15:49:50.0901 0x23e8 AsyncMac - ok

15:49:50.0948 0x23e8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys

15:49:50.0948 0x23e8 atapi - ok

15:49:51.0057 0x23e8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

15:49:51.0088 0x23e8 AudioEndpointBuilder - ok

15:49:51.0120 0x23e8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\windows\System32\Audiosrv.dll

15:49:51.0151 0x23e8 AudioSrv - ok

15:49:51.0213 0x23e8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll

15:49:51.0229 0x23e8 AxInstSV - ok

15:49:51.0276 0x23e8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys

15:49:51.0291 0x23e8 b06bdrv - ok

15:49:51.0354 0x23e8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

15:49:51.0369 0x23e8 b57nd60a - ok

15:49:51.0416 0x23e8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll

15:49:51.0432 0x23e8 BDESVC - ok

15:49:51.0447 0x23e8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys

15:49:51.0447 0x23e8 Beep - ok

15:49:51.0572 0x23e8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll

15:49:51.0588 0x23e8 BFE - ok

15:49:51.0931 0x23e8 [ D90F5136CB6512B2B9A855C94F79B0B5, 7E2FFDF2B1147E25EA2530DB55667352116EE676D0B6F76ED4C6FEAFC88AB5D4 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20141107.001\BHDrvx64.sys

15:49:51.0978 0x23e8 BHDrvx64 - ok

15:49:52.0056 0x23e8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\system32\qmgr.dll

15:49:52.0102 0x23e8 BITS - ok

15:49:52.0165 0x23e8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

15:49:52.0165 0x23e8 blbdrive - ok

15:49:52.0227 0x23e8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys

15:49:52.0243 0x23e8 bowser - ok

15:49:52.0258 0x23e8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys

15:49:52.0258 0x23e8 BrFiltLo - ok

15:49:52.0290 0x23e8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys

15:49:52.0290 0x23e8 BrFiltUp - ok

15:49:52.0305 0x23e8 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys

15:49:52.0305 0x23e8 BridgeMP - ok

15:49:52.0336 0x23e8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll

15:49:52.0336 0x23e8 Browser - ok

15:49:52.0383 0x23e8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys

15:49:52.0383 0x23e8 Brserid - ok

15:49:52.0414 0x23e8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

15:49:52.0414 0x23e8 BrSerWdm - ok

15:49:52.0446 0x23e8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

15:49:52.0446 0x23e8 BrUsbMdm - ok

15:49:52.0461 0x23e8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

15:49:52.0482 0x23e8 BrUsbSer - ok

15:49:52.0513 0x23e8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys

15:49:52.0513 0x23e8 BTHMODEM - ok

15:49:52.0560 0x23e8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll

15:49:52.0560 0x23e8 bthserv - ok

15:49:52.0591 0x23e8 [ 9887CA12F407D7FBC7F48F3678F5F0B6, 1EA21563AE990CE4EF407AB349DE5A66CB93CD7602FE6E450E119ADF0343914E ] BVRPMPR5a64 C:\windows\system32\drivers\BVRPMPR5a64.SYS

15:49:52.0591 0x23e8 BVRPMPR5a64 - ok

15:49:52.0716 0x23e8 [ 56685951208AC81CF923B9B08BEDF3B7, F5FF438B9A54AD8D54E82DE60E1771C9685A95D5E590D69EB1E4E78D3B9B7769 ] ccSet_N360 C:\windows\system32\drivers\N360x64\1405000.01C\ccSetx64.sys

15:49:52.0716 0x23e8 ccSet_N360 - ok

15:49:52.0747 0x23e8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

15:49:52.0747 0x23e8 cdfs - ok

15:49:52.0794 0x23e8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

15:49:52.0809 0x23e8 cdrom - ok

15:49:52.0856 0x23e8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll

15:49:52.0856 0x23e8 CertPropSvc - ok

15:49:52.0887 0x23e8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\DRIVERS\circlass.sys

15:49:52.0887 0x23e8 circlass - ok

15:49:52.0934 0x23e8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys

15:49:52.0934 0x23e8 CLFS - ok

15:49:53.0153 0x23e8 [ 871EEE78F98D6E31C80FD39433A8FE2F, 67602F597FADA1E7102BC373287A4A78339E057D37FCEAD0B2502F70450EC7CE ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

15:49:53.0277 0x23e8 ClickToRunSvc - ok

15:49:53.0418 0x23e8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:49:53.0418 0x23e8 clr_optimization_v2.0.50727_32 - ok

15:49:53.0480 0x23e8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:49:53.0480 0x23e8 clr_optimization_v2.0.50727_64 - ok

15:49:53.0574 0x23e8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:49:53.0574 0x23e8 clr_optimization_v4.0.30319_32 - ok

15:49:53.0589 0x23e8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:49:53.0605 0x23e8 clr_optimization_v4.0.30319_64 - ok

15:49:53.0652 0x23e8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

15:49:53.0652 0x23e8 CmBatt - ok

15:49:53.0683 0x23e8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys

15:49:53.0683 0x23e8 cmdide - ok

15:49:53.0745 0x23e8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys

15:49:53.0761 0x23e8 CNG - ok

15:49:53.0855 0x23e8 [ 7EA8AC41A2E8426EC7079C44DBA1D254, 89C9242D0838551AEAF811F29B48B2338A05DC2F072A16A671D7B021D7B9C225 ] CobianBackup11 C:\Program Files (x86)\Cobian Backup 11\cbService.exe

15:49:53.0886 0x23e8 CobianBackup11 - ok

15:49:53.0933 0x23e8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys

15:49:53.0933 0x23e8 Compbatt - ok

15:49:53.0979 0x23e8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys

15:49:53.0979 0x23e8 CompositeBus - ok

15:49:53.0995 0x23e8 COMSysApp - ok

15:49:54.0026 0x23e8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys

15:49:54.0026 0x23e8 crcdisk - ok

15:49:54.0089 0x23e8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll

15:49:54.0104 0x23e8 CryptSvc - ok

15:49:54.0167 0x23e8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll

15:49:54.0198 0x23e8 DcomLaunch - ok

15:49:54.0229 0x23e8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll

15:49:54.0245 0x23e8 defragsvc - ok

15:49:54.0307 0x23e8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys

15:49:54.0307 0x23e8 DfsC - ok

15:49:54.0338 0x23e8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll

15:49:54.0354 0x23e8 Dhcp - ok

15:49:54.0401 0x23e8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys

15:49:54.0401 0x23e8 discache - ok

15:49:54.0447 0x23e8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\DRIVERS\disk.sys

15:49:54.0468 0x23e8 Disk - ok

15:49:54.0530 0x23e8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll

15:49:54.0546 0x23e8 Dnscache - ok

15:49:54.0608 0x23e8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll

15:49:54.0608 0x23e8 dot3svc - ok

15:49:54.0671 0x23e8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll

15:49:54.0686 0x23e8 DPS - ok

15:49:54.0718 0x23e8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

15:49:54.0718 0x23e8 drmkaud - ok

15:49:54.0796 0x23e8 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

15:49:54.0827 0x23e8 DXGKrnl - ok

15:49:54.0874 0x23e8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll

15:49:54.0874 0x23e8 EapHost - ok

15:49:55.0061 0x23e8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\DRIVERS\evbda.sys

15:49:55.0201 0x23e8 ebdrv - ok

15:49:55.0310 0x23e8 [ 03E1B8BA59327D186C7C533A6998FEF9, 224937A697B55BD9CCD790771DBE9D135021AD1DC3E6D6AC7C431C56F0FFBBB5 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

15:49:55.0326 0x23e8 eeCtrl - ok

15:49:55.0373 0x23e8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\windows\System32\lsass.exe

15:49:55.0373 0x23e8 EFS - ok

15:49:55.0466 0x23e8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe

15:49:55.0482 0x23e8 ehRecvr - ok

15:49:55.0513 0x23e8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe

15:49:55.0513 0x23e8 ehSched - ok

15:49:55.0560 0x23e8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys

15:49:55.0607 0x23e8 elxstor - ok

15:49:55.0685 0x23e8 [ 142EA7DF1851C563571F2DCFC7AFBB40, 14DE008B68D127F246A64290DFCBD7ECDE8FF7932B3BAE660EB131860E826EAD ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

15:49:55.0685 0x23e8 EraserUtilRebootDrv - ok

15:49:55.0716 0x23e8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys

15:49:55.0716 0x23e8 ErrDev - ok

15:49:55.0778 0x23e8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll

15:49:55.0794 0x23e8 EventSystem - ok

15:49:55.0825 0x23e8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys

15:49:55.0825 0x23e8 exfat - ok

15:49:55.0872 0x23e8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys

15:49:55.0872 0x23e8 fastfat - ok

15:49:55.0966 0x23e8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe

15:49:55.0981 0x23e8 Fax - ok

15:49:56.0012 0x23e8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\DRIVERS\fdc.sys

15:49:56.0012 0x23e8 fdc - ok

15:49:56.0059 0x23e8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll

15:49:56.0059 0x23e8 fdPHost - ok

15:49:56.0075 0x23e8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll

15:49:56.0075 0x23e8 FDResPub - ok

15:49:56.0106 0x23e8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys

15:49:56.0106 0x23e8 FileInfo - ok

15:49:56.0137 0x23e8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys

15:49:56.0137 0x23e8 Filetrace - ok

15:49:56.0246 0x23e8 [ DFADECE1B66095F3F247ACC0EBDC5F8D, 65D8CCCE382554A4DD197AFC323D591B3D0B1C4BF13134ED6A09C9CB843E061F ] FlexNet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe

15:49:56.0278 0x23e8 FlexNet Licensing Service - ok

15:49:56.0309 0x23e8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys

15:49:56.0309 0x23e8 flpydisk - ok

15:49:56.0387 0x23e8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

15:49:56.0387 0x23e8 FltMgr - ok

15:49:56.0501 0x23e8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll

15:49:56.0532 0x23e8 FontCache - ok

15:49:56.0610 0x23e8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:49:56.0610 0x23e8 FontCache3.0.0.0 - ok

15:49:56.0641 0x23e8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys

15:49:56.0657 0x23e8 FsDepends - ok

15:49:56.0688 0x23e8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

15:49:56.0688 0x23e8 Fs_Rec - ok

15:49:56.0751 0x23e8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

15:49:56.0751 0x23e8 fvevol - ok

15:49:56.0782 0x23e8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys

15:49:56.0782 0x23e8 gagp30kx - ok

15:49:56.0844 0x23e8 [ 6858C318E8DAA40E747E6FB9B214E104, B9EAA473FE9FDB1E3BFE3A3A98B6E1999E315DBCB028BB0771F1AA1D6C72F75A ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe

15:49:56.0860 0x23e8 GameConsoleService - ok

15:49:56.0938 0x23e8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll

15:49:56.0953 0x23e8 gpsvc - ok

15:49:57.0016 0x23e8 [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

15:49:57.0047 0x23e8 Greg_Service - ok

15:49:57.0141 0x23e8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:49:57.0141 0x23e8 gupdate - ok

15:49:57.0156 0x23e8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:49:57.0172 0x23e8 gupdatem - ok

15:49:57.0203 0x23e8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

15:49:57.0203 0x23e8 hcw85cir - ok

15:49:57.0250 0x23e8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

15:49:57.0265 0x23e8 HdAudAddService - ok

15:49:57.0297 0x23e8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys

15:49:57.0297 0x23e8 HDAudBus - ok

15:49:57.0312 0x23e8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys

15:49:57.0312 0x23e8 HidBatt - ok

15:49:57.0343 0x23e8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys

15:49:57.0343 0x23e8 HidBth - ok

15:49:57.0375 0x23e8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\DRIVERS\hidir.sys

15:49:57.0375 0x23e8 HidIr - ok

15:49:57.0421 0x23e8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\System32\hidserv.dll

15:49:57.0421 0x23e8 hidserv - ok

15:49:57.0453 0x23e8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\drivers\hidusb.sys

15:49:57.0468 0x23e8 HidUsb - ok

15:49:57.0515 0x23e8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll

15:49:57.0515 0x23e8 hkmsvc - ok

15:49:57.0577 0x23e8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll

15:49:57.0577 0x23e8 HomeGroupListener - ok

15:49:57.0640 0x23e8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll

15:49:57.0655 0x23e8 HomeGroupProvider - ok

15:49:57.0687 0x23e8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

15:49:57.0687 0x23e8 HpSAMD - ok

15:49:57.0749 0x23e8 [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64 C:\windows\system32\Drivers\ANDROIDUSB.sys

15:49:57.0765 0x23e8 HTCAND64 - ok

15:49:57.0827 0x23e8 [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot C:\windows\system32\DRIVERS\htcnprot.sys

15:49:57.0827 0x23e8 htcnprot - ok

15:49:57.0967 0x23e8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys

15:49:57.0999 0x23e8 HTTP - ok

15:49:58.0045 0x23e8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

15:49:58.0061 0x23e8 hwpolicy - ok

15:49:58.0092 0x23e8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

15:49:58.0092 0x23e8 i8042prt - ok

15:49:58.0155 0x23e8 [ BF5442DC14608D18949DC83DE37E667A, 3E46E3AD4FA63738F32A9AA51AFFECD93F96955BFDF8FD9288071AF58608E52E ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

15:49:58.0170 0x23e8 iaStor - ok

15:49:58.0233 0x23e8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

15:49:58.0248 0x23e8 iaStorV - ok

15:49:58.0342 0x23e8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:49:58.0358 0x23e8 idsvc - ok

15:49:58.0487 0x23e8 [ 77AC93E28B5F4DCE317EFA695E3F59E3, 57D510CEE1B777CFB52CECBAB43B0698A53B048B7E0C622473DEA9E03E2D9BEF ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20141108.001\IDSvia64.sys

15:49:58.0503 0x23e8 IDSVia64 - ok

15:49:58.0534 0x23e8 IEEtwCollectorService - ok

15:49:58.0971 0x23e8 [ C6238C6ABD6AC99F5D152DA4E9439A3D, 6FC490B94CEF523C7C099AEA3D36AB75C9896B1D83D4467D237E698A8E0D9E7B ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

15:49:59.0314 0x23e8 igfx - ok

15:49:59.0377 0x23e8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys

15:49:59.0377 0x23e8 iirsp - ok

15:49:59.0455 0x23e8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll

15:49:59.0486 0x23e8 IKEEXT - ok

15:49:59.0579 0x23e8 [ 450BEC18B45BCCFDC923E11F856DBDA7, 0FC9ABAFD8794EDEEF0236567319118ED23672C0EADA90DE8E25BB26BD220679 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

15:49:59.0642 0x23e8 IntcAzAudAddService - ok

15:49:59.0673 0x23e8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys

15:49:59.0673 0x23e8 intelide - ok

15:49:59.0704 0x23e8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

15:49:59.0704 0x23e8 intelppm - ok

15:49:59.0735 0x23e8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll

15:49:59.0735 0x23e8 IPBusEnum - ok

15:49:59.0798 0x23e8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

15:49:59.0798 0x23e8 IpFilterDriver - ok

15:49:59.0876 0x23e8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll

15:49:59.0891 0x23e8 iphlpsvc - ok

15:49:59.0923 0x23e8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

15:49:59.0923 0x23e8 IPMIDRV - ok

15:49:59.0954 0x23e8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys

15:49:59.0954 0x23e8 IPNAT - ok

15:50:00.0001 0x23e8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys

15:50:00.0001 0x23e8 IRENUM - ok

15:50:00.0032 0x23e8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys

15:50:00.0047 0x23e8 isapnp - ok

15:50:00.0079 0x23e8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

15:50:00.0094 0x23e8 iScsiPrt - ok

15:50:00.0125 0x23e8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

15:50:00.0125 0x23e8 kbdclass - ok

15:50:00.0157 0x23e8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys

15:50:00.0157 0x23e8 kbdhid - ok

15:50:00.0188 0x23e8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\windows\system32\lsass.exe

15:50:00.0188 0x23e8 KeyIso - ok

15:50:00.0281 0x23e8 [ 00060003E6161944A9963FA9F24102BC, 9FB85A6542F8B17504A40798727266C5F618B09D74963747F06EAF80AE13ECDE ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

15:50:00.0313 0x23e8 Kodak AiO Network Discovery Service - ok

15:50:00.0485 0x23e8 [ 60301F8FDF519FFEC307A686209C33BE, B9A31478707B518967A6200813DCBD4DE03824FBFAB6E35D4FA4DA783FD6305A ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

15:50:00.0544 0x23e8 Kodak AiO Status Monitor Service - ok

15:50:00.0607 0x23e8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

15:50:00.0607 0x23e8 KSecDD - ok

15:50:00.0622 0x23e8 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

15:50:00.0638 0x23e8 KSecPkg - ok

15:50:00.0669 0x23e8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys

15:50:00.0669 0x23e8 ksthunk - ok

15:50:00.0700 0x23e8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll

15:50:00.0716 0x23e8 KtmRm - ok

15:50:00.0794 0x23e8 [ 1433A7549A64D50E4FBBD747E9143454, A1EEACDB2DCC99BFE267455B1A390954E7FC920732F476498163F39A1C52AF8B ] L8042mou C:\windows\system32\DRIVERS\L8042mou.Sys

15:50:00.0794 0x23e8 L8042mou - ok

15:50:00.0872 0x23e8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\System32\srvsvc.dll

15:50:00.0872 0x23e8 LanmanServer - ok

15:50:00.0919 0x23e8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll

15:50:00.0934 0x23e8 LanmanWorkstation - ok

15:50:01.0028 0x23e8 [ 584528BF596A54B2BF6BE5067ADDA44A, 2A4694C988DCE0C094BFA6C91C50FDD98E52FD46BE156523FC243DE1FC566103 ] Linksys_adapter_H C:\windows\system32\DRIVERS\AE1200w764.sys

15:50:01.0059 0x23e8 Linksys_adapter_H - ok

15:50:01.0106 0x23e8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

15:50:01.0106 0x23e8 lltdio - ok

15:50:01.0137 0x23e8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll

15:50:01.0153 0x23e8 lltdsvc - ok

15:50:01.0168 0x23e8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll

15:50:01.0168 0x23e8 lmhosts - ok

15:50:01.0246 0x23e8 [ 91B345109AD08CC9926EC0299AF60418, 711D56376FC9C91FA1AA30121F655EF4F0CD7D2014CE87E56FB9756889756EA9 ] LMouKE C:\windows\system32\DRIVERS\LMouKE.Sys

15:50:01.0246 0x23e8 LMouKE - ok

15:50:01.0293 0x23e8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys

15:50:01.0293 0x23e8 LSI_FC - ok

15:50:01.0340 0x23e8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys

15:50:01.0340 0x23e8 LSI_SAS - ok

15:50:01.0355 0x23e8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys

15:50:01.0355 0x23e8 LSI_SAS2 - ok

15:50:01.0387 0x23e8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys

15:50:01.0387 0x23e8 LSI_SCSI - ok

15:50:01.0418 0x23e8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys

15:50:01.0418 0x23e8 luafv - ok

15:50:01.0543 0x23e8 [ FD3AD5E1ECDAA94A89D6697F5C5465D6, 63DA8E601B90DA558F0B089E89DD559C3C930430270D85CACAC0C0C8D08E5BB2 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe

15:50:01.0543 0x23e8 McComponentHostService - ok

15:50:01.0605 0x23e8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

15:50:01.0621 0x23e8 Mcx2Svc - ok

15:50:01.0636 0x23e8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\DRIVERS\megasas.sys

15:50:01.0652 0x23e8 megasas - ok

15:50:01.0683 0x23e8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys

15:50:01.0683 0x23e8 MegaSR - ok

15:50:01.0730 0x23e8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll

15:50:01.0730 0x23e8 MMCSS - ok

15:50:01.0761 0x23e8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys

15:50:01.0761 0x23e8 Modem - ok

15:50:01.0792 0x23e8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys

15:50:01.0792 0x23e8 monitor - ok

15:50:01.0823 0x23e8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

15:50:01.0823 0x23e8 mouclass - ok

15:50:01.0855 0x23e8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

15:50:01.0855 0x23e8 mouhid - ok

15:50:01.0917 0x23e8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys

15:50:01.0917 0x23e8 mountmgr - ok

15:50:01.0979 0x23e8 [ A5F6ADC56FA516594E99C328A7E7FD54, 6FB011B00B8AB085F3083E967B89BBFCA1AC7677407E9E72AD582CCC8212D136 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

15:50:01.0995 0x23e8 MozillaMaintenance - ok

15:50:02.0026 0x23e8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys

15:50:02.0026 0x23e8 mpio - ok

15:50:02.0057 0x23e8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

15:50:02.0073 0x23e8 mpsdrv - ok

15:50:02.0151 0x23e8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll

15:50:02.0167 0x23e8 MpsSvc - ok

15:50:02.0229 0x23e8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

15:50:02.0245 0x23e8 MRxDAV - ok

15:50:02.0291 0x23e8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

15:50:02.0307 0x23e8 mrxsmb - ok

15:50:02.0369 0x23e8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

15:50:02.0385 0x23e8 mrxsmb10 - ok

15:50:02.0401 0x23e8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

15:50:02.0416 0x23e8 mrxsmb20 - ok

15:50:02.0452 0x23e8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys

15:50:02.0452 0x23e8 msahci - ok

15:50:02.0484 0x23e8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys

15:50:02.0484 0x23e8 msdsm - ok

15:50:02.0515 0x23e8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe

15:50:02.0515 0x23e8 MSDTC - ok

15:50:02.0562 0x23e8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys

15:50:02.0562 0x23e8 Msfs - ok

15:50:02.0593 0x23e8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

15:50:02.0593 0x23e8 mshidkmdf - ok

15:50:02.0624 0x23e8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys

15:50:02.0640 0x23e8 msisadrv - ok

15:50:02.0671 0x23e8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll

15:50:02.0686 0x23e8 MSiSCSI - ok

15:50:02.0686 0x23e8 msiserver - ok

15:50:02.0718 0x23e8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

15:50:02.0718 0x23e8 MSKSSRV - ok

15:50:02.0764 0x23e8 [ 103B3BBE23AB774B009D182276EC6786, 823AF63D5D47B56455078DD20DF000D11A0BD2E094E9002E5B9E8245D7AEAE68 ] msloop C:\windows\system32\DRIVERS\loop.sys

15:50:02.0764 0x23e8 msloop - ok

15:50:02.0796 0x23e8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

15:50:02.0796 0x23e8 MSPCLOCK - ok

15:50:02.0827 0x23e8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys

15:50:02.0827 0x23e8 MSPQM - ok

15:50:02.0920 0x23e8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys

15:50:02.0952 0x23e8 MsRPC - ok

15:50:02.0998 0x23e8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\drivers\mssmbios.sys

15:50:03.0014 0x23e8 mssmbios - ok

15:50:03.0045 0x23e8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys

15:50:03.0045 0x23e8 MSTEE - ok

15:50:03.0092 0x23e8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys

15:50:03.0108 0x23e8 MTConfig - ok

15:50:03.0154 0x23e8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys

15:50:03.0279 0x23e8 Mup - ok

15:50:03.0544 0x23e8 [ 1BF9D6476061B31CD7FC2BF848529A56, 95B585543240E823D7850ADEEEA7A4738EF9E18A4B07D921F145F6EF466F0271 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\ccSvcHst.exe

15:50:03.0544 0x23e8 N360 - ok

15:50:03.0607 0x23e8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll

15:50:03.0654 0x23e8 napagent - ok

15:50:03.0700 0x23e8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

15:50:03.0716 0x23e8 NativeWifiP - ok

15:50:04.0059 0x23e8 [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20141110.032\ENG64.SYS

15:50:04.0090 0x23e8 NAVENG - ok

15:50:04.0309 0x23e8 [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20141110.032\EX64.SYS

15:50:04.0356 0x23e8 NAVEX15 - ok

15:50:04.0470 0x23e8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys

15:50:04.0501 0x23e8 NDIS - ok

15:50:04.0548 0x23e8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

15:50:04.0548 0x23e8 NdisCap - ok

15:50:04.0579 0x23e8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

15:50:04.0579 0x23e8 NdisTapi - ok

15:50:04.0641 0x23e8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

15:50:04.0641 0x23e8 Ndisuio - ok

15:50:04.0704 0x23e8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

15:50:04.0704 0x23e8 NdisWan - ok

15:50:04.0751 0x23e8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

15:50:04.0751 0x23e8 NDProxy - ok

15:50:04.0844 0x23e8 [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

15:50:04.0860 0x23e8 Nero BackItUp Scheduler 4.0 - ok

15:50:04.0907 0x23e8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

15:50:04.0922 0x23e8 NetBIOS - ok

15:50:04.0969 0x23e8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

15:50:04.0985 0x23e8 NetBT - ok

15:50:05.0000 0x23e8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\windows\system32\lsass.exe

15:50:05.0000 0x23e8 Netlogon - ok

15:50:05.0047 0x23e8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll

15:50:05.0047 0x23e8 Netman - ok

15:50:05.0141 0x23e8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:50:05.0156 0x23e8 NetMsmqActivator - ok

15:50:05.0172 0x23e8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:50:05.0187 0x23e8 NetPipeActivator - ok

15:50:05.0219 0x23e8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll

15:50:05.0234 0x23e8 netprofm - ok

15:50:05.0250 0x23e8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:50:05.0250 0x23e8 NetTcpActivator - ok

15:50:05.0265 0x23e8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:50:05.0265 0x23e8 NetTcpPortSharing - ok

15:50:05.0312 0x23e8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys

15:50:05.0312 0x23e8 nfrd960 - ok

15:50:05.0375 0x23e8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll

15:50:05.0390 0x23e8 NlaSvc - ok

15:50:05.0406 0x23e8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys

15:50:05.0421 0x23e8 Npfs - ok

15:50:05.0453 0x23e8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll

15:50:05.0453 0x23e8 nsi - ok

15:50:05.0468 0x23e8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

15:50:05.0484 0x23e8 nsiproxy - ok

15:50:05.0593 0x23e8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

15:50:05.0640 0x23e8 Ntfs - ok

15:50:05.0671 0x23e8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys

15:50:05.0671 0x23e8 Null - ok

15:50:05.0702 0x23e8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys

15:50:05.0702 0x23e8 nvraid - ok

15:50:05.0749 0x23e8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys

15:50:05.0749 0x23e8 nvstor - ok

15:50:05.0780 0x23e8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys

15:50:05.0780 0x23e8 nv_agp - ok

15:50:05.0811 0x23e8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

15:50:05.0811 0x23e8 ohci1394 - ok

15:50:05.0905 0x23e8 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:50:05.0905 0x23e8 ose - ok

15:50:06.0201 0x23e8 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:50:06.0342 0x23e8 osppsvc - ok

15:50:06.0443 0x23e8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll

15:50:06.0458 0x23e8 p2pimsvc - ok

15:50:06.0490 0x23e8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll

15:50:06.0505 0x23e8 p2psvc - ok

15:50:06.0536 0x23e8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\DRIVERS\parport.sys

15:50:06.0536 0x23e8 Parport - ok

15:50:06.0568 0x23e8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys

15:50:06.0568 0x23e8 partmgr - ok

15:50:06.0646 0x23e8 [ 3CAE2BBC86FCF7F94C9696994AF30386, 4DA063A60523567272CFB35DF5D7CA142B100EF9123B1F23A6F11AB89DB83486 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

15:50:06.0646 0x23e8 PassThru Service - ok

15:50:06.0692 0x23e8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll

15:50:06.0692 0x23e8 PcaSvc - ok

15:50:06.0724 0x23e8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys

15:50:06.0739 0x23e8 pci - ok

15:50:06.0770 0x23e8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys

15:50:06.0770 0x23e8 pciide - ok

15:50:06.0802 0x23e8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys

15:50:06.0817 0x23e8 pcmcia - ok

15:50:06.0833 0x23e8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys

15:50:06.0833 0x23e8 pcw - ok

15:50:06.0880 0x23e8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys

15:50:06.0895 0x23e8 PEAUTH - ok

15:50:06.0989 0x23e8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe

15:50:06.0989 0x23e8 PerfHost - ok

15:50:07.0098 0x23e8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll

15:50:07.0145 0x23e8 pla - ok

15:50:07.0223 0x23e8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll

15:50:07.0238 0x23e8 PlugPlay - ok

15:50:07.0270 0x23e8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

15:50:07.0270 0x23e8 PNRPAutoReg - ok

15:50:07.0301 0x23e8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll

15:50:07.0301 0x23e8 PNRPsvc - ok

15:50:07.0348 0x23e8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

15:50:07.0363 0x23e8 PolicyAgent - ok

15:50:07.0410 0x23e8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll

15:50:07.0426 0x23e8 Power - ok

15:50:07.0472 0x23e8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

15:50:07.0488 0x23e8 PptpMiniport - ok

15:50:07.0519 0x23e8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\DRIVERS\processr.sys

15:50:07.0519 0x23e8 Processor - ok

15:50:07.0597 0x23e8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll

15:50:07.0597 0x23e8 ProfSvc - ok

15:50:07.0613 0x23e8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe

15:50:07.0613 0x23e8 ProtectedStorage - ok

15:50:07.0675 0x23e8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys

15:50:07.0675 0x23e8 Psched - ok

15:50:07.0753 0x23e8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys

15:50:07.0816 0x23e8 ql2300 - ok

15:50:07.0847 0x23e8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys

15:50:07.0847 0x23e8 ql40xx - ok

15:50:07.0878 0x23e8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll

15:50:07.0894 0x23e8 QWAVE - ok

15:50:07.0909 0x23e8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

15:50:07.0909 0x23e8 QWAVEdrv - ok

15:50:07.0940 0x23e8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

15:50:07.0940 0x23e8 RasAcd - ok

15:50:07.0972 0x23e8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

15:50:07.0972 0x23e8 RasAgileVpn - ok

15:50:08.0003 0x23e8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll

15:50:08.0018 0x23e8 RasAuto - ok

15:50:08.0081 0x23e8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

15:50:08.0081 0x23e8 Rasl2tp - ok

15:50:08.0112 0x23e8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll

15:50:08.0112 0x23e8 RasMan - ok

15:50:08.0143 0x23e8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

15:50:08.0143 0x23e8 RasPppoe - ok

15:50:08.0174 0x23e8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

15:50:08.0174 0x23e8 RasSstp - ok

15:50:08.0237 0x23e8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

15:50:08.0252 0x23e8 rdbss - ok

15:50:08.0284 0x23e8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys

15:50:08.0284 0x23e8 rdpbus - ok

15:50:08.0299 0x23e8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

15:50:08.0315 0x23e8 RDPCDD - ok

15:50:08.0330 0x23e8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

15:50:08.0330 0x23e8 RDPENCDD - ok

15:50:08.0377 0x23e8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

15:50:08.0398 0x23e8 RDPREFMP - ok

15:50:08.0491 0x23e8 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys

15:50:08.0491 0x23e8 RdpVideoMiniport - ok

15:50:08.0554 0x23e8 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\windows\system32\drivers\RDPWD.sys

15:50:08.0554 0x23e8 RDPWD - ok

15:50:08.0632 0x23e8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys

15:50:08.0647 0x23e8 rdyboost - ok

15:50:08.0679 0x23e8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll

15:50:08.0679 0x23e8 RemoteAccess - ok

15:50:08.0710 0x23e8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll

15:50:08.0710 0x23e8 RemoteRegistry - ok

15:50:08.0741 0x23e8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

15:50:08.0741 0x23e8 RpcEptMapper - ok

15:50:08.0772 0x23e8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe

15:50:08.0788 0x23e8 RpcLocator - ok

15:50:08.0913 0x23e8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll

15:50:08.0928 0x23e8 RpcSs - ok

15:50:08.0991 0x23e8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

15:50:09.0006 0x23e8 rspndr - ok

15:50:09.0037 0x23e8 [ 365ED58B47B46DE8B1C5FA759B6FCD6E, 0813B2D6940416F595D6A861DC46E11651ED50C5E52F15595336CA55F3BB0B35 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

15:50:09.0053 0x23e8 RTL8167 - ok

15:50:09.0131 0x23e8 [ B3F36B4B3F192EA87DDC119F3A0B3E45, DE80502994ED9977AD64483385A0BC0C6060EA9E9C08645E72FBBCFE8B2358C7 ] RTL8192su C:\windows\system32\DRIVERS\RTL8192su.sys

15:50:09.0147 0x23e8 RTL8192su - ok

15:50:09.0178 0x23e8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\windows\system32\lsass.exe

15:50:09.0178 0x23e8 SamSs - ok

15:50:09.0209 0x23e8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys

15:50:09.0209 0x23e8 sbp2port - ok

15:50:09.0256 0x23e8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll

15:50:09.0256 0x23e8 SCardSvr - ok

15:50:09.0303 0x23e8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

15:50:09.0318 0x23e8 scfilter - ok

15:50:09.0396 0x23e8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll

15:50:09.0427 0x23e8 Schedule - ok

15:50:09.0474 0x23e8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll

15:50:09.0490 0x23e8 SCPolicySvc - ok

15:50:09.0552 0x23e8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll

15:50:09.0552 0x23e8 SDRSVC - ok

15:50:09.0583 0x23e8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys

15:50:09.0583 0x23e8 secdrv - ok

15:50:09.0646 0x23e8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll

15:50:09.0646 0x23e8 seclogon - ok

15:50:09.0677 0x23e8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\system32\sens.dll

15:50:09.0677 0x23e8 SENS - ok

15:50:09.0693 0x23e8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll

15:50:09.0693 0x23e8 SensrSvc - ok

15:50:09.0724 0x23e8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\DRIVERS\serenum.sys

15:50:09.0724 0x23e8 Serenum - ok

15:50:09.0771 0x23e8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\DRIVERS\serial.sys

15:50:09.0771 0x23e8 Serial - ok

15:50:09.0802 0x23e8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\DRIVERS\sermouse.sys

15:50:09.0802 0x23e8 sermouse - ok

15:50:09.0880 0x23e8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll

15:50:09.0880 0x23e8 SessionEnv - ok

15:50:09.0927 0x23e8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys

15:50:09.0927 0x23e8 sffdisk - ok

15:50:09.0942 0x23e8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

15:50:09.0942 0x23e8 sffp_mmc - ok

15:50:09.0958 0x23e8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

15:50:09.0958 0x23e8 sffp_sd - ok

15:50:09.0989 0x23e8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys

15:50:09.0989 0x23e8 sfloppy - ok

15:50:10.0051 0x23e8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll

15:50:10.0051 0x23e8 SharedAccess - ok

15:50:10.0129 0x23e8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll

15:50:10.0145 0x23e8 ShellHWDetection - ok

15:50:10.0161 0x23e8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys

15:50:10.0161 0x23e8 SiSRaid2 - ok

15:50:10.0207 0x23e8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys

15:50:10.0207 0x23e8 SiSRaid4 - ok

15:50:10.0301 0x23e8 [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

15:50:10.0301 0x23e8 SkypeUpdate - ok

15:50:10.0405 0x23e8 [ 4C65D700CF07A7ED873F79FAE82E8F7F, 50DB5A540EC2D66E041D198E7ACACF2323047582A26DD4FBA1E3D7CFB6BEA452 ] SMARTHelperService C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe

15:50:10.0498 0x23e8 SMARTHelperService - ok

15:50:10.0529 0x23e8 [ BCE703FE67976C57B789F19A77C4C7D1, 6D249386924AA443B3237BF71D9EFDB8C6D2CEE6E40823519694554224FB1538 ] SMARTMouseFilterx64 C:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys

15:50:10.0529 0x23e8 SMARTMouseFilterx64 - ok

15:50:10.0639 0x23e8 [ C02C2D6EBC48A52C0C2922BD86CCEEDE, 07FB67B4EFEF315E071671884FFCCE5B39B486C8901BF9C8D62AEBF3CACF6937 ] SMARTVHidMiniVistaAmd64 C:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys

15:50:10.0639 0x23e8 SMARTVHidMiniVistaAmd64 - ok

15:50:10.0717 0x23e8 [ 8588412F05C55E397374F97588CC7381, BF8A6AAA4FD0A2208EDE92294095A38337785EA3D5961DD069F2596344772ADD ] SMARTVTabletPCx64 C:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys

15:50:10.0717 0x23e8 SMARTVTabletPCx64 - ok

15:50:10.0763 0x23e8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys

15:50:10.0763 0x23e8 Smb - ok

15:50:10.0826 0x23e8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe

15:50:10.0841 0x23e8 SNMPTRAP - ok

15:50:10.0857 0x23e8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys

15:50:10.0873 0x23e8 spldr - ok

15:50:10.0935 0x23e8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe

15:50:10.0951 0x23e8 Spooler - ok

15:50:11.0122 0x23e8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe

15:50:11.0216 0x23e8 sppsvc - ok

15:50:11.0247 0x23e8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll

15:50:11.0247 0x23e8 sppuinotify - ok

15:50:11.0387 0x23e8 [ 2FD9346F9D76CB4192D37329CFA47A82, 4CD75B4006147D469116F3CBC10528928A592510DA8037D709CB198D89853CAB ] SRTSP C:\windows\System32\Drivers\N360x64\1405000.01C\SRTSP64.SYS

15:50:11.0419 0x23e8 SRTSP - ok

15:50:11.0450 0x23e8 [ 0E76CEF892C45734F7AED09FDDF35D4D, C25AF31E411AC3A090859C883132B9AE6A80C8D791168FF219BC0895E35A0359 ] SRTSPX C:\windows\system32\drivers\N360x64\1405000.01C\SRTSPX64.SYS

15:50:11.0450 0x23e8 SRTSPX - ok

15:50:11.0528 0x23e8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys

15:50:11.0528 0x23e8 srv - ok

15:50:11.0559 0x23e8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

15:50:11.0575 0x23e8 srv2 - ok

15:50:11.0606 0x23e8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

15:50:11.0606 0x23e8 srvnet - ok

15:50:11.0653 0x23e8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

15:50:11.0653 0x23e8 SSDPSRV - ok

15:50:11.0684 0x23e8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll

15:50:11.0684 0x23e8 SstpSvc - ok

15:50:11.0715 0x23e8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\DRIVERS\stexstor.sys

15:50:11.0715 0x23e8 stexstor - ok

15:50:11.0793 0x23e8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll

15:50:11.0809 0x23e8 stisvc - ok

15:50:11.0840 0x23e8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\drivers\swenum.sys

15:50:11.0840 0x23e8 swenum - ok

15:50:11.0887 0x23e8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll

15:50:11.0902 0x23e8 swprv - ok

15:50:11.0980 0x23e8 [ 52DC0048D667757A8A2E4C87182890AC, 7B43DF6DADFDDBBC5402477FE832052ADB6A39B90111CDA89B5E01CE900F55C5 ] SymDS C:\windows\system32\drivers\N360x64\1405000.01C\SYMDS64.SYS

15:50:11.0996 0x23e8 SymDS - ok

15:50:12.0058 0x23e8 [ 599872BAD7CFB45C7CE47CDED4B726D8, 5B15B1B22C3ACA1BC56CAFCAFFC2E974C75C77C0AB7355FBA91F2147C0911499 ] SymEFA C:\windows\system32\drivers\N360x64\1405000.01C\SYMEFA64.SYS

15:50:12.0089 0x23e8 SymEFA - ok

15:50:12.0167 0x23e8 [ F19E5E37ED8134B9E5F6287F2D3A75D7, 5804D6DF529213CCF7CD2C345483940554CAA5C6EA065A1B09AA54D114C612F8 ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS

15:50:12.0183 0x23e8 SymEvent - ok

15:50:12.0230 0x23e8 [ ADF37F1A715D6C56C8E065FD8569A9A4, 33E895CB326F62D4D22E345563B0641EB88D23B2104A07E8CEBE5ED150882767 ] SymIRON C:\windows\system32\drivers\N360x64\1405000.01C\Ironx64.SYS

15:50:12.0245 0x23e8 SymIRON - ok

15:50:12.0277 0x23e8 [ 9CDCA70485BD6B9D230365F67C31F132, 137995F1F0124E3A10AAA25551F811602BB5FE8361AE8CBA899C6B98486F4CF3 ] SymNetS C:\windows\System32\Drivers\N360x64\1405000.01C\SYMNETS.SYS

15:50:12.0292 0x23e8 SymNetS - ok

15:50:12.0422 0x23e8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll

15:50:12.0484 0x23e8 SysMain - ok

15:50:12.0547 0x23e8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll

15:50:12.0547 0x23e8 TabletInputService - ok

15:50:12.0578 0x23e8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll

15:50:12.0578 0x23e8 TapiSrv - ok

15:50:12.0609 0x23e8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll

15:50:12.0625 0x23e8 TBS - ok

15:50:12.0750 0x23e8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\windows\system32\drivers\tcpip.sys

15:50:12.0796 0x23e8 Tcpip - ok

15:50:12.0874 0x23e8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

15:50:12.0921 0x23e8 TCPIP6 - ok

15:50:12.0984 0x23e8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

15:50:12.0984 0x23e8 tcpipreg - ok

15:50:13.0015 0x23e8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

15:50:13.0030 0x23e8 TDPIPE - ok

15:50:13.0046 0x23e8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

15:50:13.0046 0x23e8 TDTCP - ok

15:50:13.0124 0x23e8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\windows\system32\DRIVERS\tdx.sys

15:50:13.0124 0x23e8 tdx - ok

15:50:13.0155 0x23e8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\drivers\termdd.sys

15:50:13.0155 0x23e8 TermDD - ok

15:50:13.0218 0x23e8 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\windows\System32\termsrv.dll

15:50:13.0233 0x23e8 TermService - ok

15:50:13.0264 0x23e8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll

15:50:13.0280 0x23e8 Themes - ok

15:50:13.0311 0x23e8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll

15:50:13.0311 0x23e8 THREADORDER - ok

15:50:13.0342 0x23e8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll

15:50:13.0342 0x23e8 TrkWks - ok

15:50:13.0389 0x23e8 [ 975F2CAA23B9CF4420EAB6439BE4D233, D2E37D96D1C90F3B1D5CE21E6516B88E98199F86EE56CDAF3E2673FFE154E452 ] TrueSight C:\Windows\System32\drivers\TrueSight.sys

15:50:13.0405 0x23e8 TrueSight - ok

15:50:13.0483 0x23e8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

15:50:13.0483 0x23e8 TrustedInstaller - ok

15:50:13.0545 0x23e8 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

15:50:13.0561 0x23e8 tssecsrv - ok

15:50:13.0608 0x23e8 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

15:50:13.0623 0x23e8 TsUsbFlt - ok

15:50:13.0686 0x23e8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

15:50:13.0686 0x23e8 tunnel - ok

15:50:13.0717 0x23e8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys

15:50:13.0732 0x23e8 uagp35 - ok

15:50:13.0795 0x23e8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys

15:50:13.0810 0x23e8 udfs - ok

15:50:13.0842 0x23e8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe

15:50:13.0857 0x23e8 UI0Detect - ok

15:50:13.0888 0x23e8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

15:50:13.0888 0x23e8 uliagpkx - ok

15:50:13.0935 0x23e8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys

15:50:13.0935 0x23e8 umbus - ok

15:50:13.0966 0x23e8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\DRIVERS\umpass.sys

15:50:13.0966 0x23e8 UmPass - ok

15:50:14.0044 0x23e8 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

15:50:14.0060 0x23e8 Updater Service - ok

15:50:14.0107 0x23e8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll

15:50:14.0122 0x23e8 upnphost - ok

15:50:14.0169 0x23e8 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\windows\system32\drivers\usbaudio.sys

15:50:14.0185 0x23e8 usbaudio - ok

15:50:14.0232 0x23e8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

15:50:14.0232 0x23e8 usbccgp - ok

15:50:14.0278 0x23e8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys

15:50:14.0278 0x23e8 usbcir - ok

15:50:14.0325 0x23e8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys

15:50:14.0341 0x23e8 usbehci - ok

15:50:14.0424 0x23e8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

15:50:14.0424 0x23e8 usbhub - ok

15:50:14.0486 0x23e8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys

15:50:14.0486 0x23e8 usbohci - ok

15:50:14.0517 0x23e8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

15:50:14.0517 0x23e8 usbprint - ok

15:50:14.0564 0x23e8 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\windows\system32\drivers\usbscan.sys

15:50:14.0564 0x23e8 usbscan - ok

15:50:14.0595 0x23e8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

15:50:14.0595 0x23e8 USBSTOR - ok

15:50:14.0658 0x23e8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys

15:50:14.0658 0x23e8 usbuhci - ok

15:50:14.0720 0x23e8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys

15:50:14.0720 0x23e8 usbvideo - ok

15:50:14.0783 0x23e8 [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\windows\system32\DRIVERS\usb8023x.sys

15:50:14.0783 0x23e8 usb_rndisx - ok

15:50:14.0814 0x23e8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll

15:50:14.0829 0x23e8 UxSms - ok

15:50:14.0845 0x23e8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\windows\system32\lsass.exe

15:50:14.0845 0x23e8 VaultSvc - ok

15:50:14.0892 0x23e8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

15:50:14.0892 0x23e8 vdrvroot - ok

15:50:14.0954 0x23e8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe

15:50:14.0985 0x23e8 vds - ok

15:50:15.0001 0x23e8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys

15:50:15.0001 0x23e8 vga - ok

15:50:15.0032 0x23e8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys

15:50:15.0032 0x23e8 VgaSave - ok

15:50:15.0079 0x23e8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys

15:50:15.0079 0x23e8 vhdmp - ok

15:50:15.0110 0x23e8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys

15:50:15.0110 0x23e8 viaide - ok

15:50:15.0157 0x23e8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys

15:50:15.0157 0x23e8 volmgr - ok

15:50:15.0235 0x23e8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys

15:50:15.0266 0x23e8 volmgrx - ok

15:50:15.0297 0x23e8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\windows\system32\drivers\volsnap.sys

15:50:15.0313 0x23e8 volsnap - ok

15:50:15.0360 0x23e8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys

15:50:15.0360 0x23e8 vsmraid - ok

15:50:15.0485 0x23e8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe

15:50:15.0531 0x23e8 VSS - ok

15:50:15.0547 0x23e8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

15:50:15.0563 0x23e8 vwifibus - ok

15:50:15.0578 0x23e8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

15:50:15.0594 0x23e8 vwififlt - ok

15:50:15.0609 0x23e8 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

15:50:15.0625 0x23e8 vwifimp - ok

15:50:15.0656 0x23e8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll

15:50:15.0672 0x23e8 W32Time - ok

15:50:15.0703 0x23e8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys

15:50:15.0703 0x23e8 WacomPen - ok

15:50:15.0781 0x23e8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

15:50:15.0781 0x23e8 WANARP - ok

15:50:15.0797 0x23e8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

15:50:15.0797 0x23e8 Wanarpv6 - ok

15:50:15.0875 0x23e8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

15:50:15.0906 0x23e8 WatAdminSvc - ok

15:50:16.0015 0x23e8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe

15:50:16.0062 0x23e8 wbengine - ok

15:50:16.0109 0x23e8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll

15:50:16.0109 0x23e8 WbioSrvc - ok

15:50:16.0171 0x23e8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll

15:50:16.0187 0x23e8 wcncsvc - ok

15:50:16.0202 0x23e8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

15:50:16.0218 0x23e8 WcsPlugInService - ok

15:50:16.0233 0x23e8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\DRIVERS\wd.sys

15:50:16.0249 0x23e8 Wd - ok

15:50:16.0327 0x23e8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

15:50:16.0343 0x23e8 Wdf01000 - ok

15:50:16.0394 0x23e8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll

15:50:16.0410 0x23e8 WdiServiceHost - ok

15:50:16.0410 0x23e8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll

15:50:16.0426 0x23e8 WdiSystemHost - ok

15:50:16.0472 0x23e8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll

15:50:16.0488 0x23e8 WebClient - ok

15:50:16.0519 0x23e8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll

15:50:16.0535 0x23e8 Wecsvc - ok

15:50:16.0550 0x23e8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll

15:50:16.0566 0x23e8 wercplsupport - ok

15:50:16.0582 0x23e8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll

15:50:16.0582 0x23e8 WerSvc - ok

15:50:16.0628 0x23e8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

15:50:16.0628 0x23e8 WfpLwf - ok

15:50:16.0660 0x23e8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys

15:50:16.0660 0x23e8 WIMMount - ok

15:50:16.0675 0x23e8 WinDefend - ok

15:50:16.0722 0x23e8 WinHttpAutoProxySvc - ok

15:50:16.0769 0x23e8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

15:50:16.0784 0x23e8 Winmgmt - ok

15:50:16.0940 0x23e8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\windows\system32\WsmSvc.dll

15:50:17.0018 0x23e8 WinRM - ok

15:50:17.0112 0x23e8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

15:50:17.0112 0x23e8 WinUsb - ok

15:50:17.0206 0x23e8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll

15:50:17.0237 0x23e8 Wlansvc - ok

15:50:17.0408 0x23e8 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:50:17.0471 0x23e8 wlidsvc - ok

15:50:17.0518 0x23e8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

15:50:17.0533 0x23e8 WmiAcpi - ok

15:50:17.0564 0x23e8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

15:50:17.0564 0x23e8 wmiApSrv - ok

15:50:17.0596 0x23e8 WMPNetworkSvc - ok

15:50:17.0627 0x23e8 WN311BFCS - ok

15:50:17.0642 0x23e8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll

15:50:17.0658 0x23e8 WPCSvc - ok

15:50:17.0705 0x23e8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

15:50:17.0720 0x23e8 WPDBusEnum - ok

15:50:17.0752 0x23e8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

15:50:17.0752 0x23e8 ws2ifsl - ok

15:50:17.0767 0x23e8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\system32\wscsvc.dll

15:50:17.0783 0x23e8 wscsvc - ok

15:50:17.0845 0x23e8 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys

15:50:17.0845 0x23e8 WSDPrintDevice - ok

15:50:17.0876 0x23e8 [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys

15:50:17.0876 0x23e8 WSDScan - ok

15:50:17.0892 0x23e8 WSearch - ok

15:50:18.0032 0x23e8 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\windows\system32\wuaueng.dll

15:50:18.0095 0x23e8 wuauserv - ok

15:50:18.0157 0x23e8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys

15:50:18.0157 0x23e8 WudfPf - ok

15:50:18.0188 0x23e8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

15:50:18.0204 0x23e8 WUDFRd - ok

15:50:18.0251 0x23e8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll

15:50:18.0251 0x23e8 wudfsvc - ok

15:50:18.0313 0x23e8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll

15:50:18.0329 0x23e8 WwanSvc - ok

15:50:18.0427 0x23e8 ================ Scan global ===============================

15:50:18.0459 0x23e8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll

15:50:18.0505 0x23e8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll

15:50:18.0537 0x23e8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll

15:50:18.0568 0x23e8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll

15:50:18.0583 0x23e8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe

15:50:18.0599 0x23e8 [ Global ] - ok

15:50:18.0599 0x23e8 ================ Scan MBR ==================================

15:50:18.0615 0x23e8 [ 8C9F9E03865C35F0F3829A23CDA42F5D ] \Device\Harddisk0\DR0

15:50:21.0209 0x23e8 \Device\Harddisk0\DR0 - ok

15:50:21.0209 0x23e8 ================ Scan VBR ==================================

15:50:21.0225 0x23e8 [ 0951B816F349300676479098DDB9444E ] \Device\Harddisk0\DR0\Partition1

15:50:21.0240 0x23e8 \Device\Harddisk0\DR0\Partition1 - ok

15:50:21.0256 0x23e8 [ 6917150E758A49D86380921EA344A037 ] \Device\Harddisk0\DR0\Partition2

15:50:21.0287 0x23e8 \Device\Harddisk0\DR0\Partition2 - ok

15:50:21.0303 0x23e8 ================ Scan generic autorun ======================

15:50:21.0599 0x23e8 [ 29EB88523E5848F10EBC538C12485A03, 87CE050020649FC8AA4C8DC6FC3541FBFA90A172C165149F7C02765E0FEF145B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

15:50:21.0849 0x23e8 RtHDVCpl - ok

15:50:21.0911 0x23e8 [ F6F938C8D91C88B2E3536D4F4CDC8E91, 2718C62B52FF2E32DB2C2890A9D0FF9DA6F1C0CF04DE4C66E98019358308BC33 ] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

15:50:21.0911 0x23e8 WinPatrol - ok

15:50:22.0020 0x23e8 [ D183EDD7AB9A11089AE1A7506780BAED, 18CB6257403282F9F7FBB30C396A7B05AEDCEECF5C613A73B0BFD13D6078CE1C ] C:\Program Files (x86)\NETGEAR\WN311B\Utility\WN311B.exe

15:50:22.0067 0x23e8 AS00_WN311B - ok

15:50:22.0176 0x23e8 [ A7810B302294793DE88542AAE177D1B1, F0EE3684DBEB0AAAD912DC04D060976D1EAE92489E192BAE900FA0F417AD20A7 ] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

15:50:22.0176 0x23e8 ArcSoft Connection Service - ok

15:50:22.0208 0x23e8 [ F6F938C8D91C88B2E3536D4F4CDC8E91, 2718C62B52FF2E32DB2C2890A9D0FF9DA6F1C0CF04DE4C66E98019358308BC33 ] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe

15:50:22.0208 0x23e8 WinPatrol - ok

15:50:22.0415 0x23e8 [ 6BDB90D0D8235A746F3C0F554B6F7181, A67B5916D4B5017B3F1C212BA1F2A45DAA3ABAFBF600DFC952BD4E8506F02223 ] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe

15:50:22.0525 0x23e8 Cobian Backup 11 interface - ok

15:50:22.0618 0x23e8 [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

15:50:22.0665 0x23e8 SunJavaUpdateSched - ok

15:50:22.0883 0x23e8 [ D2F08F8783EBA3C2B9F007EE0ABAD8E7, ED84C80C371B5E87C836B2678B2F0D93EDE7E29A07DAEDD976A0E13C97686C68 ] C:\Users\Anthony\AppData\Roaming\BitTorrent\BitTorrent.exe

15:50:22.0930 0x23e8 BitTorrent - ok

15:50:22.0946 0x23e8 Waiting for KSN requests completion. In queue: 71

15:50:23.0960 0x23e8 Waiting for KSN requests completion. In queue: 71

15:50:24.0968 0x23e8 Waiting for KSN requests completion. In queue: 8

15:50:26.0107 0x23e8 AV detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\WSCStub.exe ( 20.5.0.0 ), 0x51000 ( enabled : updated )

15:50:26.0123 0x23e8 FW detected via SS2: Norton 360, C:\Program Files (x86)\Norton 360\Engine\20.5.0.28\WSCStub.exe ( 20.5.0.0 ), 0x51010 ( enabled )

15:50:28.0922 0x23e8 ============================================================

15:50:28.0922 0x23e8 Scan finished

15:50:28.0922 0x23e8 ============================================================

15:50:28.0938 0x1cf0 Detected object count: 0

15:50:28.0938 0x1cf0 Actual detected object count: 0



#15 apolaris

apolaris
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 11 November 2014 - 04:02 PM

Currently running ASW. Shortly before I began that scan, Norton detected and blocked something called "Sweet Orange Exploit Kit."






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users