Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove virus that is keeping my CPU usage around 90-100% at all times


  • Please log in to reply
8 replies to this topic

#1 dairtudreem

dairtudreem

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 21 June 2013 - 02:49 PM

Mod edit: moved to proper forum as ComboFix log is included.~~ boopme


My laptop is incredibly slow.. running at 100% CPU usage pretty much all the time. I am forced to use Symantec Endpoint Protection in order to gain internet access for school.. and I am constantly getting popups saying that theres a gen 2 trojan in my appdata file..and it deletes/quarentines it but it always comes back. I've scanned using that, avast, malwarebytes, mse, tdss killer, combofix and rkill. I have also done this in safe mode w/ networking and my computer is still infected.
 
Here is the rkill log.
 
Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Invalid arguments ignored: Lapt\Downloads\rkill.exe

Program started at: 06/21/2013 12:59:03 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 06/21/2013 01:01:11 PM
Execution time: 0 hours(s), 2 minute(s), and 7 seconds(s)
 
tdss killer log
 
14:06:31.0742 1440  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:06:33.0411 1440  ============================================================
14:06:33.0411 1440  Current date / time: 2013/06/21 14:06:33.0411
14:06:33.0411 1440  SystemInfo:
14:06:33.0411 1440  
14:06:33.0411 1440  OS Version: 6.1.7601 ServicePack: 1.0
14:06:33.0411 1440  Product type: Workstation
14:06:33.0426 1440  ComputerName: ASHLEYLAPTOP-PC
14:06:33.0426 1440  UserName: Ashley's Lapt
14:06:33.0426 1440  Windows directory: C:\windows
14:06:33.0426 1440  System windows directory: C:\windows
14:06:33.0426 1440  Running under WOW64
14:06:33.0426 1440  Processor architecture: Intel x64
14:06:33.0426 1440  Number of processors: 2
14:06:33.0426 1440  Page size: 0x1000
14:06:33.0426 1440  Boot type: Safe boot with network
14:06:33.0426 1440  ============================================================
14:06:34.0191 1440  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:06:34.0206 1440  ============================================================
14:06:34.0206 1440  \Device\Harddisk0\DR0:
14:06:34.0206 1440  MBR partitions:
14:06:34.0206 1440  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:06:34.0206 1440  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE200000
14:06:34.0222 1440  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE233000, BlocksNum 0x14C1E800
14:06:34.0222 1440  ============================================================
14:06:34.0253 1440  C: <-> \Device\Harddisk0\DR0\Partition2
14:06:34.0284 1440  D: <-> \Device\Harddisk0\DR0\Partition3
14:06:34.0284 1440  ============================================================
14:06:34.0284 1440  Initialize success
14:06:34.0284 1440  ============================================================
14:06:41.0928 1880  ============================================================
14:06:41.0928 1880  Scan started
14:06:41.0928 1880  Mode: Manual;
14:06:41.0928 1880  ============================================================
14:06:42.0272 1880  ================ Scan system memory ========================
14:06:42.0272 1880  System memory - ok
14:06:42.0272 1880  ================ Scan services =============================
14:06:42.0537 1880  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
14:06:42.0537 1880  1394ohci - ok
14:06:42.0615 1880  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
14:06:42.0615 1880  ACPI - ok
14:06:42.0677 1880  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
14:06:42.0677 1880  AcpiPmi - ok
14:06:42.0833 1880  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:06:42.0833 1880  AdobeARMservice - ok
14:06:42.0989 1880  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:06:42.0989 1880  AdobeFlashPlayerUpdateSvc - ok
14:06:43.0052 1880  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
14:06:43.0067 1880  adp94xx - ok
14:06:43.0098 1880  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
14:06:43.0098 1880  adpahci - ok
14:06:43.0145 1880  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
14:06:43.0161 1880  adpu320 - ok
14:06:43.0208 1880  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
14:06:43.0208 1880  AeLookupSvc - ok
14:06:43.0270 1880  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
14:06:43.0286 1880  AFD - ok
14:06:43.0364 1880  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
14:06:43.0364 1880  agp440 - ok
14:06:43.0426 1880  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
14:06:43.0426 1880  ALG - ok
14:06:43.0473 1880  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
14:06:43.0473 1880  aliide - ok
14:06:43.0551 1880  [ 14BD9450992551A5A58580B4BA85DAA1 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
14:06:43.0566 1880  AMD External Events Utility - ok
14:06:43.0613 1880  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
14:06:43.0613 1880  amdide - ok
14:06:43.0660 1880  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
14:06:43.0660 1880  AmdK8 - ok
14:06:43.0925 1880  [ 62B34EE19B5ECDA129FADD10B7D2EA9C ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
14:06:44.0190 1880  amdkmdag - ok
14:06:44.0237 1880  [ 7033CAA5B9550E470C985815382744FF ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
14:06:44.0237 1880  amdkmdap - ok
14:06:44.0315 1880  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
14:06:44.0315 1880  AmdPPM - ok
14:06:44.0393 1880  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
14:06:44.0393 1880  amdsata - ok
14:06:44.0409 1880  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
14:06:44.0409 1880  amdsbs - ok
14:06:44.0440 1880  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
14:06:44.0440 1880  amdxata - ok
14:06:44.0471 1880  [ 80A508D0C7A21BC13C01D4C671541203 ] amd_sata        C:\windows\system32\DRIVERS\amd_sata.sys
14:06:44.0471 1880  amd_sata - ok
14:06:44.0518 1880  [ 2BE940F3A632A1A301B22B096BF221F1 ] amd_xata        C:\windows\system32\DRIVERS\amd_xata.sys
14:06:44.0518 1880  amd_xata - ok
14:06:44.0565 1880  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
14:06:44.0565 1880  AppID - ok
14:06:44.0596 1880  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
14:06:44.0596 1880  AppIDSvc - ok
14:06:44.0658 1880  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
14:06:44.0658 1880  Appinfo - ok
14:06:44.0783 1880  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:06:44.0799 1880  Apple Mobile Device - ok
14:06:44.0861 1880  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
14:06:44.0877 1880  arc - ok
14:06:44.0877 1880  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
14:06:44.0877 1880  arcsas - ok
14:06:44.0939 1880  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
14:06:44.0939 1880  aswFsBlk - ok
14:06:44.0986 1880  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
14:06:45.0002 1880  aswMonFlt - ok
14:06:45.0033 1880  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
14:06:45.0048 1880  aswRdr - ok
14:06:45.0095 1880  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
14:06:45.0095 1880  aswRvrt - ok
14:06:45.0173 1880  [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
14:06:45.0189 1880  aswSnx - ok
14:06:45.0220 1880  [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP           C:\windows\system32\drivers\aswSP.sys
14:06:45.0236 1880  aswSP - ok
14:06:45.0251 1880  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
14:06:45.0251 1880  aswTdi - ok
14:06:45.0282 1880  [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
14:06:45.0298 1880  aswVmm - ok
14:06:45.0345 1880  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
14:06:45.0345 1880  AsyncMac - ok
14:06:45.0392 1880  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
14:06:45.0392 1880  atapi - ok
14:06:45.0501 1880  [ 3D68A1EEF77307142636AF5127990BCB ] athr            C:\windows\system32\DRIVERS\athrx.sys
14:06:45.0532 1880  athr - ok
14:06:45.0579 1880  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
14:06:45.0579 1880  AtiHDAudioService - ok
14:06:45.0641 1880  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
14:06:45.0641 1880  AudioEndpointBuilder - ok
14:06:45.0657 1880  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
14:06:45.0672 1880  AudioSrv - ok
14:06:45.0844 1880  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:06:45.0860 1880  avast! Antivirus - ok
14:06:45.0906 1880  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
14:06:45.0906 1880  AxInstSV - ok
14:06:45.0984 1880  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
14:06:45.0984 1880  b06bdrv - ok
14:06:46.0016 1880  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
14:06:46.0031 1880  b57nd60a - ok
14:06:46.0062 1880  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
14:06:46.0078 1880  BDESVC - ok
14:06:46.0094 1880  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
14:06:46.0094 1880  Beep - ok
14:06:46.0156 1880  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
14:06:46.0156 1880  BFE - ok
14:06:46.0203 1880  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\system32\qmgr.dll
14:06:46.0265 1880  BITS - ok
14:06:46.0296 1880  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
14:06:46.0296 1880  blbdrive - ok
14:06:46.0390 1880  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:06:46.0390 1880  Bonjour Service - ok
14:06:46.0437 1880  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
14:06:46.0452 1880  bowser - ok
14:06:46.0468 1880  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
14:06:46.0468 1880  BrFiltLo - ok
14:06:46.0484 1880  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
14:06:46.0484 1880  BrFiltUp - ok
14:06:46.0515 1880  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
14:06:46.0515 1880  BridgeMP - ok
14:06:46.0546 1880  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
14:06:46.0546 1880  Browser - ok
14:06:46.0593 1880  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
14:06:46.0593 1880  Brserid - ok
14:06:46.0608 1880  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
14:06:46.0608 1880  BrSerWdm - ok
14:06:46.0608 1880  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
14:06:46.0608 1880  BrUsbMdm - ok
14:06:46.0624 1880  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
14:06:46.0624 1880  BrUsbSer - ok
14:06:46.0655 1880  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
14:06:46.0655 1880  BthEnum - ok
14:06:46.0671 1880  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
14:06:46.0686 1880  BTHMODEM - ok
14:06:46.0686 1880  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
14:06:46.0686 1880  BthPan - ok
14:06:46.0718 1880  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
14:06:46.0733 1880  BTHPORT - ok
14:06:46.0780 1880  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
14:06:46.0780 1880  bthserv - ok
14:06:46.0796 1880  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
14:06:46.0796 1880  BTHUSB - ok
14:06:46.0811 1880  catchme - ok
14:06:46.0905 1880  [ 260A069F403DA226D18C058AD14FD3A3 ] ccEvtMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
14:06:46.0905 1880  ccEvtMgr - ok
14:06:46.0920 1880  [ 260A069F403DA226D18C058AD14FD3A3 ] ccSetMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
14:06:46.0920 1880  ccSetMgr - ok
14:06:46.0967 1880  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
14:06:46.0967 1880  cdfs - ok
14:06:47.0279 1880  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
14:06:47.0279 1880  cdrom - ok
14:06:47.0342 1880  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
14:06:47.0342 1880  CertPropSvc - ok
14:06:47.0373 1880  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
14:06:47.0373 1880  circlass - ok
14:06:47.0404 1880  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
14:06:47.0420 1880  CLFS - ok
14:06:47.0513 1880  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:06:47.0513 1880  clr_optimization_v2.0.50727_32 - ok
14:06:47.0576 1880  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:06:47.0591 1880  clr_optimization_v2.0.50727_64 - ok
14:06:47.0669 1880  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:06:47.0700 1880  clr_optimization_v4.0.30319_32 - ok
14:06:47.0778 1880  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:06:47.0794 1880  clr_optimization_v4.0.30319_64 - ok
14:06:47.0841 1880  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
14:06:47.0841 1880  clwvd - ok
14:06:47.0888 1880  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
14:06:47.0888 1880  CmBatt - ok
14:06:47.0903 1880  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
14:06:47.0903 1880  cmdide - ok
14:06:47.0966 1880  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
14:06:47.0981 1880  CNG - ok
14:06:48.0012 1880  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
14:06:48.0012 1880  Compbatt - ok
14:06:48.0044 1880  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
14:06:48.0059 1880  CompositeBus - ok
14:06:48.0075 1880  COMSysApp - ok
14:06:48.0090 1880  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
14:06:48.0090 1880  crcdisk - ok
14:06:48.0137 1880  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\windows\system32\cryptsvc.dll
14:06:48.0153 1880  CryptSvc - ok
14:06:48.0215 1880  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
14:06:48.0215 1880  DcomLaunch - ok
14:06:48.0262 1880  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
14:06:48.0262 1880  defragsvc - ok
14:06:48.0324 1880  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
14:06:48.0324 1880  DfsC - ok
14:06:48.0387 1880  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
14:06:48.0387 1880  Dhcp - ok
14:06:48.0418 1880  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
14:06:48.0418 1880  discache - ok
14:06:48.0465 1880  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
14:06:48.0465 1880  Disk - ok
14:06:48.0512 1880  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
14:06:48.0512 1880  Dnscache - ok
14:06:48.0543 1880  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
14:06:48.0543 1880  dot3svc - ok
14:06:48.0558 1880  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
14:06:48.0558 1880  DPS - ok
14:06:48.0590 1880  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
14:06:48.0605 1880  drmkaud - ok
14:06:48.0652 1880  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
14:06:48.0668 1880  DXGKrnl - ok
14:06:48.0714 1880  EagleX64 - ok
14:06:48.0777 1880  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
14:06:48.0777 1880  EapHost - ok
14:06:48.0886 1880  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
14:06:48.0933 1880  ebdrv - ok
14:06:49.0011 1880  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:06:49.0026 1880  eeCtrl - ok
14:06:49.0058 1880  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
14:06:49.0058 1880  EFS - ok
14:06:49.0120 1880  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
14:06:49.0136 1880  ehRecvr - ok
14:06:49.0151 1880  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
14:06:49.0151 1880  ehSched - ok
14:06:49.0198 1880  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
14:06:49.0214 1880  elxstor - ok
14:06:49.0260 1880  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:06:49.0260 1880  EraserUtilRebootDrv - ok
14:06:49.0276 1880  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
14:06:49.0276 1880  ErrDev - ok
14:06:49.0338 1880  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
14:06:49.0338 1880  EventSystem - ok
14:06:49.0370 1880  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
14:06:49.0385 1880  exfat - ok
14:06:49.0401 1880  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
14:06:49.0416 1880  fastfat - ok
14:06:49.0448 1880  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
14:06:49.0448 1880  Fax - ok
14:06:49.0479 1880  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
14:06:49.0494 1880  fdc - ok
14:06:49.0510 1880  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
14:06:49.0526 1880  fdPHost - ok
14:06:49.0526 1880  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
14:06:49.0541 1880  FDResPub - ok
14:06:49.0541 1880  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
14:06:49.0557 1880  FileInfo - ok
14:06:49.0572 1880  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
14:06:49.0572 1880  Filetrace - ok
14:06:49.0572 1880  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
14:06:49.0572 1880  flpydisk - ok
14:06:49.0619 1880  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
14:06:49.0619 1880  FltMgr - ok
14:06:49.0697 1880  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
14:06:49.0713 1880  FontCache - ok
14:06:49.0760 1880  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:06:49.0760 1880  FontCache3.0.0.0 - ok
14:06:49.0791 1880  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
14:06:49.0791 1880  FsDepends - ok
14:06:49.0822 1880  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
14:06:49.0838 1880  Fs_Rec - ok
14:06:49.0884 1880  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
14:06:49.0884 1880  fvevol - ok
14:06:49.0916 1880  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
14:06:49.0931 1880  gagp30kx - ok
14:06:49.0947 1880  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:06:49.0947 1880  GEARAspiWDM - ok
14:06:50.0009 1880  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
14:06:50.0009 1880  gpsvc - ok
14:06:50.0056 1880  [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb         C:\windows\system32\drivers\grmnusb.sys
14:06:50.0056 1880  grmnusb - ok
14:06:50.0072 1880  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
14:06:50.0072 1880  hcw85cir - ok
14:06:50.0118 1880  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
14:06:50.0118 1880  HdAudAddService - ok
14:06:50.0134 1880  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
14:06:50.0134 1880  HDAudBus - ok
14:06:50.0150 1880  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
14:06:50.0150 1880  HidBatt - ok
14:06:50.0165 1880  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
14:06:50.0165 1880  HidBth - ok
14:06:50.0165 1880  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
14:06:50.0181 1880  HidIr - ok
14:06:50.0196 1880  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
14:06:50.0196 1880  hidserv - ok
14:06:50.0259 1880  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
14:06:50.0259 1880  HidUsb - ok
14:06:50.0306 1880  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
14:06:50.0306 1880  hkmsvc - ok
14:06:50.0321 1880  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
14:06:50.0321 1880  HomeGroupListener - ok
14:06:50.0352 1880  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
14:06:50.0352 1880  HomeGroupProvider - ok
14:06:50.0399 1880  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
14:06:50.0399 1880  HpSAMD - ok
14:06:50.0446 1880  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
14:06:50.0446 1880  HTTP - ok
14:06:50.0477 1880  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
14:06:50.0477 1880  hwpolicy - ok
14:06:50.0524 1880  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
14:06:50.0524 1880  i8042prt - ok
14:06:50.0540 1880  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
14:06:50.0540 1880  iaStorV - ok
14:06:50.0586 1880  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:06:50.0602 1880  idsvc - ok
14:06:50.0820 1880  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
14:06:50.0992 1880  igfx - ok
14:06:51.0008 1880  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
14:06:51.0008 1880  iirsp - ok
14:06:51.0054 1880  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
14:06:51.0070 1880  IKEEXT - ok
14:06:51.0195 1880  [ 404561D4EE0CAE109379A40247046B03 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
14:06:51.0242 1880  IntcAzAudAddService - ok
14:06:51.0242 1880  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
14:06:51.0257 1880  intelide - ok
14:06:51.0273 1880  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\drivers\intelppm.sys
14:06:51.0273 1880  intelppm - ok
14:06:51.0304 1880  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
14:06:51.0304 1880  IPBusEnum - ok
14:06:51.0351 1880  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
14:06:51.0351 1880  IpFilterDriver - ok
14:06:51.0398 1880  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
14:06:51.0398 1880  iphlpsvc - ok
14:06:51.0429 1880  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
14:06:51.0429 1880  IPMIDRV - ok
14:06:51.0460 1880  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
14:06:51.0460 1880  IPNAT - ok
14:06:51.0569 1880  [ 2872B90D57C8310194A78A9787406467 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:06:51.0585 1880  iPod Service - ok
14:06:51.0632 1880  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
14:06:51.0632 1880  IRENUM - ok
14:06:51.0647 1880  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
14:06:51.0647 1880  isapnp - ok
14:06:51.0678 1880  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
14:06:51.0678 1880  iScsiPrt - ok
14:06:51.0725 1880  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
14:06:51.0725 1880  kbdclass - ok
14:06:51.0756 1880  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
14:06:51.0756 1880  kbdhid - ok
14:06:51.0772 1880  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
14:06:51.0772 1880  KeyIso - ok
14:06:51.0819 1880  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
14:06:51.0819 1880  KSecDD - ok
14:06:51.0834 1880  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
14:06:51.0834 1880  KSecPkg - ok
14:06:51.0850 1880  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
14:06:51.0850 1880  ksthunk - ok
14:06:51.0897 1880  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
14:06:51.0897 1880  KtmRm - ok
14:06:51.0928 1880  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
14:06:51.0944 1880  LanmanServer - ok
14:06:51.0975 1880  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
14:06:51.0975 1880  LanmanWorkstation - ok
14:06:52.0178 1880  [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate      C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
14:06:52.0209 1880  LiveUpdate - ok
14:06:52.0256 1880  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
14:06:52.0256 1880  lltdio - ok
14:06:52.0287 1880  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
14:06:52.0287 1880  lltdsvc - ok
14:06:52.0302 1880  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
14:06:52.0302 1880  lmhosts - ok
14:06:52.0334 1880  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
14:06:52.0349 1880  LSI_FC - ok
14:06:52.0365 1880  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
14:06:52.0365 1880  LSI_SAS - ok
14:06:52.0380 1880  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
14:06:52.0380 1880  LSI_SAS2 - ok
14:06:52.0380 1880  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
14:06:52.0396 1880  LSI_SCSI - ok
14:06:52.0412 1880  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
14:06:52.0427 1880  luafv - ok
14:06:52.0458 1880  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
14:06:52.0458 1880  MBAMProtector - ok
14:06:52.0583 1880  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:06:52.0583 1880  MBAMScheduler - ok
14:06:52.0630 1880  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:06:52.0646 1880  MBAMService - ok
14:06:52.0677 1880  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
14:06:52.0677 1880  Mcx2Svc - ok
14:06:52.0692 1880  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
14:06:52.0692 1880  megasas - ok
14:06:52.0724 1880  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
14:06:52.0724 1880  MegaSR - ok
14:06:52.0770 1880  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
14:06:52.0770 1880  MMCSS - ok
14:06:52.0802 1880  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
14:06:52.0802 1880  Modem - ok
14:06:52.0833 1880  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
14:06:52.0833 1880  monitor - ok
14:06:52.0848 1880  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
14:06:52.0848 1880  mouclass - ok
14:06:52.0864 1880  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
14:06:52.0864 1880  mouhid - ok
14:06:52.0895 1880  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
14:06:52.0895 1880  mountmgr - ok
14:06:52.0989 1880  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:06:53.0004 1880  MozillaMaintenance - ok
14:06:53.0036 1880  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
14:06:53.0051 1880  MpFilter - ok
14:06:53.0051 1880  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
14:06:53.0067 1880  mpio - ok
14:06:53.0082 1880  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
14:06:53.0082 1880  mpsdrv - ok
14:06:53.0129 1880  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
14:06:53.0145 1880  MpsSvc - ok
14:06:53.0160 1880  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
14:06:53.0160 1880  MRxDAV - ok
14:06:53.0207 1880  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
14:06:53.0207 1880  mrxsmb - ok
14:06:53.0254 1880  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
14:06:53.0270 1880  mrxsmb10 - ok
14:06:53.0285 1880  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
14:06:53.0285 1880  mrxsmb20 - ok
14:06:53.0316 1880  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
14:06:53.0316 1880  msahci - ok
14:06:53.0316 1880  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
14:06:53.0332 1880  msdsm - ok
14:06:53.0348 1880  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
14:06:53.0363 1880  MSDTC - ok
14:06:53.0394 1880  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
14:06:53.0410 1880  Msfs - ok
14:06:53.0441 1880  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
14:06:53.0441 1880  mshidkmdf - ok
14:06:53.0457 1880  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
14:06:53.0457 1880  msisadrv - ok
14:06:53.0504 1880  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
14:06:53.0504 1880  MSiSCSI - ok
14:06:53.0504 1880  msiserver - ok
14:06:53.0550 1880  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
14:06:53.0550 1880  MSKSSRV - ok
14:06:53.0660 1880  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:06:53.0660 1880  MsMpSvc - ok
14:06:53.0675 1880  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
14:06:53.0675 1880  MSPCLOCK - ok
14:06:53.0706 1880  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
14:06:53.0706 1880  MSPQM - ok
14:06:53.0738 1880  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
14:06:53.0738 1880  MsRPC - ok
14:06:53.0769 1880  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
14:06:53.0769 1880  mssmbios - ok
14:06:53.0784 1880  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
14:06:53.0784 1880  MSTEE - ok
14:06:53.0831 1880  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
14:06:53.0831 1880  MTConfig - ok
14:06:53.0878 1880  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
14:06:53.0878 1880  Mup - ok
14:06:53.0956 1880  [ CF50B1196B096C4EF3ABDA7CE5C89F53 ] NACAgent        C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
14:06:53.0972 1880  NACAgent - ok
14:06:54.0018 1880  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
14:06:54.0034 1880  napagent - ok
14:06:54.0081 1880  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
14:06:54.0081 1880  NativeWifiP - ok
14:06:54.0268 1880  [ 56540E526B46E379A476FB5BC381B290 ] NAVENG          C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130606.039\ENG64.SYS
14:06:54.0268 1880  NAVENG - ok
14:06:54.0331 1880  [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15         C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130606.039\EX64.SYS
14:06:54.0362 1880  NAVEX15 - ok
14:06:54.0409 1880  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
14:06:54.0424 1880  NDIS - ok
14:06:54.0471 1880  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
14:06:54.0471 1880  NdisCap - ok
14:06:54.0518 1880  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
14:06:54.0518 1880  NdisTapi - ok
14:06:54.0533 1880  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
14:06:54.0533 1880  Ndisuio - ok
14:06:54.0549 1880  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
14:06:54.0565 1880  NdisWan - ok
14:06:54.0580 1880  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
14:06:54.0580 1880  NDProxy - ok
14:06:54.0596 1880  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
14:06:54.0596 1880  NetBIOS - ok
14:06:54.0611 1880  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
14:06:54.0611 1880  NetBT - ok
14:06:54.0627 1880  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
14:06:54.0627 1880  Netlogon - ok
14:06:54.0658 1880  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
14:06:54.0674 1880  Netman - ok
14:06:54.0689 1880  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
14:06:54.0705 1880  netprofm - ok
14:06:54.0752 1880  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:06:54.0752 1880  NetTcpPortSharing - ok
14:06:54.0783 1880  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
14:06:54.0783 1880  nfrd960 - ok
14:06:54.0830 1880  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
14:06:54.0830 1880  NisDrv - ok
14:06:54.0877 1880  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
14:06:54.0892 1880  NisSrv - ok
14:06:54.0939 1880  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
14:06:54.0939 1880  NlaSvc - ok
14:06:54.0970 1880  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
14:06:54.0970 1880  Npfs - ok
14:06:55.0001 1880  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
14:06:55.0017 1880  nsi - ok
14:06:55.0017 1880  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
14:06:55.0017 1880  nsiproxy - ok
14:06:55.0095 1880  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
14:06:55.0126 1880  Ntfs - ok
14:06:55.0142 1880  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
14:06:55.0142 1880  Null - ok
14:06:55.0189 1880  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
14:06:55.0204 1880  nvraid - ok
14:06:55.0204 1880  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
14:06:55.0220 1880  nvstor - ok
14:06:55.0235 1880  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
14:06:55.0235 1880  nv_agp - ok
14:06:55.0345 1880  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:06:55.0360 1880  odserv - ok
14:06:55.0360 1880  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
14:06:55.0376 1880  ohci1394 - ok
14:06:55.0423 1880  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:06:55.0423 1880  ose - ok
14:06:55.0485 1880  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
14:06:55.0485 1880  p2pimsvc - ok
14:06:55.0516 1880  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
14:06:55.0516 1880  p2psvc - ok
14:06:55.0563 1880  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
14:06:55.0563 1880  Parport - ok
14:06:55.0610 1880  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
14:06:55.0610 1880  partmgr - ok
14:06:55.0625 1880  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
14:06:55.0641 1880  PcaSvc - ok
14:06:55.0672 1880  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
14:06:55.0672 1880  pci - ok
14:06:55.0688 1880  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
14:06:55.0688 1880  pciide - ok
14:06:55.0688 1880  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
14:06:55.0703 1880  pcmcia - ok
14:06:55.0719 1880  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
14:06:55.0719 1880  pcw - ok
14:06:55.0750 1880  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
14:06:55.0766 1880  PEAUTH - ok
14:06:55.0844 1880  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
14:06:55.0844 1880  PerfHost - ok
14:06:55.0906 1880  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
14:06:55.0937 1880  pla - ok
14:06:56.0000 1880  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
14:06:56.0015 1880  PlugPlay - ok
14:06:56.0031 1880  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
14:06:56.0031 1880  PNRPAutoReg - ok
14:06:56.0062 1880  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
14:06:56.0062 1880  PNRPsvc - ok
14:06:56.0093 1880  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
14:06:56.0109 1880  PolicyAgent - ok
14:06:56.0156 1880  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
14:06:56.0156 1880  Power - ok
14:06:56.0187 1880  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
14:06:56.0203 1880  PptpMiniport - ok
14:06:56.0218 1880  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
14:06:56.0218 1880  Processor - ok
14:06:56.0281 1880  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
14:06:56.0281 1880  ProfSvc - ok
14:06:56.0296 1880  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
14:06:56.0312 1880  ProtectedStorage - ok
14:06:56.0343 1880  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
14:06:56.0343 1880  Psched - ok
14:06:56.0405 1880  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
14:06:56.0421 1880  ql2300 - ok
14:06:56.0437 1880  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
14:06:56.0437 1880  ql40xx - ok
14:06:56.0483 1880  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
14:06:56.0483 1880  QWAVE - ok
14:06:56.0515 1880  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
14:06:56.0515 1880  QWAVEdrv - ok
14:06:56.0530 1880  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
14:06:56.0530 1880  RasAcd - ok
14:06:56.0593 1880  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
14:06:56.0593 1880  RasAgileVpn - ok
14:06:56.0608 1880  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
14:06:56.0624 1880  RasAuto - ok
14:06:56.0639 1880  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
14:06:56.0639 1880  Rasl2tp - ok
14:06:56.0671 1880  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
14:06:56.0671 1880  RasMan - ok
14:06:56.0702 1880  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
14:06:56.0702 1880  RasPppoe - ok
14:06:56.0717 1880  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
14:06:56.0717 1880  RasSstp - ok
14:06:56.0733 1880  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
14:06:56.0749 1880  rdbss - ok
14:06:56.0780 1880  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
14:06:56.0780 1880  rdpbus - ok
14:06:56.0795 1880  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
14:06:56.0811 1880  RDPCDD - ok
14:06:56.0842 1880  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
14:06:56.0858 1880  RDPENCDD - ok
14:06:56.0858 1880  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
14:06:56.0858 1880  RDPREFMP - ok
14:06:56.0905 1880  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
14:06:56.0920 1880  RDPWD - ok
14:06:56.0951 1880  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
14:06:56.0967 1880  rdyboost - ok
14:06:56.0983 1880  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
14:06:56.0983 1880  RemoteAccess - ok
14:06:57.0014 1880  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
14:06:57.0029 1880  RemoteRegistry - ok
14:06:57.0076 1880  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
14:06:57.0092 1880  RFCOMM - ok
14:06:57.0185 1880  [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:06:57.0185 1880  RichVideo - ok
14:06:57.0232 1880  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
14:06:57.0232 1880  RpcEptMapper - ok
14:06:57.0263 1880  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
14:06:57.0263 1880  RpcLocator - ok
14:06:57.0310 1880  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
14:06:57.0310 1880  RpcSs - ok
14:06:57.0357 1880  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
14:06:57.0373 1880  rspndr - ok
14:06:57.0419 1880  [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
14:06:57.0435 1880  RTL8167 - ok
14:06:57.0482 1880  [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport          C:\windows\SysWOW64\drivers\rtport.sys
14:06:57.0482 1880  rtport - ok
14:06:57.0513 1880  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\windows\system32\Drivers\SABI.sys
14:06:57.0513 1880  SABI - ok
14:06:57.0529 1880  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
14:06:57.0529 1880  SamSs - ok
14:06:57.0591 1880  [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe
14:06:57.0591 1880  Samsung UPD Service - ok
14:06:57.0622 1880  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
14:06:57.0622 1880  sbp2port - ok
14:06:57.0653 1880  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
14:06:57.0669 1880  SCardSvr - ok
14:06:57.0685 1880  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
14:06:57.0700 1880  scfilter - ok
14:06:57.0731 1880  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
14:06:57.0747 1880  Schedule - ok
14:06:57.0794 1880  SCManager - ok
14:06:57.0825 1880  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
14:06:57.0825 1880  SCPolicySvc - ok
14:06:57.0856 1880  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
14:06:57.0856 1880  SDRSVC - ok
14:06:57.0887 1880  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
14:06:57.0887 1880  secdrv - ok
14:06:57.0919 1880  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
14:06:57.0919 1880  seclogon - ok
14:06:57.0934 1880  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
14:06:57.0934 1880  SENS - ok
14:06:57.0981 1880  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
14:06:57.0981 1880  SensrSvc - ok
14:06:58.0012 1880  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
14:06:58.0012 1880  Serenum - ok
14:06:58.0043 1880  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
14:06:58.0043 1880  Serial - ok
14:06:58.0090 1880  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
14:06:58.0090 1880  sermouse - ok
14:06:58.0121 1880  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
14:06:58.0137 1880  SessionEnv - ok
14:06:58.0153 1880  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
14:06:58.0153 1880  sffdisk - ok
14:06:58.0168 1880  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
14:06:58.0168 1880  sffp_mmc - ok
14:06:58.0168 1880  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
14:06:58.0168 1880  sffp_sd - ok
14:06:58.0184 1880  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
14:06:58.0184 1880  sfloppy - ok
14:06:58.0215 1880  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
14:06:58.0231 1880  SharedAccess - ok
14:06:58.0246 1880  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:06:58.0262 1880  ShellHWDetection - ok
14:06:58.0293 1880  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
14:06:58.0293 1880  SiSRaid2 - ok
14:06:58.0309 1880  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
14:06:58.0309 1880  SiSRaid4 - ok
14:06:58.0387 1880  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:06:58.0387 1880  SkypeUpdate - ok
14:06:58.0433 1880  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
14:06:58.0449 1880  Smb - ok
14:06:58.0621 1880  [ 26EB194D1FB2870E0453A99B84889F8D ] SmcService      C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
14:06:58.0667 1880  SmcService - ok
14:06:58.0714 1880  [ C2E9B4E50CF3A15255B45A7C7A0A881E ] SNAC            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
14:06:58.0730 1880  SNAC - ok
14:06:58.0792 1880  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
14:06:58.0792 1880  SNMPTRAP - ok
14:06:58.0823 1880  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
14:06:58.0823 1880  spldr - ok
14:06:58.0855 1880  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
14:06:58.0870 1880  Spooler - ok
14:06:58.0964 1880  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
14:06:59.0011 1880  sppsvc - ok
14:06:59.0026 1880  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
14:06:59.0042 1880  sppuinotify - ok
14:06:59.0089 1880  [ B531FC8918DCDAAE638511A123C3465E ] SRTSP           C:\windows\system32\Drivers\SRTSP64.SYS
14:06:59.0104 1880  SRTSP - ok
14:06:59.0135 1880  [ 2BD3A73D0601320B72486FC3EBC2544F ] SRTSPL          C:\windows\system32\Drivers\SRTSPL64.SYS
14:06:59.0151 1880  SRTSPL - ok
14:06:59.0151 1880  [ 529B337C1AEEB289F0B502EB0EE6A8F5 ] SRTSPX          C:\windows\system32\Drivers\SRTSPX64.SYS
14:06:59.0151 1880  SRTSPX - ok
14:06:59.0213 1880  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
14:06:59.0213 1880  srv - ok
14:06:59.0245 1880  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
14:06:59.0260 1880  srv2 - ok
14:06:59.0276 1880  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
14:06:59.0291 1880  srvnet - ok
14:06:59.0323 1880  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
14:06:59.0323 1880  SSDPSRV - ok
14:06:59.0354 1880  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
14:06:59.0354 1880  SstpSvc - ok
14:06:59.0385 1880  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
14:06:59.0401 1880  stexstor - ok
14:06:59.0447 1880  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
14:06:59.0463 1880  StillCam - ok
14:06:59.0510 1880  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
14:06:59.0525 1880  stisvc - ok
14:06:59.0525 1880  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
14:06:59.0525 1880  swenum - ok
14:06:59.0557 1880  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
14:06:59.0572 1880  swprv - ok
14:06:59.0650 1880  [ F3A4EAD0B3946E439F0397F7A4D09952 ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
14:06:59.0666 1880  Symantec AntiVirus - ok
14:06:59.0744 1880  [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS
14:06:59.0744 1880  SymEvent - ok
14:06:59.0806 1880  [ 14FEB5052837D9277520088DCE549036 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
14:06:59.0822 1880  SynTP - ok
14:06:59.0884 1880  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
14:06:59.0931 1880  SysMain - ok
14:06:59.0962 1880  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
14:06:59.0962 1880  TabletInputService - ok
14:07:00.0025 1880  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
14:07:00.0040 1880  TapiSrv - ok
14:07:00.0134 1880  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
14:07:00.0165 1880  TBS - ok
14:07:00.0305 1880  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
14:07:00.0352 1880  Tcpip - ok
14:07:00.0415 1880  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
14:07:00.0430 1880  TCPIP6 - ok
14:07:00.0493 1880  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
14:07:00.0493 1880  tcpipreg - ok
14:07:00.0555 1880  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
14:07:00.0571 1880  TDPIPE - ok
14:07:00.0617 1880  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
14:07:00.0649 1880  TDTCP - ok
14:07:00.0711 1880  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
14:07:00.0727 1880  tdx - ok
14:07:00.0742 1880  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
14:07:00.0742 1880  TermDD - ok
14:07:00.0836 1880  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
14:07:00.0836 1880  TermService - ok
14:07:00.0851 1880  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
14:07:00.0867 1880  Themes - ok
14:07:00.0914 1880  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
14:07:00.0914 1880  THREADORDER - ok
14:07:00.0929 1880  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
14:07:00.0945 1880  TrkWks - ok
14:07:00.0992 1880  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
14:07:00.0992 1880  TrustedInstaller - ok
14:07:01.0007 1880  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
14:07:01.0007 1880  tssecsrv - ok
14:07:01.0039 1880  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
14:07:01.0039 1880  TsUsbFlt - ok
14:07:01.0070 1880  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
14:07:01.0085 1880  TsUsbGD - ok
14:07:01.0148 1880  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
14:07:01.0148 1880  tunnel - ok
14:07:01.0163 1880  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
14:07:01.0163 1880  uagp35 - ok
14:07:01.0179 1880  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
14:07:01.0195 1880  udfs - ok
14:07:01.0226 1880  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
14:07:01.0226 1880  UI0Detect - ok
14:07:01.0241 1880  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
14:07:01.0241 1880  uliagpkx - ok
14:07:01.0273 1880  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
14:07:01.0273 1880  umbus - ok
14:07:01.0288 1880  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
14:07:01.0288 1880  UmPass - ok
14:07:01.0319 1880  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
14:07:01.0319 1880  upnphost - ok
14:07:01.0351 1880  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
14:07:01.0351 1880  USBAAPL64 - ok
14:07:01.0397 1880  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
14:07:01.0397 1880  usbaudio - ok
14:07:01.0444 1880  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
14:07:01.0444 1880  usbccgp - ok
14:07:01.0475 1880  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
14:07:01.0475 1880  usbcir - ok
14:07:01.0507 1880  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
14:07:01.0507 1880  usbehci - ok
14:07:01.0538 1880  [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter       C:\windows\system32\DRIVERS\usbfilter.sys
14:07:01.0538 1880  usbfilter - ok
14:07:01.0585 1880  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
14:07:01.0600 1880  usbhub - ok
14:07:01.0631 1880  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
14:07:01.0631 1880  usbohci - ok
14:07:01.0663 1880  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
14:07:01.0663 1880  usbprint - ok
14:07:01.0678 1880  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
14:07:01.0678 1880  usbscan - ok
14:07:01.0725 1880  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
14:07:01.0725 1880  USBSTOR - ok
14:07:01.0756 1880  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
14:07:01.0772 1880  usbuhci - ok
14:07:01.0819 1880  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
14:07:01.0834 1880  usbvideo - ok
14:07:01.0865 1880  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
14:07:01.0865 1880  UxSms - ok
14:07:01.0881 1880  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
14:07:01.0881 1880  VaultSvc - ok
14:07:01.0928 1880  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
14:07:01.0928 1880  vdrvroot - ok
14:07:01.0959 1880  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
14:07:01.0959 1880  vds - ok
14:07:02.0021 1880  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
14:07:02.0021 1880  vga - ok
14:07:02.0053 1880  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
14:07:02.0068 1880  VgaSave - ok
14:07:02.0099 1880  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
14:07:02.0099 1880  vhdmp - ok
14:07:02.0099 1880  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
14:07:02.0115 1880  viaide - ok
14:07:02.0131 1880  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
14:07:02.0131 1880  volmgr - ok
14:07:02.0162 1880  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
14:07:02.0177 1880  volmgrx - ok
14:07:02.0193 1880  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
14:07:02.0209 1880  volsnap - ok
14:07:02.0224 1880  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
14:07:02.0240 1880  vsmraid - ok
14:07:02.0302 1880  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
14:07:02.0333 1880  VSS - ok
14:07:02.0349 1880  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
14:07:02.0349 1880  vwifibus - ok
14:07:02.0411 1880  [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
14:07:02.0411 1880  vwififlt - ok
14:07:02.0443 1880  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
14:07:02.0443 1880  W32Time - ok
14:07:02.0474 1880  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
14:07:02.0474 1880  WacomPen - ok
14:07:02.0521 1880  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
14:07:02.0521 1880  WANARP - ok
14:07:02.0536 1880  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
14:07:02.0536 1880  Wanarpv6 - ok
14:07:02.0583 1880  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
14:07:02.0599 1880  WatAdminSvc - ok
14:07:02.0661 1880  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
14:07:02.0692 1880  wbengine - ok
14:07:02.0708 1880  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
14:07:02.0723 1880  WbioSrvc - ok
14:07:02.0739 1880  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
14:07:02.0755 1880  wcncsvc - ok
14:07:02.0770 1880  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
14:07:02.0770 1880  WcsPlugInService - ok
14:07:02.0817 1880  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
14:07:02.0817 1880  Wd - ok
14:07:02.0864 1880  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
14:07:02.0879 1880  Wdf01000 - ok
14:07:02.0895 1880  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
14:07:02.0911 1880  WdiServiceHost - ok
14:07:02.0911 1880  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
14:07:02.0911 1880  WdiSystemHost - ok
14:07:02.0926 1880  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
14:07:02.0942 1880  WebClient - ok
14:07:02.0973 1880  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
14:07:02.0973 1880  Wecsvc - ok
14:07:02.0989 1880  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
14:07:02.0989 1880  wercplsupport - ok
14:07:03.0020 1880  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
14:07:03.0035 1880  WerSvc - ok
14:07:03.0067 1880  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
14:07:03.0082 1880  WfpLwf - ok
14:07:03.0098 1880  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
14:07:03.0098 1880  WIMMount - ok
14:07:03.0129 1880  WinDefend - ok
14:07:03.0145 1880  WinHttpAutoProxySvc - ok
14:07:03.0223 1880  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
14:07:03.0223 1880  Winmgmt - ok
14:07:03.0301 1880  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
14:07:03.0332 1880  WinRM - ok
14:07:03.0394 1880  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
14:07:03.0410 1880  Wlansvc - ok
14:07:03.0535 1880  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:07:03.0550 1880  wlcrasvc - ok
14:07:03.0644 1880  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:07:03.0675 1880  wlidsvc - ok
14:07:03.0706 1880  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
14:07:03.0706 1880  WmiAcpi - ok
14:07:03.0753 1880  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
14:07:03.0753 1880  wmiApSrv - ok
14:07:03.0784 1880  WMPNetworkSvc - ok
14:07:03.0815 1880  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
14:07:03.0815 1880  WPCSvc - ok
14:07:03.0831 1880  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
14:07:03.0831 1880  WPDBusEnum - ok
14:07:03.0862 1880  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
14:07:03.0862 1880  ws2ifsl - ok
14:07:03.0878 1880  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
14:07:03.0878 1880  wscsvc - ok
14:07:03.0909 1880  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
14:07:03.0909 1880  WSDPrintDevice - ok
14:07:03.0925 1880  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\windows\system32\DRIVERS\WSDScan.sys
14:07:03.0925 1880  WSDScan - ok
14:07:03.0925 1880  WSearch - ok
14:07:04.0018 1880  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
14:07:04.0049 1880  wuauserv - ok
14:07:04.0081 1880  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
14:07:04.0081 1880  WudfPf - ok
14:07:04.0127 1880  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
14:07:04.0143 1880  WUDFRd - ok
14:07:04.0159 1880  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
14:07:04.0159 1880  wudfsvc - ok
14:07:04.0221 1880  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
14:07:04.0221 1880  WwanSvc - ok
14:07:04.0268 1880  ================ Scan global ===============================
14:07:04.0299 1880  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
14:07:04.0346 1880  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
14:07:04.0361 1880  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
14:07:04.0393 1880  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
14:07:04.0424 1880  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
14:07:04.0424 1880  [Global] - ok
14:07:04.0424 1880  ================ Scan MBR ==================================
14:07:04.0439 1880  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
14:07:04.0783 1880  \Device\Harddisk0\DR0 - ok
14:07:04.0783 1880  ================ Scan VBR ==================================
14:07:04.0798 1880  [ 563344D84F0102EEDC1C3ADE84A4B888 ] \Device\Harddisk0\DR0\Partition1
14:07:04.0798 1880  \Device\Harddisk0\DR0\Partition1 - ok
14:07:04.0798 1880  [ C9D84C8300F4478A3EE279B59160E6D2 ] \Device\Harddisk0\DR0\Partition2
14:07:04.0814 1880  \Device\Harddisk0\DR0\Partition2 - ok
14:07:04.0829 1880  [ BC48D8C82F12D588505B826B1FDEEE80 ] \Device\Harddisk0\DR0\Partition3
14:07:04.0829 1880  \Device\Harddisk0\DR0\Partition3 - ok
14:07:04.0829 1880  ============================================================
14:07:04.0829 1880  Scan finished
14:07:04.0829 1880  ============================================================
14:07:04.0845 0200  Detected object count: 0
14:07:04.0845 0200  Actual detected object count: 0
14:07:18.0183 0816  Deinitialize success
 
and finally my combofix logs
 
ComboFix 13-06-21.02 - Ashley's Lapt 06/21/2013  14:10:54.3.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.3155 [GMT -5:00]
Running from: c:\users\Ashley's Lapt\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-21 to 2013-06-21  )))))))))))))))))))))))))))))))
.
.
2013-06-21 19:18 . 2013-06-21 19:18    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-06-21 19:18 . 2013-06-21 19:18    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-21 18:53 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{116B3D10-B0DD-4658-90A4-76BD4A667589}\mpengine.dll
2013-06-21 17:30 . 2013-06-21 17:35    --------    d-----w-    c:\users\Ashley's Lapt\AppData\Local\Google
2013-06-21 17:30 . 2013-06-21 17:42    --------    d-----w-    c:\program files (x86)\Google
2013-06-21 17:30 . 2013-05-09 08:59    378432    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-06-21 17:30 . 2013-05-09 08:59    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-06-21 17:29 . 2013-05-09 08:59    72016    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-06-21 17:29 . 2013-05-09 08:59    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-06-21 17:29 . 2013-05-09 08:59    189936    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-06-21 17:29 . 2013-05-09 08:59    1025808    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-06-21 17:29 . 2013-05-09 08:59    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-06-21 17:29 . 2013-05-09 08:59    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-06-21 17:29 . 2013-05-09 08:58    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-06-21 17:28 . 2013-05-09 08:58    41664    ----a-w-    c:\windows\avastSS.scr
2013-06-21 17:27 . 2013-06-21 17:27    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-06-21 17:22 . 2013-06-19 10:02    964552    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA304425-C62D-4E6C-A5A1-64B74A1128CE}\gapaengine.dll
2013-06-20 20:28 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-14 15:54 . 2013-06-14 15:54    --------    d-----w-    c:\users\Ashley's Lapt\AppData\Roaming\SUPERAntiSpyware.com
2013-06-14 15:54 . 2013-06-20 20:20    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-06-14 15:54 . 2013-06-14 15:54    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-06-11 14:00 . 2013-06-20 20:14    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2013-06-11 14:00 . 2013-06-20 20:14    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-06-09 23:19 . 2013-06-21 17:27    --------    d-----w-    c:\program files\AVAST Software
2013-06-09 23:17 . 2013-06-21 17:27    --------    d-----w-    c:\programdata\AVAST Software
2013-06-04 19:55 . 2013-06-04 19:55    --------    d-----w-    c:\users\Ashley's Lapt\AppData\Local\Programs
2013-06-04 17:17 . 2013-06-04 17:17    262552    ----a-w-    c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-04 13:49 . 2013-06-04 13:49    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-04 13:49 . 2013-06-04 13:49    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-04 13:49 . 2013-06-04 13:49    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-04 13:49 . 2013-06-04 13:49    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-04 13:49 . 2013-06-04 13:49    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-04 13:49 . 2013-06-04 13:49    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-04 13:49 . 2013-06-04 13:49    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-04 13:49 . 2013-06-04 13:49    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-04 13:49 . 2013-06-04 13:49    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-04 13:49 . 2013-06-04 13:49    159744    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-04 13:48 . 2013-06-20 20:16    --------    d-----w-    c:\program files (x86)\QuickTime
2013-06-04 13:44 . 2013-06-04 13:44    --------    d-----w-    c:\program files\iPod
2013-06-04 13:44 . 2013-06-20 20:16    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-04 13:44 . 2013-06-20 20:16    --------    d-----w-    c:\program files\iTunes
2013-06-04 13:44 . 2013-06-20 20:15    --------    d-----w-    c:\program files (x86)\iTunes
2013-06-03 16:27 . 2013-06-03 16:27    72624    ----a-w-    c:\program files\Internet Explorer\pdmproxy100.dll
2013-06-03 16:24 . 2013-06-03 16:24    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-21 18:48 . 2013-03-19 01:04    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-21 18:48 . 2011-07-16 23:01    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-21 17:33 . 2013-03-25 22:35    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-21 17:33 . 2012-06-29 00:55    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-21 17:33 . 2011-08-01 20:36    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-06-19 10:02 . 2012-06-14 12:19    964552    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-04 18:24 . 2010-06-24 02:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-03 16:14 . 2011-07-18 04:14    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-02 15:29 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-01 08:59 . 2013-05-01 08:59    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 08:59 . 2013-05-01 08:59    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-22 16:10    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-22 16:10    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-22 16:10    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-22 16:10    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-22 16:10    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-22 16:10    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-05-03 22:21    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-22 16:10    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-22 16:10    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-22 16:09    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-04-04 19:50 . 2011-08-29 19:24    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-01 06:03 . 2013-05-22 16:09    78680    ----a-w-    c:\windows\system32\mcupdate_AuthenticAMD.dll
2013-03-26 19:22 . 2013-03-26 19:22    45056    ----a-r-    c:\users\Ashley's Lapt\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe
2013-03-26 19:22 . 2013-03-26 19:22    45056    ----a-r-    c:\users\Ashley's Lapt\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-28 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-07-09 115560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-07-25 525752]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2012-11-19 298888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 aswRvrt;aswRvrt; [x]
R0 aswVmm;aswVmm; [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 56481993
*NewlyCreated* - WS2IFSL
*Deregistered* - 56481993
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-19 18:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-27 11780712]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 134.129.204.160 134.129.201.29 134.129.111.111
FF - ProfilePath - c:\users\Ashley's Lapt\AppData\Roaming\Mozilla\Firefox\Profiles\4eew39p1.default\
FF - ExtSQL: 2013-06-09 18:22; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-21  14:22:27
ComboFix-quarantined-files.txt  2013-06-21 19:22
ComboFix2.txt  2013-06-21 18:23
ComboFix3.txt  2011-08-29 20:35
.
Pre-Run: 65,818,656,768 bytes free
Post-Run: 65,532,456,960 bytes free
.
- - End Of File - - 9953D48AF6D081216F32C47C5409D978
2E5DEBB2116B3417023E0D6562D7ED07
 
 
Any help? Thanks in advanced

Edited by boopme, 21 June 2013 - 08:51 PM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dairtudreem

dairtudreem
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 21 June 2013 - 03:21 PM

My computer has been running around 90-100% usage at all times for a few weeks now. Whenever I get some extra time, I try and figure out what is going on... I have to use Symantec for my antivirus to gain access to internet when I am on campus. I also have MSE and Avast. I've scanned using both, along with malwarebytes, and have not been able to remove whatever it is that is infecting my computer. I've also scanned in safe mode... no luck. I am not sure what to do next, any help would be greatly appreciated. I system restored to the lastest point that my computer would allow me.. which was on the 7th. That has not helped, not my Symantec will not work correctly. When I start up my scan it immediately says it is complete without scanning any files.
 
Thanks for your time!!
 
I should also add that the virus seems to be in my appdata file at least that is where symantec is telling me it is

Edited by hamluis, 21 June 2013 - 04:07 PM.
Merged with AII topic - Hamluis.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 25 June 2013 - 09:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.
    Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply, DO NOT ATTACH THEM
    Let me know what problem persists.


#4 dairtudreem

dairtudreem
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 30 June 2013 - 01:02 PM

Thank you for your reply. I appologize for it taking so long to get back to you! Here are the following logs you asked for.

 

RogueKiller V8.6.1 _x64_ [Jun 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : hxxp://www.adlice.com/forum/
Website : hxxp://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ashley's Lapt [Admin rights]
Mode : Remove -- Date : 06/30/2013 12:10:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM321HI SATA Disk Device +++++
--- User ---
[MBR] 47936d5640c77021771e4f05cf6a7ca4
[BSP] caf5fae6a7a60fa566fee5308203336f : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 115712 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 237185024 | Size: 170046 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 585439232 | Size: 19384 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06302013_121052.txt >>
RKreport[0]_S_06302013_121030.txt


 

# AdwCleaner v2.303 - Logfile created 06/30/2013 at 12:19:35
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ashley's Lapt - ASHLEYLAPTOP-PC
# Boot Mode : Normal
# Running from : C:\Users\Ashley's Lapt\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Ashley's Lapt\AppData\Roaming\Mozilla\Firefox\Profiles\4eew39p1.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [943 octets] - [30/06/2013 12:18:23]
AdwCleaner[S1].txt - [879 octets] - [30/06/2013 12:19:35]

########## EOF - C:\AdwCleaner[S1].txt - [938 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ashley's Lapt on Sun 06/30/2013 at 12:30:37.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A4896F95-496C-4231-AFF2-670C2684ECD4}



~~~ Files

Successfully deleted: [File] "C:\windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\Ashley's Lapt\appdata\local\{8CB108B4-7A51-40CE-BD38-9D42FDE1AC4D}



~~~ FireFox

Emptied folder: C:\Users\Ashley's Lapt\AppData\Roaming\mozilla\firefox\profiles\4eew39p1.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/30/2013 at 12:45:33.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.25.2
Run by Ashley's Lapt at 12:49:55 on 2013-06-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.2482 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\atieclxx.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\explorer.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://samsung.msn.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{3AD2930C-3B3C-49F1-A4AD-0775579CE579} : DHCPNameServer = 24.220.0.10 24.220.0.11
TCP: Interfaces\{3AD2930C-3B3C-49F1-A4AD-0775579CE579}\245656 : DHCPNameServer = 64.68.160.27 66.231.7.28
TCP: Interfaces\{3AD2930C-3B3C-49F1-A4AD-0775579CE579}\35572677169702642756560275966496 : DHCPNameServer = 64.68.160.27 66.231.7.28
TCP: Interfaces\{3AD2930C-3B3C-49F1-A4AD-0775579CE579}\7616D696E676D2072796E64796E676 : DHCPNameServer = 206.176.54.73 206.176.54.74
TCP: Interfaces\{3AD2930C-3B3C-49F1-A4AD-0775579CE579}\76F676F696E666C696768647 : DHCPNameServer = 172.19.134.2
TCP: Interfaces\{3AD2930C-3B3C-49F1-A4AD-0775579CE579}\D4577637 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3AD2930C-3B3C-49F1-A4AD-0775579CE579}\D6577637 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{44FD186D-1BAF-4569-8BB1-F0C21BBA06DE} : DHCPNameServer = 134.129.204.160 134.129.201.29 134.129.111.111
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ashley's Lapt\AppData\Roaming\Mozilla\Firefox\Profiles\4eew39p1.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ASHLEY~1\AppData\Roaming\CATALI~2\npBcsKtTcHW.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-09 18:22; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-5-2 77952]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-5-2 37504]
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-6-21 65336]
R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-6-21 189936]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-6-21 1030952]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-6-21 378944]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-4-29 13824]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-5-2 203776]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-6-21 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-6-21 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-21 46808]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-7-25 1105848]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-7-9 1831024]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-5-2 115216]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-10 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-17 138912]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-4-29 425064]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-4-29 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-9 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-9 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-8-29 25928]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-5-2 166704]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-18 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-06-30 17:32:16    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE875D94-0A5F-4469-A935-BA6060033A89}\mpengine.dll
2013-06-30 17:30:32    --------    d-----w-    C:\windows\ERUNT
2013-06-30 17:30:26    --------    d-----w-    C:\JRT
2013-06-30 17:01:53    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-06-30 17:01:47    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-06-30 17:01:45    148992    ----a-w-    C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-06-30 17:01:38    108032    ----a-w-    C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-30 17:01:34    817664    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-30 17:01:34    1084928    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-30 17:01:24    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-06-30 17:01:20    2241024    ----a-w-    C:\windows\System32\wininet.dll
2013-06-30 16:54:02    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-06-21 19:27:21    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-06-21 18:53:27    9552976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 17:30:10    --------    d-----w-    C:\Users\Ashley's Lapt\AppData\Local\Google
2013-06-21 17:29:59    72016    ----a-w-    C:\windows\System32\drivers\aswRdr2.sys
2013-06-21 17:29:58    189936    ----a-w-    C:\windows\System32\drivers\aswVmm.sys
2013-06-21 17:29:58    1030952    ----a-w-    C:\windows\System32\drivers\aswSnx.sys
2013-06-21 17:29:56    80816    ----a-w-    C:\windows\System32\drivers\aswMonFlt.sys
2013-06-21 17:29:56    65336    ----a-w-    C:\windows\System32\drivers\aswRvrt.sys
2013-06-21 17:28:48    41664    ----a-w-    C:\windows\avastSS.scr
2013-06-21 17:22:56    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA304425-C62D-4E6C-A5A1-64B74A1128CE}\gapaengine.dll
2013-06-21 17:21:35    751104    ----a-w-    C:\windows\System32\win32spl.dll
2013-06-21 17:21:35    492544    ----a-w-    C:\windows\SysWow64\win32spl.dll
2013-06-21 17:21:24    30720    ----a-w-    C:\windows\System32\cryptdlg.dll
2013-06-21 17:21:24    24576    ----a-w-    C:\windows\SysWow64\cryptdlg.dll
2013-06-21 17:21:11    1424384    ----a-w-    C:\windows\System32\WindowsCodecs.dll
2013-06-21 17:21:11    1230336    ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
2013-06-21 17:18:40    903168    ----a-w-    C:\windows\SysWow64\certutil.exe
2013-06-21 17:18:40    1464320    ----a-w-    C:\windows\System32\crypt32.dll
2013-06-21 17:18:40    1192448    ----a-w-    C:\windows\System32\certutil.exe
2013-06-21 17:18:39    184320    ----a-w-    C:\windows\System32\cryptsvc.dll
2013-06-21 17:18:39    1160192    ----a-w-    C:\windows\SysWow64\crypt32.dll
2013-06-21 17:18:38    52224    ----a-w-    C:\windows\System32\certenc.dll
2013-06-21 17:18:38    140288    ----a-w-    C:\windows\SysWow64\cryptsvc.dll
2013-06-21 17:18:38    139776    ----a-w-    C:\windows\System32\cryptnet.dll
2013-06-21 17:18:38    103936    ----a-w-    C:\windows\SysWow64\cryptnet.dll
2013-06-21 17:18:37    43008    ----a-w-    C:\windows\SysWow64\certenc.dll
2013-06-21 17:17:56    1887232    ----a-w-    C:\windows\System32\d3d11.dll
2013-06-21 17:17:56    1505280    ----a-w-    C:\windows\SysWow64\d3d11.dll
2013-06-14 15:54:42    --------    d-----w-    C:\Users\Ashley's Lapt\AppData\Roaming\SUPERAntiSpyware.com
2013-06-14 15:54:30    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-06-14 15:54:30    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-06-11 14:00:05    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-06-11 14:00:05    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-09 23:19:30    --------    d-----w-    C:\Program Files\AVAST Software
2013-06-09 23:17:02    --------    d-----w-    C:\ProgramData\AVAST Software
2013-06-04 19:55:14    --------    d-----w-    C:\Users\Ashley's Lapt\AppData\Local\Programs
2013-06-04 17:17:19    262552    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-06-04 13:49:43    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-04 13:49:43    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-04 13:49:43    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-04 13:49:42    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-04 13:49:42    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-04 13:49:42    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-04 13:49:42    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-04 13:49:42    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-04 13:49:42    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-04 13:49:42    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-04 13:44:23    --------    d-----w-    C:\Program Files\iPod
2013-06-04 13:44:17    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-04 13:44:17    --------    d-----w-    C:\Program Files\iTunes
2013-06-04 13:44:17    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-06-03 16:27:59    72624    ----a-w-    C:\Program Files\Internet Explorer\pdmproxy100.dll
2013-06-03 16:24:30    9728    ---ha-w-    C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
==================== Find3M  ====================
.
2013-06-21 18:48:35    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-21 18:48:35    692104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-21 17:33:13    96168    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-21 17:33:02    867240    ----a-w-    C:\windows\SysWow64\npDeployJava1.dll
2013-06-21 17:33:01    789416    ----a-w-    C:\windows\SysWow64\deployJava1.dll
2013-06-08 11:13:19    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-06-03 16:27:59    173568    ----a-w-    C:\windows\System32\ieUnatt.exe
2013-06-03 16:27:59    13824    ----a-w-    C:\windows\System32\mshta.exe
2013-06-03 16:27:58    92160    ----a-w-    C:\windows\System32\SetIEInstalledDate.exe
2013-06-03 16:27:58    51200    ----a-w-    C:\windows\System32\imgutil.dll
2013-06-03 16:27:58    135680    ----a-w-    C:\windows\System32\IEAdvpack.dll
2013-06-03 16:27:57    77312    ----a-w-    C:\windows\System32\tdc.ocx
2013-06-03 16:27:57    48640    ----a-w-    C:\windows\System32\mshtmler.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-05-02 15:29:56    278800    ------w-    C:\windows\System32\MpSigStub.exe
2013-05-01 08:59:12    94208    ----a-w-    C:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 08:59:12    69632    ----a-w-    C:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49:23    135168    ----a-w-    C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\windows\System32\win32k.sys
2013-04-04 19:50:32    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 12:50:55.64 ===============
 

I tried to run the security check and I got the following..

 

 UNSUPPORTED OPERATING SYSTEM! ABORTED!

 

 

It seems like my computer is running a lot faster now. My CPU usage is no longer in the 90-100 range.. but fluctuating from the 20's to 60's. Before I had 88 or so processes running and now I have 78. I'm not sure if that has anything to do with it. Also, I was wondering if I should get rid of MSE and Symantec and just use avast as my antivirus software... or whatever else might be recommended to keep me from getting whatever virus I had again. I also have a 'RK_Quarentine' file saved to my desktop, is that safe to delete along with the other files?

 

Thanks for your help.


Edited by dairtudreem, 30 June 2013 - 01:08 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 30 June 2013 - 01:51 PM

Also, I was wondering if I should get rid of MSE and Symantec and just use avast as my antivirus software... or whatever else might be recommended to keep me from getting whatever

Having two AV will slow down you computer.

for now you may keep MSE but remove or disable one of the other AntiVirus programs.

Once you have decided which one to keep remove the other using the uninstalled from the Manufacturer.

Download the your product removal tools from this site and run it.
List of anti-malware product removal tools

http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/list-of-anti-malware-product-removal-tools/407bf6da-c05d-4546-8788-0aa4c25a1f91

Keep me posted.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 06 July 2013 - 07:03 AM

Are you still with me?

#7 dairtudreem

dairtudreem
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 06 July 2013 - 07:33 PM

So sorry for taking so long. I'm in a summer program for school and it is kicking my butt.. absolutely no free time :( Anyway, I thought everything was kosher, but alas.. I think something is awry still..

 

I was in the process of removing my other AV... and Sysmantic popup up with 15 alerts

 

Here is one

 

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Trojan.Gen.2
File: C:\Users\Ashley's Lapt\AppData\Local\Temp\DWH3F54.tmp
Location: C:\Users\Ashley's Lapt\AppData\Local\Temp
Computer: ASHLEYLAPTOP-PC
User: SYSTEM
Action taken: Pending Side Effects Analysis : Access denied
Date found: Saturday, July 06, 2013  7:25:26 PM

 

The file is always DWHxxxx and it's either in Ashley's Lapt or Ashley~1

 

By the time I finished typing all of this, my notications are at 57. I'm not sure where to go from here, my CPU usage is still stuck at around 100%



#8 dairtudreem

dairtudreem
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 06 July 2013 - 07:45 PM

Avast just alerted me that a rootkit has be detected on my system..

 

SVC: MsMpSvc > C:\Program

SVC: NACAgent > C:\Program Files

SVC: NAVENG > C\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130629.007\ENG64.SYS

SVC: NAVENG > C\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130629.007\EX64.SYS

SVC: NisDrv > C:\windows\system32\DRIVERS\NisDrvWFP.sys

SVC: NisSrv > C:\Program



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:00 AM

Posted 07 July 2013 - 07:22 AM

Decide which of Avast or Symantec you want to keep and delete the other using the proper uninstaller.

Download the your product removal tools from this site and run it.
List of anti-malware product removal tools

http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/list-of-anti-malware-product-removal-tools/407bf6da-c05d-4546-8788-0aa4c25a1f91

Let me know if the problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users