Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit - Hijacked OS


  • This topic is locked This topic is locked
11 replies to this topic

#1 iswearimnotparanoid

iswearimnotparanoid

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 AM

Posted 12 October 2013 - 05:02 AM

Hi,

 

My previous thread was closed due to me reinstalling Windows. However, I believe there is still some form of malware present.

 

I can't pinpoint it exactly, but it seems to hijack my AV programs, Windows Updates, Firewall, Wifi & Bluetooth Network Connections and setup some sort of remote tunnel into my PC? Before I reset the PC I was getting BSOD's frequently, the computer would overheat, and was going very slowly. File-permissions would change and all sorts of wierd bleep.

 

I've attached my DDS logs.

 

Malwarebytes, Norton, Superspyware all come up clean, however the GMER scan shows up 4 suspicious files.

 

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720
Run by Nick at 19:57:04 on 2013-10-12
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.7659.3977 [GMT 10:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Nick\Downloads\gnyukdnq.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\StikyNot.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com.au/
mWinlogon: Userinit = userinit.exe
BHO: AutorunsDisabled - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{F0020F86-3882-4FED-9CFB-3F9DE4DDBB6A} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
IFEO: taskmgr.exe - "C:\USERS\NICK\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE"
x64-BHO: AutorunsDisabled - <orphaned>
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: taskmgr.exe - "C:\USERS\NICK\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\e8649gz5.default\
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-11 14:51; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn
FF - ExtSQL: 2013-10-12 06:48; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFF
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-3-5 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-3-5 38528]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1207000.00D\symds64.sys [2013-10-12 450680]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1207000.00D\symefa64.sys [2013-10-12 912504]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [2013-9-24 1525848]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2013-10-12 62168]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20131011.001\IDSviA64.sys [2013-10-12 520280]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1207000.00D\ironx64.sys [2013-10-12 171128]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-21 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-2 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\Windows\System32\BtwRSupportService.exe [2013-10-2 2253016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-10-12 109352]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-1 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-10 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-7-21 2375168]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-12 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-12 701512]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2013-10-12 130008]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-3-18 87168]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-7-21 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-3-18 188544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-18 115216]
R3 bcbtums;Bluetooth USB LD Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-10-2 170712]
R3 btwampfl;btwampfl;C:\Windows\System32\drivers\btwampfl.sys [2013-10-2 166104]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-7-21 39464]
R3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2013-10-12 57024]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-29 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-10-12 140376]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-16 1071160]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-12 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-7-21 337512]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys [2013-10-12 382584]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-7-21 47232]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/20 21:18:45;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-26 241648]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-12 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-12 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-12 1255736]
.
=============== Created Last 60 ================
.
2013-10-12 09:26:06    --------    d-----w-    C:\090e535e839659cb735a
2013-10-12 09:17:04    --------    d-----w-    C:\d55d741508346488e82c57b8f038
2013-10-12 08:58:06    --------    d-----w-    C:\3ed7b4130d998ac94b9b1324ac7250
2013-10-12 08:57:24    --------    d-----w-    C:\HP_TOOLS_mountHPSF
2013-10-12 08:50:39    --------    d-----w-    C:\Users\Nick\AppData\Roaming\SUPERAntiSpyware.com
2013-10-12 08:49:15    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-10-12 08:49:15    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-10-12 08:48:01    --------    d-----w-    C:\Users\Nick\AppData\Local\Secunia PSI
2013-10-12 08:47:04    --------    d-----w-    C:\Program Files (x86)\Secunia
2013-10-12 08:46:24    --------    d-----w-    C:\EEK
2013-10-12 08:16:09    912504    ----a-w-    C:\Windows\System32\drivers\NISx64\1207000.00D\symefa64.sys
2013-10-12 08:16:09    386168    ----a-w-    C:\Windows\System32\drivers\NISx64\1207000.00D\symnets.sys
2013-10-12 08:16:08    744568    ----a-w-    C:\Windows\System32\drivers\NISx64\1207000.00D\srtsp64.sys
2013-10-12 08:16:08    450680    ----a-w-    C:\Windows\System32\drivers\NISx64\1207000.00D\symds64.sys
2013-10-12 08:16:08    40568    ----a-w-    C:\Windows\System32\drivers\NISx64\1207000.00D\srtspx64.sys
2013-10-12 08:16:08    171128    ----a-w-    C:\Windows\System32\drivers\NISx64\1207000.00D\ironx64.sys
2013-10-12 08:15:30    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1207000.00D
2013-10-12 07:41:28    --------    d-----w-    C:\ProgramData\Synaptics
2013-10-12 07:32:00    --------    d-----w-    C:\Windows\SysWow64\Wat
2013-10-12 07:32:00    --------    d-----w-    C:\Windows\System32\Wat
2013-10-12 06:09:13    514560    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2013-10-12 06:09:13    366592    ----a-w-    C:\Windows\System32\qdvd.dll
2013-10-12 06:09:11    458712    ----a-w-    C:\Windows\System32\drivers\cng.sys
2013-10-12 06:09:11    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-10-12 06:09:11    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-10-12 06:09:11    154480    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-10-12 06:09:11    1448448    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-10-12 06:09:10    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-10-12 06:09:10    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-10-12 06:07:58    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-10-12 00:19:50    --------    d-----w-    C:\76f552017dc9650b21b2a94125af21
2013-10-12 00:17:21    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-10-12 00:11:59    817664    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-12 00:00:35    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-11 23:58:09    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-10-11 23:58:09    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-10-11 23:06:03    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-10-11 23:06:02    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-10-11 23:06:02    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-10-11 23:06:02    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-10-11 23:06:02    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-10-11 23:06:02    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-10-11 23:06:01    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-10-11 22:52:01    --------    d-----w-    C:\Users\Nick\AppData\Local\Macromedia
2013-10-11 22:48:49    --------    d-----w-    C:\Windows\System32\MRT
2013-10-11 22:29:12    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-11 22:29:12    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-10-11 22:29:12    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-10-11 22:29:12    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-10-11 22:29:12    220672    ----a-w-    C:\Windows\System32\wintrust.dll
2013-10-11 22:29:12    172544    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-10-11 22:29:12    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-11 22:27:25    --------    d-----w-    C:\AdwCleaner
2013-10-11 22:13:05    --------    d-----w-    C:\Users\Nick\AppData\Local\Mozilla
2013-10-11 22:08:32    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-10-11 22:07:52    46592    ----a-w-    C:\Windows\SysWow64\fpb.rs
2013-10-11 22:04:02    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-10-11 22:04:02    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-10-11 22:04:02    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-10-11 22:04:01    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-10-11 22:04:00    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-10-11 22:04:00    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-10-11 22:04:00    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-10-11 22:02:58    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2013-10-11 21:59:24    95744    ----a-w-    C:\Windows\System32\synceng.dll
2013-10-11 21:59:24    78336    ----a-w-    C:\Windows\SysWow64\synceng.dll
2013-10-11 21:59:23    642944    ----a-w-    C:\Windows\System32\winload.efi
2013-10-11 21:59:23    605552    ----a-w-    C:\Windows\System32\winload.exe
2013-10-11 21:59:23    566208    ----a-w-    C:\Windows\System32\winresume.efi
2013-10-11 21:59:23    518672    ----a-w-    C:\Windows\System32\winresume.exe
2013-10-11 21:59:23    20352    ----a-w-    C:\Windows\System32\kdusb.dll
2013-10-11 21:59:23    19328    ----a-w-    C:\Windows\System32\kd1394.dll
2013-10-11 21:59:23    17792    ----a-w-    C:\Windows\System32\kdcom.dll
2013-10-11 21:58:58    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-10-11 21:58:58    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-10-11 21:58:55    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2013-10-11 21:57:00    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-10-11 21:57:00    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-10-11 21:56:29    64512    ----a-w-    C:\Windows\SysWow64\devobj.dll
2013-10-11 21:56:29    44544    ----a-w-    C:\Windows\SysWow64\devrtl.dll
2013-10-11 21:56:29    404480    ----a-w-    C:\Windows\System32\umpnpmgr.dll
2013-10-11 21:56:29    252928    ----a-w-    C:\Windows\SysWow64\drvinst.exe
2013-10-11 21:56:29    145920    ----a-w-    C:\Windows\SysWow64\cfgmgr32.dll
2013-10-11 21:56:26    936448    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-10-11 21:56:26    1367040    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-10-11 21:55:17    124112    ----a-w-    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 21:55:17    102608    ----a-w-    C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 21:55:08    376688    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-10-11 21:55:08    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-10-11 21:53:57    267776    ----a-w-    C:\Windows\System32\FXSCOVER.exe
2013-10-11 21:51:26    956928    ----a-w-    C:\Windows\System32\localspl.dll
2013-10-11 21:51:24    90624    ----a-w-    C:\Windows\System32\drivers\bowser.sys
2013-10-11 21:51:18    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2013-10-11 21:51:18    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2013-10-11 21:51:18    331776    ----a-w-    C:\Windows\System32\oleacc.dll
2013-10-11 21:51:18    233472    ----a-w-    C:\Windows\SysWow64\oleacc.dll
2013-10-11 21:51:09    723456    ----a-w-    C:\Windows\System32\EncDec.dll
2013-10-11 21:51:09    534528    ----a-w-    C:\Windows\SysWow64\EncDec.dll
2013-10-11 21:50:55    983488    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-11 21:50:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-10-11 21:50:54    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-10-11 21:50:18    --------    d-----w-    C:\Users\Nick\AppData\Local\Adobe
2013-10-11 21:44:08    67072    ----a-w-    C:\Windows\splwow64.exe
2013-10-11 21:44:08    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2013-10-11 21:44:06    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-10-11 21:44:06    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-10-11 20:46:43    382584    ----a-w-    C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys
2013-10-11 20:46:42    912504    ----a-w-    C:\Windows\System32\drivers\NISx64\1206000.01D\symefa64.sys
2013-10-11 20:46:42    450680    ----a-w-    C:\Windows\System32\drivers\NISx64\1206000.01D\symds64.sys
2013-10-11 20:46:42    40568    ----a-w-    C:\Windows\System32\drivers\NISx64\1206000.01D\srtspx64.sys
2013-10-11 20:46:41    744568    ----a-w-    C:\Windows\System32\drivers\NISx64\1206000.01D\srtsp64.sys
2013-10-11 20:46:41    171128    ----a-w-    C:\Windows\System32\drivers\NISx64\1206000.01D\ironx64.sys
2013-10-11 20:46:06    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1206000.01D
2013-10-11 20:34:51    --------    d-----w-    C:\Program Files\HitmanPro
2013-10-11 20:31:03    --------    d-----w-    C:\ProgramData\HitmanPro
2013-10-11 20:24:14    743248    ----a-w-    C:\Windows\SysWow64\msvcp100d.dll
2013-10-11 20:24:14    1858896    ----a-w-    C:\Windows\System32\msvcr100d.dll
2013-10-11 20:24:14    1498960    ----a-w-    C:\Windows\SysWow64\msvcr100d.dll
2013-10-11 20:24:14    1014096    ----a-w-    C:\Windows\System32\msvcp100d.dll
2013-10-11 20:24:14    --------    d-----w-    C:\Program Files\Malwarebytes Anti-Exploit
2013-10-11 20:22:31    --------    d-----w-    C:\Users\Nick\AppData\Roaming\Malwarebytes
2013-10-11 20:22:11    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-10-11 20:22:10    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-11 20:21:30    --------    d-----w-    C:\Users\Nick\AppData\Local\Programs
2013-10-11 20:21:14    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-10-11 20:21:09    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-11 20:18:56    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-10-11 20:16:48    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-10-11 20:16:48    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-10-11 20:16:48    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-10-11 20:10:34    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-10-11 20:10:04    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-10-11 20:10:04    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-10-11 20:03:28    --------    d-----w-    C:\Users\Nick\AppData\Local\Diagnostics
2013-10-11 05:05:33    --------    d-----w-    C:\Program Files (x86)\Common Files\Symantec Shared
2013-10-11 05:03:02    --------    d-----w-    C:\Users\Nick\AppData\Local\AMD
2013-10-11 05:02:54    --------    d-----w-    C:\Users\Nick\AppData\Local\ATI
2013-10-11 05:02:09    --------    d-----w-    C:\Users\Nick\AppData\Local\Broadcom
2013-10-11 05:01:55    --------    d-----w-    C:\Users\Nick\AppData\Roaming\Synaptics
2013-10-11 05:01:54    --------    d-----w-    C:\Users\Nick\AppData\Roaming\hpqLog
2013-10-11 05:00:51    --------    d-----w-    C:\Users\Nick\AppData\Local\RemEngine
2013-10-11 04:53:32    --------    d-----w-    C:\Users\Nick\AppData\Local\Hewlett-Packard
2013-10-11 04:53:13    --------    d-----w-    C:\Users\Nick\AppData\Local\Hewlett-Packard_Company
2013-10-11 04:52:21    --------    d-----w-    C:\Users\Nick\AppData\Local\VirtualStore
2013-10-02 08:02:16    66264    ----a-w-    C:\Windows\System32\btwdi.dll
2013-10-02 08:02:16    2253016    ----a-w-    C:\Windows\System32\BtwRSupportService.exe
2013-10-02 08:02:16    2232024    ----a-w-    C:\Windows\System32\BcmBtRSupport.dll
2013-10-02 08:02:16    166104    ----a-w-    C:\Windows\System32\drivers\btwampfl.sys
2013-10-02 08:02:14    170712    ----a-w-    C:\Windows\System32\drivers\bcbtums.sys
.
==================== Find6M  ====================
.
2013-10-12 00:12:00    719360    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2013-10-12 00:12:00    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 00:12:00    523264    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-10-12 00:12:00    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-10-12 00:12:00    226304    ----a-w-    C:\Windows\System32\elshyph.dll
2013-10-12 00:12:00    185344    ----a-w-    C:\Windows\SysWow64\elshyph.dll
2013-10-12 00:12:00    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-12 00:12:00    158720    ----a-w-    C:\Windows\SysWow64\msls31.dll
2013-10-12 00:12:00    150528    ----a-w-    C:\Windows\SysWow64\iexpress.exe
2013-10-12 00:12:00    138752    ----a-w-    C:\Windows\SysWow64\wextract.exe
2013-10-12 00:12:00    137216    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-10-12 00:12:00    1054720    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2013-10-12 00:00:35    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-11 22:48:40    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-11 22:48:40    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-11 20:47:03    174200    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-09-04 12:12:11    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:42    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45    155584    ----a-w-    C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17    338432    ----a-w-    C:\Windows\System32\conhost.exe
2013-08-02 00:59:09    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-08-02 00:43:05    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-19 01:41:01    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-12 10:41:35    185344    ----a-w-    C:\Windows\System32\drivers\usbvideo.sys
2013-07-12 10:41:12    100864    ----a-w-    C:\Windows\System32\drivers\usbcir.sys
2013-07-04 12:57:22    259584    ----a-w-    C:\Windows\System32\WebClnt.dll
2013-07-04 12:50:46    102400    ----a-w-    C:\Windows\System32\davclnt.dll
2013-07-04 11:57:28    205824    ----a-w-    C:\Windows\SysWow64\WebClnt.dll
2013-07-04 11:51:04    81920    ----a-w-    C:\Windows\SysWow64\davclnt.dll
2013-07-04 10:11:35    140800    ----a-w-    C:\Windows\System32\drivers\mrxdav.sys
2013-07-03 08:32:42    18456    ----a-w-    C:\Windows\System32\drivers\psi_mf_amd64.sys
2013-07-03 04:05:05    76800    ----a-w-    C:\Windows\System32\drivers\hidclass.sys
2013-07-03 04:05:04    32896    ----a-w-    C:\Windows\System32\drivers\hidparse.sys
2013-06-25 22:55:52    785624    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-06-06 05:50:51    41472    ----a-w-    C:\Windows\System32\lpk.dll
2013-06-06 05:49:52    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-06-06 05:49:07    14336    ----a-w-    C:\Windows\System32\dciman32.dll
2013-06-06 05:47:21    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-06-06 04:57:01    25600    ----a-w-    C:\Windows\SysWow64\lpk.dll
2013-06-06 04:50:56    10240    ----a-w-    C:\Windows\SysWow64\dciman32.dll
2013-06-06 03:30:53    368128    ----a-w-    C:\Windows\System32\atmfd.dll
2013-06-06 03:01:38    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-06-06 03:01:26    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
.
============= FINISH: 19:58:01.77 ===============
 

 

 

GMER LOG:

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-12 19:51:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006e Hitachi_ rev.JE4O 698.64GB
Running: gnyukdnq.exe; Driver: C:\Users\Nick\AppData\Local\Temp\kwldqpoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                     fffff80002e08000 57 bytes [00, 00, 0D, 02, 4D, 64, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 586                                                                                                                     fffff80002e0803a 5 bytes [00, 00, 10, 06, 00]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        00000000766e1465 2 bytes [6E, 76]
.text     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                       00000000766e14bb 2 bytes [6E, 76]
.text     ...                                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                               00000000766e1465 2 bytes [6E, 76]
.text     C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe[3628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              00000000766e14bb 2 bytes [6E, 76]
.text     ...                                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                              00000000766e1465 2 bytes [6E, 76]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[6212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                             00000000766e14bb 2 bytes [6E, 76]
.text     ...                                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                          00000000766e1465 2 bytes [6E, 76]
.text     C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                         00000000766e14bb 2 bytes [6E, 76]
.text     ...                                                                                                                                                                                    * 2
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[6088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                               00000000766e1465 2 bytes [6E, 76]
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[6088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                              00000000766e14bb 2 bytes [6E, 76]
.text     ...                                                                                                                                                                                    * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\SysWOW64\ntdll.dll [2200:2204]                                                                                                                                              000000000041009c
Thread    C:\Windows\SysWOW64\ntdll.dll [2200:2568]                                                                                                                                              00000000608ae21c
Thread    C:\Windows\SysWOW64\ntdll.dll [2200:3052]                                                                                                                                              000000006be03a2a
Thread    C:\Windows\SysWOW64\ntdll.dll [2200:2824]                                                                                                                                              0000000071380eb8
Thread    C:\Windows\SysWOW64\ntdll.dll [2200:2596]                                                                                                                                              0000000071380eb8
Thread    C:\Windows\SysWOW64\ntdll.dll [2200:2272]                                                                                                                                              0000000071380eb8
Thread    C:\Windows\SysWOW64\ntdll.dll [2200:4536]                                                                                                                                              00000000739a1854
Thread    C:\Windows\SysWOW64\ntdll.dll [2200:5056]                                                                                                                                              00000000608b6720
Thread    C:\Windows\SysWOW64\ntdll.dll [2200:2280]                                                                                                                                              00000000608bd23d
Thread    C:\Windows\SysWOW64\ntdll.dll [2200:1876]                                                                                                                                              00000000680da843
Thread    C:\Windows\SysWOW64\ntdll.dll [2200:3040]                                                                                                                                              0000000067ac8799
Thread    C:\Windows\SysWOW64\ntdll.dll [2200:3448]                                                                                                                                              00000000608b6720
Thread     [4588:1488]                                                                                                                                                                           000007fef245b6cc
Thread     [4588:2592]                                                                                                                                                                           000007fef231b62c
Thread     [4588:1440]                                                                                                                                                                           0000000076ddaef0
Thread     [4588:2652]                                                                                                                                                                           000007fef231b62c
Thread     [4588:4988]                                                                                                                                                                           000007fef231b62c
Thread     [4588:4972]                                                                                                                                                                           000007fef231b62c
Thread     [4588:5024]                                                                                                                                                                           000007fef231b62c
Thread     [4588:5020]                                                                                                                                                                           000007fef242da8c
Thread     [4588:1348]                                                                                                                                                                           000007fef231b62c
Thread     [4588:5040]                                                                                                                                                                           000007fef231b62c
Thread     [4588:2232]                                                                                                                                                                           000007fef23112a8
Thread     [4588:3192]                                                                                                                                                                           000007fef2955830
Thread     [4588:3620]                                                                                                                                                                           000007fef231b62c
Thread     [4588:5440]                                                                                                                                                                           000007fef231b62c
Thread     [4588:2928]                                                                                                                                                                           0000000076ddfbf0
---- Processes - GMER 2.1 ----

Library   C:\Windows\system32\livessp.DLL (*** suspicious ***) @ C:\Windows\system32\lsass.exe [636]                                                                                             000007fefc070000
Library   C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1816]                                                  000007fef7440000
Library   C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe (*** suspicious ***) @ C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2468871-v2-x64.exe [5620]  00000000008f0000
Library   C:\3ed7b4130d998ac94b9b1324ac7250\Setup.exe (*** suspicious ***) @ C:\3ed7b4130d998ac94b9b1324ac7250\Setup.exe [6584]                                                                  0000000001230000
Library   C:\Windows\Installer\MSIF3AD.tmp (*** suspicious ***) @ C:\Windows\syswow64\MsiExec.exe [7136]                                                                                         00000000742c0000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52aff2bf11                                                                                                            
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52aff2bf11 (not active ControlSet)                                                                                        

---- EOF - GMER 2.1 ----
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:11 PM

Posted 14 October 2013 - 10:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 AM

Posted 14 October 2013 - 02:01 PM

Hi Nasqad,

 

Thanks mate - This is driving me insane, I'm not sure if it's an extremely persistent virus somehow embedded in my computer (so that even when I reset it to factory, it comes back within a day) or if it is some wanker with nothing better to do than hack my computer to mess with me.

 

My gut instincts (since it started playing up), are that it's got something to do with Bluetooth / Wifi & perhaps even my router.

 

Anyway, it's gotten worse. The laptop will just shut off randomly (as though it's run out of power), the fan goes crazy and the thing heats up, it turned on by itself this morning, windows update started playing up, settings keep changing, and worst of all - Things such as "Remote Desktop Services" keep & Terminal Services keep being started / running in task-manager even after I've stopped/disabled them everywhere.

 

Norton Internet Security is behaving differently, as with most of my Malware programs I ran HiJack This earlier on this morning and it showed things under Running Processes which 100% were not currently running on my laptop??? 

 

PLEASE assist. Also if there's any way of identifying the hacker that'd be great!

 

Here is the first log (Rogue Killer):

 

 

 

RogueKiller V8.7.2 _x64_ [Oct  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Nick [Admin rights]
Mode : Remove -- Date : 10/15/2013 04:58:41
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 38061847 (C:\Windows\system32\DRIVERS\38061847.sys [x]) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 1 ¤¤¤
[Nick][SUSP PATH] _uninst_38061847.lnk : C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_38061847.lnk @C:\Users\Nick\AppData\Local\Temp\_UNINS~1.BAT [-][-] -> DELETED
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS547575A9E384 SATA Disk Device +++++
--- User ---
[MBR] c9ed977436e605b933ff3dc05328406a
[BSP] 253fe50e54e3ba0b85cc9e08294834e4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 700547 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1435129856 | Size: 14554 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 6d9de099117179b5ae316c0decf29117
[BSP] 253fe50e54e3ba0b85cc9e08294834e4 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo
 
Finished : << RKreport[0]_D_10152013_045841.txt >>
RKreport[0]_H_10152013_030213.txt;RKreport[0]_S_10152013_000157.txt;RKreport[0]_S_10152013_025843.txt
RKreport[0]_S_10152013_045647.txt
 
 
 
 
 
 


#4 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 AM

Posted 14 October 2013 - 02:09 PM

Adwcleaner log:

 

# AdwCleaner v3.007 - Report created 15/10/2013 at 05:04:57
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nick - NICK-HP
# Running from : C:\Users\Nick\Desktop\adwcleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\e8649gz5.default\prefs.js ]
 
 
-\\ Google Chrome v30.0.1599.69
 
[ File : C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2137 octets] - [12/10/2013 08:27:33]
AdwCleaner[R1].txt - [2198 octets] - [12/10/2013 17:47:56]
AdwCleaner[R2].txt - [1401 octets] - [14/10/2013 14:07:04]
AdwCleaner[R3].txt - [1191 octets] - [15/10/2013 03:21:59]
AdwCleaner[R4].txt - [1255 octets] - [15/10/2013 05:02:43]
AdwCleaner[S0].txt - [1940 octets] - [12/10/2013 17:50:59]
AdwCleaner[S1].txt - [1353 octets] - [14/10/2013 14:08:19]
AdwCleaner[S2].txt - [1177 octets] - [15/10/2013 05:04:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1237 octets] ##########


#5 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 AM

Posted 14 October 2013 - 02:26 PM

JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Nick on Tue 15/10/2013 at  5:11:23.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 15/10/2013 at  5:25:01.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 AM

Posted 14 October 2013 - 02:42 PM

Combofix log:

 

ComboFix 13-10-13.02 - Nick 15/10/2013   5:32.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.7659.5803 [GMT 10:00]
Running from: c:\users\Nick\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-14 to 2013-10-14  )))))))))))))))))))))))))))))))
.
.
2013-10-14 19:38 . 2013-10-14 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-14 17:00 . 2013-10-14 17:00 -------- d-----w- c:\programdata\Kaspersky Lab
2013-10-14 15:30 . 2013-10-14 15:30 39424 ----a-w- c:\windows\zipinst.exe
2013-10-14 15:30 . 2013-10-14 15:30 -------- d-----w- c:\program files (x86)\FastResolver
2013-10-14 15:22 . 2013-10-14 15:32 -------- d-----w- c:\program files (x86)\NirSoft
2013-10-14 14:49 . 2013-10-14 14:49 -------- d-----w- c:\programdata\PACE Anti-Piracy
2013-10-14 12:54 . 2013-10-14 12:54 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-10-14 12:37 . 2013-10-14 12:37 -------- d-----w- c:\programdata\ALM
2013-10-14 12:26 . 2013-10-14 12:26 -------- d-----w- c:\program files (x86)\Adobe Story
2013-10-14 12:17 . 2013-10-14 12:48 -------- d-----w- c:\program files\Common Files\Adobe
2013-10-14 12:17 . 2013-10-14 12:48 -------- d-----w- c:\program files\Adobe
2013-10-14 12:15 . 2013-10-14 12:15 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-10-14 12:09 . 2013-10-14 12:42 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-10-14 11:06 . 2013-10-14 11:06 -------- d-----w- c:\programdata\Ableton
2013-10-14 10:58 . 2011-03-29 04:38 368640 ----a-w- c:\windows\SysWow64\ReWire.dll
2013-10-14 10:58 . 2011-03-29 04:38 233472 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2013-10-14 10:54 . 2013-10-14 10:54 -------- d-----w- c:\program files (x86)\Ableton
2013-10-14 09:48 . 2013-07-09 02:28 49144 ----a-w- c:\windows\system32\drivers\TTM57SLUsb.sys
2013-10-14 09:48 . 2013-10-14 09:48 -------- d-----w- c:\program files (x86)\Serato
2013-10-14 09:43 . 2013-10-14 09:43 -------- d-----w- c:\windows\Downloaded Installations
2013-10-14 04:32 . 2013-10-14 04:32 -------- d-----w- c:\program files\IDT
2013-10-14 04:27 . 2011-03-16 17:14 521728 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2013-10-14 04:27 . 2011-03-16 17:14 431616 ----a-w- c:\windows\system32\stcplx64.dll
2013-10-14 04:27 . 2011-03-16 17:14 652288 ------w- c:\windows\system32\stapi64.dll
2013-10-14 04:27 . 2011-03-16 17:14 1500672 ----a-w- c:\windows\system32\stapo64.dll
2013-10-14 04:25 . 2013-10-14 04:25 -------- d-----w- c:\program files (x86)\Renesas Electronics
2013-10-13 08:23 . 2013-10-13 08:24 -------- d-----w- C:\rsit
2013-10-13 07:18 . 2013-10-14 19:05 -------- d-----w- c:\windows\system32\drivers\NISx64\1501000.012
2013-10-13 06:42 . 2013-08-05 19:32 78936 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2013-10-13 05:52 . 2013-10-13 05:52 -------- d-----w- C:\HP_TOOLS_mountHPSF
2013-10-13 05:28 . 2013-10-13 05:28 3822080 ----a-w- c:\windows\system32\drivers\BCMWL564.SYS
2013-10-13 02:07 . 2013-10-13 02:07 -------- d-----w- c:\windows\SysWow64\sda
2013-10-13 02:05 . 2013-04-25 08:12 9889352 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2013-10-13 02:01 . 2013-08-27 04:08 74456 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-10-13 02:01 . 2013-08-27 04:08 108760 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-10-13 02:01 . 2013-08-27 04:08 883928 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-10-13 01:44 . 2013-10-13 01:44 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-10-12 17:12 . 2013-10-12 17:24 -------- d-----w- C:\2b4186887e413f1617881d9e
2013-10-12 15:49 . 2013-10-12 15:49 -------- d-----w- c:\program files (x86)\JAM Software
2013-10-12 14:26 . 2013-10-12 14:27 -------- d-----w- c:\program files (x86)\Google
2013-10-12 13:56 . 2013-10-12 16:56 309320 ----a-w- c:\windows\SysWow64\drivers\TrufosAlt.sys
2013-10-12 12:38 . 2013-10-13 08:24 -------- d-----w- c:\program files (x86)\Trend Micro
2013-10-12 12:36 . 2013-10-12 12:36 -------- d-----w- C:\FRST
2013-10-12 11:29 . 2013-10-12 11:41 -------- d-----w- C:\0533257546fcdb231f3059f24347
2013-10-12 10:09 . 2013-10-12 10:09 -------- d-----w- c:\windows\ERUNT
2013-10-12 08:58 . 2013-10-12 09:17 -------- d-----w- C:\3ed7b4130d998ac94b9b1324ac7250
2013-10-12 08:49 . 2013-10-12 08:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-10-12 08:49 . 2013-10-12 08:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-10-12 08:47 . 2013-10-12 08:47 -------- d-----w- c:\program files (x86)\Secunia
2013-10-12 08:46 . 2013-10-12 13:42 -------- d-----w- C:\EEK
2013-10-12 07:41 . 2013-10-12 07:41 -------- d-----w- c:\programdata\Synaptics
2013-10-12 07:32 . 2013-10-12 07:32 -------- d-----w- c:\windows\SysWow64\Wat
2013-10-12 07:32 . 2013-10-12 07:32 -------- d-----w- c:\windows\system32\Wat
2013-10-12 06:09 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-10-12 06:09 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-10-12 06:09 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-10-12 06:09 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-10-12 06:09 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-10-12 06:09 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-10-12 06:09 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-10-12 06:09 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-10-12 06:09 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-10-12 06:07 . 2013-06-06 05:50 41472 ----a-w- c:\windows\system32\lpk.dll
2013-10-12 00:19 . 2013-10-12 00:19 -------- d-----w- C:\76f552017dc9650b21b2a94125af21
2013-10-12 00:17 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-10-12 00:11 . 2013-10-12 00:11 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-12 00:00 . 2013-10-12 00:00 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-11 23:58 . 2013-10-11 23:58 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-10-11 23:58 . 2013-10-11 23:58 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-10-11 23:39 . 2013-10-11 23:39 -------- d-----w- c:\program files\Microsoft Silverlight
2013-10-11 23:39 . 2013-10-11 23:39 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-10-11 23:06 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-10-11 23:06 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-10-11 23:06 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-10-11 23:06 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-10-11 23:06 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-10-11 23:06 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-10-11 23:06 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-10-11 22:48 . 2013-10-11 22:50 -------- d-----w- c:\windows\system32\MRT
2013-10-11 22:29 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-10-11 22:29 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-11 22:29 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-10-11 22:29 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-10-11 22:29 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-10-11 22:27 . 2013-10-14 19:05 -------- d-----w- C:\AdwCleaner
2013-10-11 22:12 . 2013-10-11 22:12 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-10-11 22:07 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-11 22:04 . 2013-09-14 01:10 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-10-11 22:04 . 2013-09-08 02:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-10-11 22:04 . 2013-09-08 02:27 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-10-11 22:04 . 2013-09-08 02:03 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-10-11 22:04 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-11 22:04 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-10-11 22:04 . 2012-11-28 22:56 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-10-11 22:02 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-10-11 21:59 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-10-11 21:59 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2013-10-11 21:59 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2013-10-11 21:59 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2013-10-11 21:59 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2013-10-11 21:59 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2013-10-11 21:59 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2013-10-11 21:59 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2013-10-11 21:59 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2013-10-11 21:59 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-10-11 21:59 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-10-11 21:58 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-10-11 21:58 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-10-11 21:58 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-10-11 21:57 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-10-11 21:57 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-10-11 21:56 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-10-11 21:56 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2013-10-11 21:56 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2013-10-11 21:56 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2013-10-11 21:56 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2013-10-11 21:56 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-10-11 21:56 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-10-11 21:55 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 21:55 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 21:55 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-10-11 21:55 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2013-10-11 21:53 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2013-10-11 21:53 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-10-11 21:53 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-13 06:28 . 2011-07-21 04:14 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-10-13 05:28 . 2011-07-21 04:03 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2013-10-13 05:26 . 2011-07-21 04:03 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2013-10-13 05:26 . 2011-07-21 04:03 4747840 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2013-10-13 05:26 . 2011-07-21 04:03 3952640 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2013-10-13 05:26 . 2011-07-21 04:03 3617792 ----a-w- c:\windows\system32\bcmihvui64.dll
2013-10-12 15:12 . 2000-11-01 11:48 28672 ----a-w- c:\windows\system32\renameuser.exe
2013-08-29 01:48 . 2013-10-11 22:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-10 6589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-07-20 113288]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/20 21:18;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TTM57SLUsb;TTM 57SL USB driver;c:\windows\system32\Drivers\TTM57SLUsb.sys;c:\windows\SYSNATIVE\Drivers\TTM57SLUsb.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R4 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131011.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131011.001\IDSvia64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-12 14:27 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12 14:25]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12 14:25]
.
2013-10-13 c:\windows\Tasks\HPCeeScheduleForNick.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-10-14 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2013-10-11 23:48]
.
2013-10-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 41e62efb-d926-424d-8790-6dbe588e29e1.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
2013-10-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 618fcc3f-bea4-499f-a360-cef38b54581c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-29 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\e8649gz5.default\
FF - ExtSQL: 2013-10-11 14:51; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn
FF - ExtSQL: 2013-10-12 06:48; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\IPSFF
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SysTrayApp - c:\program files\IDT\WDM\sttray64.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-15  05:41:21
ComboFix-quarantined-files.txt  2013-10-14 19:41
ComboFix2.txt  2013-10-13 09:06
.
Pre-Run: 669,677,318,144 bytes free
Post-Run: 669,574,012,928 bytes free
.
- - End Of File - - A503C12EDCE8C45C828A17E16C502D72
A36C5E4F47E84449FF07ED3517B43A31


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:11 PM

Posted 15 October 2013 - 07:28 AM

Lets check deeper.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#8 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 AM

Posted 16 October 2013 - 12:03 AM

15:00:17.0722 3304  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:00:19.0725 3304  ============================================================
15:00:19.0725 3304  Current date / time: 2013/10/16 15:00:19.0725
15:00:19.0725 3304  SystemInfo:
15:00:19.0725 3304  
15:00:19.0725 3304  OS Version: 6.1.7601 ServicePack: 1.0
15:00:19.0725 3304  Product type: Workstation
15:00:19.0725 3304  ComputerName: NICK-HP
15:00:19.0725 3304  UserName: Nick
15:00:19.0725 3304  Windows directory: C:\Windows
15:00:19.0725 3304  System windows directory: C:\Windows
15:00:19.0725 3304  Running under WOW64
15:00:19.0725 3304  Processor architecture: Intel x64
15:00:19.0725 3304  Number of processors: 4
15:00:19.0725 3304  Page size: 0x1000
15:00:19.0725 3304  Boot type: Normal boot
15:00:19.0725 3304  ============================================================
15:00:22.0383 3304  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:00:22.0409 3304  ============================================================
15:00:22.0409 3304  \Device\Harddisk0\DR0:
15:00:22.0438 3304  MBR partitions:
15:00:22.0438 3304  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:00:22.0438 3304  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55841800
15:00:22.0438 3304  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x558A5800, BlocksNum 0x1C6D000
15:00:22.0438 3304  ============================================================
15:00:22.0841 3304  C: <-> \Device\Harddisk0\DR0\Partition2
15:00:23.0012 3304  D: <-> \Device\Harddisk0\DR0\Partition3
15:00:23.0012 3304  ============================================================
15:00:23.0012 3304  Initialize success
15:00:23.0012 3304  ============================================================
15:00:28.0266 3076  ============================================================
15:00:28.0266 3076  Scan started
15:00:28.0266 3076  Mode: Manual; SigCheck; TDLFS; 
15:00:28.0266 3076  ============================================================
15:00:29.0114 3076  ================ Scan system memory ========================
15:00:29.0114 3076  System memory - ok
15:00:29.0115 3076  ================ Scan services =============================
15:00:29.0281 3076  [ 620C92D6EEFA9853A3EAD41B5EB9B5FD ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:00:29.0474 3076  !SASCORE - ok
15:00:29.0865 3076  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:00:29.0957 3076  1394ohci - ok
15:00:30.0056 3076  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
15:00:30.0130 3076  Accelerometer - ok
15:00:30.0151 3076  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:00:30.0173 3076  ACPI - ok
15:00:30.0213 3076  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:00:30.0305 3076  AcpiPmi - ok
15:00:30.0504 3076  [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:00:30.0528 3076  AdobeFlashPlayerUpdateSvc - ok
15:00:30.0596 3076  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:00:30.0638 3076  adp94xx - ok
15:00:30.0707 3076  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:00:30.0729 3076  adpahci - ok
15:00:30.0800 3076  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:00:30.0819 3076  adpu320 - ok
15:00:30.0883 3076  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:00:31.0081 3076  AeLookupSvc - ok
15:00:31.0143 3076  [ 314C17917AC8523EC77A710215012A65 ] AFD             C:\Windows\system32\drivers\afd.sys
15:00:31.0206 3076  AFD - ok
15:00:31.0304 3076  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:00:31.0370 3076  agp440 - ok
15:00:31.0402 3076  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:00:31.0494 3076  ALG - ok
15:00:31.0627 3076  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:00:31.0659 3076  aliide - ok
15:00:31.0749 3076  [ 3DE8DC285540733818588CC94E7FC96E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:00:31.0876 3076  AMD External Events Utility - ok
15:00:31.0981 3076  AMD FUEL Service - ok
15:00:32.0012 3076  [ 30BFEEE0DFFD5BD79D29157CF080DEED ] amdhub30        C:\Windows\system32\DRIVERS\amdhub30.sys
15:00:32.0079 3076  amdhub30 - ok
15:00:32.0123 3076  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:00:32.0152 3076  amdide - ok
15:00:32.0216 3076  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
15:00:32.0247 3076  amdiox64 - ok
15:00:32.0317 3076  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:00:32.0363 3076  AmdK8 - ok
15:00:33.0325 3076  [ 42D53DAF85F948C39CE1351A8F5B5808 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:00:33.0990 3076  amdkmdag - ok
15:00:34.0097 3076  [ 75182B5784015B271932088551616A96 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:00:34.0158 3076  amdkmdap - ok
15:00:34.0198 3076  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:00:34.0239 3076  AmdPPM - ok
15:00:34.0289 3076  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:00:34.0394 3076  amdsata - ok
15:00:34.0459 3076  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:00:34.0485 3076  amdsbs - ok
15:00:34.0509 3076  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:00:34.0544 3076  amdxata - ok
15:00:34.0598 3076  [ 321533578132C811EC834A1B741C994C ] amdxhc          C:\Windows\system32\DRIVERS\amdxhc.sys
15:00:34.0664 3076  amdxhc - ok
15:00:34.0711 3076  [ 2FBB00A7616106B95104574C6CD640C2 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
15:00:34.0724 3076  amd_sata - ok
15:00:34.0790 3076  [ 87D0D7645CB0D53220649BD5FE15D93E ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
15:00:34.0821 3076  amd_xata - ok
15:00:34.0904 3076  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:00:35.0216 3076  AppID - ok
15:00:35.0263 3076  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:00:35.0321 3076  AppIDSvc - ok
15:00:35.0378 3076  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
15:00:35.0431 3076  Appinfo - ok
15:00:35.0462 3076  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:00:35.0480 3076  arc - ok
15:00:35.0492 3076  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:00:35.0509 3076  arcsas - ok
15:00:35.0664 3076  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:00:35.0689 3076  aspnet_state - ok
15:00:35.0852 3076  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:35.0910 3076  AsyncMac - ok
15:00:35.0946 3076  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:00:35.0962 3076  atapi - ok
15:00:36.0057 3076  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:00:36.0104 3076  AtiHDAudioService - ok
15:00:36.0189 3076  atillk64 - ok
15:00:36.0261 3076  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:00:36.0324 3076  AudioEndpointBuilder - ok
15:00:36.0350 3076  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:00:36.0396 3076  AudioSrv - ok
15:00:36.0458 3076  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:00:36.0511 3076  AxInstSV - ok
15:00:36.0579 3076  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:00:36.0757 3076  b06bdrv - ok
15:00:36.0988 3076  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:00:37.0061 3076  b57nd60a - ok
15:00:37.0223 3076  [ 70433F7A216BD0B5EC7DA1202EE53E65 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
15:00:37.0268 3076  bcbtums - ok
15:00:37.0495 3076  [ D37D91EF96663A9648E1D4EDD2B41272 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl564.sys
15:00:37.0651 3076  BCM43XX - ok
15:00:37.0796 3076  [ 71770C2CDAF52A8C86088BF6697B66A4 ] BcmBtRSupport   C:\Windows\system32\BtwRSupportService.exe
15:00:37.0899 3076  BcmBtRSupport - ok
15:00:37.0939 3076  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:00:38.0007 3076  BDESVC - ok
15:00:38.0154 3076  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:00:38.0193 3076  Beep - ok
15:00:38.0258 3076  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:00:38.0322 3076  BFE - ok
15:00:38.0549 3076  [ B61966860EDA757FDF6EFC4AB39316C4 ] BHDrvx64        C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys
15:00:38.0621 3076  BHDrvx64 - ok
15:00:38.0683 3076  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
15:00:38.0780 3076  BITS - ok
15:00:38.0865 3076  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:00:38.0893 3076  blbdrive - ok
15:00:38.0951 3076  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:00:38.0988 3076  bowser - ok
15:00:39.0044 3076  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:00:39.0082 3076  BrFiltLo - ok
15:00:39.0090 3076  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:00:39.0109 3076  BrFiltUp - ok
15:00:39.0215 3076  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
15:00:39.0294 3076  BridgeMP - ok
15:00:39.0327 3076  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:00:39.0367 3076  Browser - ok
15:00:39.0410 3076  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:00:39.0506 3076  Brserid - ok
15:00:39.0543 3076  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:39.0584 3076  BrSerWdm - ok
15:00:39.0589 3076  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:39.0615 3076  BrUsbMdm - ok
15:00:39.0666 3076  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:00:39.0745 3076  BrUsbSer - ok
15:00:39.0818 3076  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
15:00:39.0967 3076  BthEnum - ok
15:00:40.0000 3076  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:00:40.0029 3076  BTHMODEM - ok
15:00:40.0077 3076  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:00:40.0123 3076  BthPan - ok
15:00:40.0172 3076  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:00:40.0241 3076  BTHPORT - ok
15:00:40.0318 3076  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:00:40.0395 3076  bthserv - ok
15:00:40.0407 3076  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:00:40.0469 3076  BTHUSB - ok
15:00:40.0498 3076  [ BC279FCEE9FC8CBF991D5DE539771AA9 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
15:00:40.0527 3076  btwampfl - ok
15:00:40.0593 3076  [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
15:00:40.0609 3076  btwaudio - ok
15:00:40.0703 3076  [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
15:00:40.0721 3076  btwavdt - ok
15:00:40.0817 3076  [ 692F8648D7686D91E34A65AC698019D8 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:00:40.0849 3076  btwdins - ok
15:00:40.0916 3076  [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
15:00:40.0930 3076  btwl2cap - ok
15:00:40.0960 3076  [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
15:00:40.0980 3076  btwrchid - ok
15:00:41.0114 3076  [ 0510396A957E9FD7205BA62D3CAE4528 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys
15:00:41.0142 3076  ccSet_NIS - ok
15:00:41.0168 3076  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:00:41.0259 3076  cdfs - ok
15:00:41.0305 3076  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:00:41.0341 3076  cdrom - ok
15:00:41.0380 3076  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:00:41.0439 3076  CertPropSvc - ok
15:00:41.0528 3076  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:00:41.0581 3076  circlass - ok
15:00:41.0670 3076  [ E264626EEA468F0325C244CB9ECDDEB4 ] cleanhlp        C:\EEK\Run\cleanhlp64.sys
15:00:41.0761 3076  cleanhlp - ok
15:00:41.0818 3076  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:00:41.0840 3076  CLFS - ok
15:00:41.0927 3076  [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
15:00:42.0121 3076  CLKMSVC10_38F51D56 - ok
15:00:42.0182 3076  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:42.0197 3076  clr_optimization_v2.0.50727_32 - ok
15:00:42.0246 3076  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:00:42.0261 3076  clr_optimization_v2.0.50727_64 - ok
15:00:42.0393 3076  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:00:42.0406 3076  clr_optimization_v4.0.30319_32 - ok
15:00:42.0423 3076  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:00:42.0438 3076  clr_optimization_v4.0.30319_64 - ok
15:00:42.0485 3076  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
15:00:42.0498 3076  clwvd - ok
15:00:42.0552 3076  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:00:42.0617 3076  CmBatt - ok
15:00:42.0634 3076  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:00:42.0655 3076  cmdide - ok
15:00:42.0752 3076  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
15:00:42.0798 3076  CNG - ok
15:00:42.0872 3076  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:00:42.0888 3076  Compbatt - ok
15:00:42.0893 3076  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:00:42.0924 3076  CompositeBus - ok
15:00:42.0937 3076  COMSysApp - ok
15:00:42.0944 3076  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:00:42.0960 3076  crcdisk - ok
15:00:42.0992 3076  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:00:43.0030 3076  CryptSvc - ok
15:00:43.0057 3076  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:00:43.0111 3076  DcomLaunch - ok
15:00:43.0159 3076  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:00:43.0224 3076  defragsvc - ok
15:00:43.0278 3076  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:00:43.0329 3076  DfsC - ok
15:00:43.0375 3076  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:00:43.0424 3076  Dhcp - ok
15:00:43.0467 3076  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:00:43.0514 3076  discache - ok
15:00:43.0557 3076  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:00:43.0574 3076  Disk - ok
15:00:43.0612 3076  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:00:43.0665 3076  Dnscache - ok
15:00:43.0768 3076  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:00:43.0832 3076  dot3svc - ok
15:00:43.0859 3076  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:00:43.0917 3076  DPS - ok
15:00:43.0959 3076  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:00:44.0036 3076  drmkaud - ok
15:00:44.0167 3076  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:00:44.0231 3076  DXGKrnl - ok
15:00:44.0340 3076  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:00:44.0423 3076  EapHost - ok
15:00:44.0548 3076  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:00:44.0648 3076  ebdrv - ok
15:00:44.0934 3076  [ A2DA3D8E0B336E13F7A155B5789B58CF ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:00:44.0970 3076  eeCtrl - ok
15:00:45.0027 3076  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:00:45.0070 3076  EFS - ok
15:00:45.0335 3076  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:00:45.0427 3076  ehRecvr - ok
15:00:45.0488 3076  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:00:45.0512 3076  ehSched - ok
15:00:45.0640 3076  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:00:45.0730 3076  elxstor - ok
15:00:45.0802 3076  [ 23C3061D2F7F8BCB6140A098447035B4 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:00:45.0817 3076  EraserUtilRebootDrv - ok
15:00:45.0831 3076  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:00:45.0853 3076  ErrDev - ok
15:00:45.0947 3076  [ 0571E626B1FDB6A83F67F11ACC65D2C0 ] ESProtectionDriver C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys
15:00:45.0963 3076  ESProtectionDriver - ok
15:00:46.0064 3076  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:00:46.0127 3076  EventSystem - ok
15:00:46.0210 3076  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:00:46.0255 3076  exfat - ok
15:00:46.0271 3076  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:00:46.0330 3076  fastfat - ok
15:00:46.0387 3076  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:00:46.0460 3076  Fax - ok
15:00:46.0548 3076  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
15:00:46.0623 3076  fdc - ok
15:00:46.0669 3076  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:00:46.0786 3076  fdPHost - ok
15:00:46.0808 3076  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:00:46.0849 3076  FDResPub - ok
15:00:46.0872 3076  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:00:46.0889 3076  FileInfo - ok
15:00:46.0894 3076  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:00:46.0957 3076  Filetrace - ok
15:00:47.0006 3076  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:00:47.0022 3076  flpydisk - ok
15:00:47.0113 3076  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:00:47.0134 3076  FltMgr - ok
15:00:47.0306 3076  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:00:47.0373 3076  FontCache - ok
15:00:47.0417 3076  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:00:47.0430 3076  FontCache3.0.0.0 - ok
15:00:47.0505 3076  [ 2074A85A6B8F84A5A9C60B915B465FAF ] FPLService      C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
15:00:47.0523 3076  FPLService - ok
15:00:47.0558 3076  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:00:47.0575 3076  FsDepends - ok
15:00:47.0614 3076  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:00:47.0648 3076  Fs_Rec - ok
15:00:47.0782 3076  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:00:47.0804 3076  fvevol - ok
15:00:47.0846 3076  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:00:47.0871 3076  gagp30kx - ok
15:00:47.0964 3076  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:00:47.0980 3076  GamesAppService - ok
15:00:48.0025 3076  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:00:48.0077 3076  gpsvc - ok
15:00:48.0165 3076  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:48.0188 3076  gupdate - ok
15:00:48.0209 3076  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:48.0222 3076  gupdatem - ok
15:00:48.0250 3076  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:00:48.0331 3076  hcw85cir - ok
15:00:48.0395 3076  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:00:48.0445 3076  HdAudAddService - ok
15:00:48.0474 3076  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:00:48.0512 3076  HDAudBus - ok
15:00:48.0549 3076  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:00:48.0584 3076  HidBatt - ok
15:00:48.0607 3076  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:00:48.0645 3076  HidBth - ok
15:00:48.0686 3076  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:00:48.0705 3076  HidIr - ok
15:00:48.0814 3076  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
15:00:48.0904 3076  hidserv - ok
15:00:48.0975 3076  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:00:49.0055 3076  HidUsb - ok
15:00:49.0088 3076  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:00:49.0176 3076  hkmsvc - ok
15:00:49.0272 3076  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:00:49.0340 3076  HomeGroupListener - ok
15:00:49.0369 3076  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:00:49.0410 3076  HomeGroupProvider - ok
15:00:49.0548 3076  [ 45A12CACB97B4F15858FCFD59355A1E9 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:00:49.0608 3076  HP Health Check Service - ok
15:00:49.0792 3076  [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:00:49.0817 3076  HPClientSvc - ok
15:00:49.0873 3076  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
15:00:49.0900 3076  hpdskflt - ok
15:00:50.0054 3076  [ 7B1637E5E0476CE22E8D76AC1203205E ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:00:50.0092 3076  hpqwmiex - ok
15:00:50.0167 3076  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:00:50.0184 3076  HpSAMD - ok
15:00:50.0225 3076  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\Windows\system32\Hpservice.exe
15:00:50.0239 3076  hpsrv - ok
15:00:50.0334 3076  [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:00:50.0359 3076  HPWMISVC - ok
15:00:50.0390 3076  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:00:50.0449 3076  HTTP - ok
15:00:50.0464 3076  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:00:50.0478 3076  hwpolicy - ok
15:00:50.0533 3076  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:00:50.0555 3076  i8042prt - ok
15:00:50.0606 3076  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:00:50.0706 3076  iaStorV - ok
15:00:50.0835 3076  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:00:50.0891 3076  idsvc - ok
15:00:51.0051 3076  [ C938B593D36184D95CFD049FB51CB640 ] IDSVia64        C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131014.001\IDSvia64.sys
15:00:51.0079 3076  IDSVia64 - ok
15:00:51.0120 3076  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:00:51.0145 3076  iirsp - ok
15:00:51.0200 3076  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:00:51.0277 3076  IKEEXT - ok
15:00:51.0299 3076  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:00:51.0323 3076  intelide - ok
15:00:51.0355 3076  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
15:00:51.0440 3076  intelppm - ok
15:00:51.0493 3076  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:00:51.0548 3076  IPBusEnum - ok
15:00:51.0567 3076  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:51.0608 3076  IpFilterDriver - ok
15:00:51.0662 3076  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:00:51.0755 3076  iphlpsvc - ok
15:00:51.0780 3076  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:00:51.0847 3076  IPMIDRV - ok
15:00:51.0881 3076  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:00:51.0971 3076  IPNAT - ok
15:00:52.0026 3076  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:00:52.0062 3076  IRENUM - ok
15:00:52.0090 3076  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:00:52.0105 3076  isapnp - ok
15:00:52.0143 3076  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:00:52.0202 3076  iScsiPrt - ok
15:00:52.0250 3076  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:00:52.0272 3076  kbdclass - ok
15:00:52.0295 3076  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:00:52.0349 3076  kbdhid - ok
15:00:52.0384 3076  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:00:52.0398 3076  KeyIso - ok
15:00:52.0450 3076  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:00:52.0503 3076  KSecDD - ok
15:00:52.0531 3076  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:00:52.0548 3076  KSecPkg - ok
15:00:52.0606 3076  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:00:52.0696 3076  ksthunk - ok
15:00:52.0816 3076  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:00:52.0962 3076  KtmRm - ok
15:00:53.0007 3076  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:00:53.0099 3076  LanmanServer - ok
15:00:53.0159 3076  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:00:53.0244 3076  LanmanWorkstation - ok
15:00:53.0284 3076  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:00:53.0344 3076  lltdio - ok
15:00:53.0399 3076  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:00:53.0479 3076  lltdsvc - ok
15:00:53.0496 3076  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:00:53.0545 3076  lmhosts - ok
15:00:53.0598 3076  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:00:53.0615 3076  LSI_FC - ok
15:00:53.0621 3076  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:00:53.0655 3076  LSI_SAS - ok
15:00:53.0724 3076  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:00:53.0758 3076  LSI_SAS2 - ok
15:00:53.0805 3076  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:00:53.0822 3076  LSI_SCSI - ok
15:00:53.0873 3076  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:00:53.0967 3076  luafv - ok
15:00:54.0013 3076  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:00:54.0043 3076  MBAMProtector - ok
15:00:54.0127 3076  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:00:54.0163 3076  MBAMScheduler - ok
15:00:54.0346 3076  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:00:54.0419 3076  MBAMService - ok
15:00:54.0468 3076  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:00:54.0485 3076  Mcx2Svc - ok
15:00:54.0496 3076  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:00:54.0511 3076  megasas - ok
15:00:54.0571 3076  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:00:54.0592 3076  MegaSR - ok
15:00:54.0669 3076  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:00:54.0797 3076  MMCSS - ok
15:00:54.0814 3076  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:00:54.0872 3076  Modem - ok
15:00:54.0971 3076  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:00:55.0007 3076  monitor - ok
15:00:55.0057 3076  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:00:55.0074 3076  mouclass - ok
15:00:55.0128 3076  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
15:00:55.0175 3076  mouhid - ok
15:00:55.0230 3076  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:00:55.0268 3076  mountmgr - ok
15:00:55.0311 3076  [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:00:55.0327 3076  MozillaMaintenance - ok
15:00:55.0390 3076  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:00:55.0456 3076  mpio - ok
15:00:55.0511 3076  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:00:55.0552 3076  mpsdrv - ok
15:00:55.0616 3076  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:00:55.0715 3076  MpsSvc - ok
15:00:55.0755 3076  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:00:55.0799 3076  MRxDAV - ok
15:00:55.0878 3076  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:56.0149 3076  mrxsmb - ok
15:00:56.0254 3076  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:56.0341 3076  mrxsmb10 - ok
15:00:56.0393 3076  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:56.0508 3076  mrxsmb20 - ok
15:00:56.0536 3076  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:00:56.0557 3076  msahci - ok
15:00:56.0597 3076  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:00:56.0616 3076  msdsm - ok
15:00:56.0652 3076  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:00:56.0705 3076  MSDTC - ok
15:00:56.0768 3076  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:00:56.0810 3076  Msfs - ok
15:00:56.0872 3076  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:00:56.0939 3076  mshidkmdf - ok
15:00:56.0943 3076  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:00:56.0959 3076  msisadrv - ok
15:00:57.0013 3076  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:00:57.0078 3076  MSiSCSI - ok
15:00:57.0083 3076  msiserver - ok
15:00:57.0120 3076  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:00:57.0206 3076  MSKSSRV - ok
15:00:57.0227 3076  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:57.0293 3076  MSPCLOCK - ok
15:00:57.0331 3076  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:00:57.0409 3076  MSPQM - ok
15:00:57.0466 3076  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:00:57.0513 3076  MsRPC - ok
15:00:57.0525 3076  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:00:57.0633 3076  mssmbios - ok
15:00:57.0893 3076  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:00:58.0005 3076  MSTEE - ok
15:00:58.0041 3076  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:00:58.0095 3076  MTConfig - ok
15:00:58.0115 3076  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:00:58.0132 3076  Mup - ok
15:00:58.0220 3076  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:00:58.0311 3076  napagent - ok
15:00:58.0552 3076  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:00:58.0604 3076  NativeWifiP - ok
15:00:58.0884 3076  [ 702E07EC32F96ACDB873E9A5465D4401 ] NAVENG          C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131015.020\ENG64.SYS
15:00:58.0918 3076  NAVENG - ok
15:00:59.0183 3076  [ 302EA314A1AF0D7CEF0A3D0195F79561 ] NAVEX15         C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131015.020\EX64.SYS
15:00:59.0297 3076  NAVEX15 - ok
15:00:59.0515 3076  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:00:59.0592 3076  NDIS - ok
15:00:59.0627 3076  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:01:00.0023 3076  NdisCap - ok
15:01:00.0161 3076  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:01:00.0213 3076  NdisTapi - ok
15:01:00.0257 3076  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:01:00.0351 3076  Ndisuio - ok
15:01:00.0452 3076  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:01:00.0596 3076  NdisWan - ok
15:01:00.0645 3076  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:01:00.0687 3076  NDProxy - ok
15:01:00.0874 3076  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:01:00.0978 3076  NetBIOS - ok
15:01:00.0996 3076  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:01:01.0040 3076  NetBT - ok
15:01:01.0084 3076  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:01:01.0098 3076  Netlogon - ok
15:01:01.0192 3076  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:01:01.0270 3076  Netman - ok
15:01:01.0613 3076  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:01:01.0647 3076  NetMsmqActivator - ok
15:01:01.0774 3076  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:01:01.0805 3076  NetPipeActivator - ok
15:01:01.0902 3076  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:01:01.0964 3076  netprofm - ok
15:01:02.0012 3076  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:01:02.0025 3076  NetTcpActivator - ok
15:01:02.0056 3076  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:01:02.0070 3076  NetTcpPortSharing - ok
15:01:02.0137 3076  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:01:02.0169 3076  nfrd960 - ok
15:01:02.0788 3076  [ C87442B6D17912785DC143CEDCA508C9 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
15:01:02.0825 3076  NIS - ok
15:01:02.0884 3076  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:01:03.0053 3076  NlaSvc - ok
15:01:03.0093 3076  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:01:03.0138 3076  Npfs - ok
15:01:03.0301 3076  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:01:03.0436 3076  nsi - ok
15:01:03.0456 3076  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:01:03.0538 3076  nsiproxy - ok
15:01:04.0058 3076  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:01:04.0376 3076  Ntfs - ok
15:01:04.0417 3076  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:01:04.0457 3076  Null - ok
15:01:04.0887 3076  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
15:01:04.0945 3076  NVENETFD - ok
15:01:05.0004 3076  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:01:05.0048 3076  nvraid - ok
15:01:05.0079 3076  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:01:05.0108 3076  nvstor - ok
15:01:05.0156 3076  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:01:05.0186 3076  nv_agp - ok
15:01:05.0227 3076  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:01:05.0250 3076  ohci1394 - ok
15:01:05.0355 3076  [ B9C125314A025127FE562C116D614AA3 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:01:05.0398 3076  ose64 - ok
15:01:06.0295 3076  [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:01:06.0495 3076  osppsvc - ok
15:01:06.0557 3076  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:01:06.0579 3076  p2pimsvc - ok
15:01:06.0623 3076  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:01:06.0756 3076  p2psvc - ok
15:01:06.0823 3076  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
15:01:06.0857 3076  Parport - ok
15:01:06.0915 3076  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:01:06.0941 3076  partmgr - ok
15:01:07.0021 3076  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:01:07.0087 3076  PcaSvc - ok
15:01:07.0139 3076  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:01:08.0005 3076  pci - ok
15:01:08.0364 3076  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:01:08.0414 3076  pciide - ok
15:01:08.0625 3076  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:01:08.0671 3076  pcmcia - ok
15:01:08.0822 3076  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:01:08.0839 3076  pcw - ok
15:01:09.0084 3076  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:01:09.0158 3076  PEAUTH - ok
15:01:10.0226 3076  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:01:10.0314 3076  PerfHost - ok
15:01:10.0744 3076  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:01:10.0875 3076  pla - ok
15:01:11.0041 3076  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:01:11.0153 3076  PlugPlay - ok
15:01:11.0239 3076  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:01:11.0330 3076  PNRPAutoReg - ok
15:01:11.0369 3076  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:01:11.0394 3076  PNRPsvc - ok
15:01:11.0546 3076  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:01:11.0678 3076  PolicyAgent - ok
15:01:11.0780 3076  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:01:11.0891 3076  Power - ok
15:01:11.0954 3076  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:01:12.0019 3076  PptpMiniport - ok
15:01:12.0058 3076  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:01:12.0117 3076  Processor - ok
15:01:12.0399 3076  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:01:12.0572 3076  ProfSvc - ok
15:01:12.0641 3076  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:01:13.0341 3076  ProtectedStorage - ok
15:01:13.0588 3076  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:01:13.0688 3076  Psched - ok
15:01:14.0246 3076  [ DD3FD48D69F5FBBB21D46D1514C1C2DB ] PSI             C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
15:01:14.0276 3076  PSI - ok
15:01:14.0443 3076  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:01:14.0630 3076  ql2300 - ok
15:01:14.0869 3076  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:01:14.0925 3076  ql40xx - ok
15:01:14.0995 3076  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:01:15.0037 3076  QWAVE - ok
15:01:15.0057 3076  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:01:15.0105 3076  QWAVEdrv - ok
15:01:15.0157 3076  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:01:15.0249 3076  RasAcd - ok
15:01:15.0461 3076  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:01:15.0518 3076  RasAgileVpn - ok
15:01:15.0559 3076  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:01:15.0673 3076  RasAuto - ok
15:01:15.0838 3076  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:01:15.0900 3076  Rasl2tp - ok
15:01:15.0980 3076  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:01:16.0063 3076  RasMan - ok
15:01:16.0109 3076  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:01:16.0210 3076  RasPppoe - ok
15:01:16.0241 3076  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:01:16.0304 3076  RasSstp - ok
15:01:16.0353 3076  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:01:16.0450 3076  rdbss - ok
15:01:16.0483 3076  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:01:16.0522 3076  rdpbus - ok
15:01:16.0599 3076  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:01:16.0671 3076  RDPCDD - ok
15:01:16.0794 3076  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:01:16.0877 3076  RDPENCDD - ok
15:01:16.0892 3076  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:01:16.0931 3076  RDPREFMP - ok
15:01:17.0013 3076  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:01:17.0110 3076  RdpVideoMiniport - ok
15:01:17.0147 3076  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:01:17.0223 3076  RDPWD - ok
15:01:17.0306 3076  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:01:17.0342 3076  rdyboost - ok
15:01:17.0369 3076  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:01:17.0423 3076  RemoteAccess - ok
15:01:17.0472 3076  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:01:17.0565 3076  RemoteRegistry - ok
15:01:17.0660 3076  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:01:17.0744 3076  RFCOMM - ok
15:01:17.0801 3076  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:01:17.0863 3076  RpcEptMapper - ok
15:01:18.0005 3076  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:01:18.0049 3076  RpcLocator - ok
15:01:18.0141 3076  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
15:01:18.0212 3076  RpcSs - ok
15:01:18.0277 3076  [ 57D7B7CB015A7BE60C05A13F1B9C6AD0 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
15:01:18.0314 3076  RSPCIESTOR - ok
15:01:18.0359 3076  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:01:18.0413 3076  rspndr - ok
15:01:18.0497 3076  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:01:18.0560 3076  RTL8167 - ok
15:01:18.0596 3076  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:01:18.0628 3076  SamSs - ok
15:01:18.0891 3076  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:01:18.0923 3076  SASDIFSV - ok
15:01:18.0950 3076  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:01:18.0964 3076  SASKUTIL - ok
15:01:18.0984 3076  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:01:19.0026 3076  sbp2port - ok
15:01:19.0060 3076  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:01:19.0128 3076  SCardSvr - ok
15:01:19.0133 3076  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:01:19.0186 3076  scfilter - ok
15:01:19.0481 3076  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:01:19.0662 3076  Schedule - ok
15:01:19.0739 3076  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:01:19.0792 3076  SCPolicySvc - ok
15:01:20.0036 3076  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
15:01:20.0220 3076  sdbus - ok
15:01:20.0317 3076  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:01:20.0442 3076  SDRSVC - ok
15:01:20.0558 3076  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:01:20.0682 3076  secdrv - ok
15:01:20.0841 3076  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:01:20.0900 3076  seclogon - ok
15:01:21.0180 3076  [ 05E383849FA1FBBBC160612B0080618C ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
15:01:21.0277 3076  Secunia PSI Agent - ok
15:01:21.0515 3076  [ F8173F1454F21C451439CB47EF75830A ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
15:01:21.0560 3076  Secunia Update Agent - ok
15:01:21.0589 3076  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
15:01:21.0671 3076  SENS - ok
15:01:21.0825 3076  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:01:21.0995 3076  SensrSvc - ok
15:01:22.0080 3076  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:01:22.0127 3076  Serenum - ok
15:01:22.0220 3076  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
15:01:22.0274 3076  Serial - ok
15:01:22.0338 3076  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:01:22.0382 3076  sermouse - ok
15:01:22.0437 3076  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:01:22.0609 3076  SessionEnv - ok
15:01:22.0694 3076  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:01:22.0757 3076  sffdisk - ok
15:01:22.0801 3076  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:01:22.0870 3076  sffp_mmc - ok
15:01:22.0918 3076  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:01:23.0015 3076  sffp_sd - ok
15:01:23.0040 3076  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:01:23.0112 3076  sfloppy - ok
15:01:23.0206 3076  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:01:23.0315 3076  SharedAccess - ok
15:01:23.0407 3076  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:01:23.0556 3076  ShellHWDetection - ok
15:01:23.0641 3076  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:01:23.0677 3076  SiSRaid2 - ok
15:01:23.0685 3076  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:01:23.0704 3076  SiSRaid4 - ok
15:01:23.0733 3076  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:01:23.0809 3076  Smb - ok
15:01:23.0855 3076  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:01:23.0960 3076  SNMPTRAP - ok
15:01:24.0013 3076  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:01:24.0058 3076  spldr - ok
15:01:24.0102 3076  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:01:24.0130 3076  Spooler - ok
15:01:24.0440 3076  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:01:24.0648 3076  sppsvc - ok
15:01:24.0671 3076  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:01:24.0726 3076  sppuinotify - ok
15:01:24.0955 3076  [ 8BFD1752AAA15BF47D668E9AC5AF96FB ] SRTSP           C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS
15:01:25.0019 3076  SRTSP - ok
15:01:25.0073 3076  [ B18CE01B9C09C59422BA7C7064248B35 ] SRTSPX          C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS
15:01:25.0098 3076  SRTSPX - ok
15:01:25.0227 3076  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:01:25.0276 3076  srv - ok
15:01:25.0338 3076  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:01:25.0421 3076  srv2 - ok
15:01:25.0506 3076  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:01:25.0569 3076  SrvHsfHDA - ok
15:01:25.0671 3076  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:01:25.0854 3076  SrvHsfV92 - ok
15:01:26.0033 3076  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:01:26.0103 3076  SrvHsfWinac - ok
15:01:26.0154 3076  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:01:26.0236 3076  srvnet - ok
15:01:26.0391 3076  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:01:26.0577 3076  SSDPSRV - ok
15:01:26.0640 3076  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:01:26.0732 3076  SstpSvc - ok
15:01:26.0799 3076  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:01:27.0087 3076  stexstor - ok
15:01:27.0287 3076  [ 3AD0ED8B19CD76D2254DE5FB298E3C26 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
15:01:27.0386 3076  STHDA - ok
15:01:27.0455 3076  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:01:27.0489 3076  stisvc - ok
15:01:27.0534 3076  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:01:27.0574 3076  swenum - ok
15:01:27.0681 3076  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:01:27.0791 3076  swprv - ok
15:01:27.0885 3076  [ 5C9EE2303CA7F267665D75237862B39C ] SymDS           C:\Windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS
15:01:27.0941 3076  SymDS - ok
15:01:28.0103 3076  [ 08AF51153E441687130B759A8F6892ED ] SymEFA          C:\Windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS
15:01:28.0242 3076  SymEFA - ok
15:01:28.0377 3076  [ 97E11C50CE52277B377396EA8838E539 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:01:28.0415 3076  SymEvent - ok
15:01:28.0520 3076  [ 6DE89F4CDF0B31A5BAF2855F9D80F8BA ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
15:01:28.0560 3076  SymIM - ok
15:01:28.0613 3076  [ 48C2934683CBD06F662B088EEF49EF6A ] SymIRON         C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS
15:01:28.0661 3076  SymIRON - ok
15:01:28.0716 3076  [ 78A2F073AD9EA5EBC04A70931EA36C9A ] SymNetS         C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS
15:01:28.0772 3076  SymNetS - ok
15:01:28.0915 3076  [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:01:28.0956 3076  SynTP - ok
15:01:29.0086 3076  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:01:29.0197 3076  SysMain - ok
15:01:29.0234 3076  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:01:29.0353 3076  TabletInputService - ok
15:01:29.0477 3076  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:01:29.0608 3076  TapiSrv - ok
15:01:29.0666 3076  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:01:29.0710 3076  TBS - ok
15:01:30.0059 3076  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:01:30.0264 3076  Tcpip - ok
15:01:30.0758 3076  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:01:30.0812 3076  TCPIP6 - ok
15:01:30.0909 3076  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:01:30.0950 3076  tcpipreg - ok
15:01:31.0041 3076  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:01:31.0131 3076  TDPIPE - ok
15:01:31.0160 3076  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:01:31.0224 3076  TDTCP - ok
15:01:31.0302 3076  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:01:31.0468 3076  tdx - ok
15:01:31.0506 3076  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:01:31.0524 3076  TermDD - ok
15:01:31.0627 3076  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:01:31.0692 3076  TermService - ok
15:01:31.0722 3076  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:01:31.0745 3076  Themes - ok
15:01:31.0793 3076  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:01:31.0833 3076  THREADORDER - ok
15:01:31.0918 3076  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:01:32.0003 3076  TrkWks - ok
15:01:32.0141 3076  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:01:32.0198 3076  TrustedInstaller - ok
15:01:32.0234 3076  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:01:32.0450 3076  tssecsrv - ok
15:01:32.0505 3076  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:01:32.0677 3076  TsUsbFlt - ok
15:01:32.0725 3076  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:01:32.0749 3076  TsUsbGD - ok
15:01:32.0994 3076  [ 414363CE7DC780CEE5C5216F74576934 ] TTM57SLUsb      C:\Windows\system32\Drivers\TTM57SLUsb.sys
15:01:33.0056 3076  TTM57SLUsb - ok
15:01:33.0196 3076  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:01:33.0399 3076  tunnel - ok
15:01:33.0452 3076  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:01:33.0509 3076  uagp35 - ok
15:01:33.0652 3076  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:01:33.0813 3076  udfs - ok
15:01:33.0869 3076  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:01:33.0903 3076  UI0Detect - ok
15:01:33.0949 3076  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:01:33.0971 3076  uliagpkx - ok
15:01:33.0992 3076  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:01:34.0057 3076  umbus - ok
15:01:34.0161 3076  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:01:34.0206 3076  UmPass - ok
15:01:34.0257 3076  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:01:34.0324 3076  upnphost - ok
15:01:34.0453 3076  [ B0435098C81D04CAFFF80DDB746CD3A2 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:01:34.0538 3076  usbaudio - ok
15:01:34.0583 3076  [ ACCEA6BC68D0C9A78EB97EE159028B4E ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:01:34.0629 3076  usbccgp - ok
15:01:34.0658 3076  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:01:34.0743 3076  usbcir - ok
15:01:34.0761 3076  [ 311C1DD1088E55BEAE15954D17F50646 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:01:34.0811 3076  usbehci - ok
15:01:34.0942 3076  [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
15:01:34.0981 3076  usbfilter - ok
15:01:35.0120 3076  [ 280E90CBF4B2DDD169F0728CB44D726F ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:01:35.0176 3076  usbhub - ok
15:01:35.0203 3076  [ 9406D801042FAF859CF81B2C886413DC ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:01:35.0236 3076  usbohci - ok
15:01:35.0274 3076  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:01:35.0337 3076  usbprint - ok
15:01:35.0376 3076  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:01:35.0469 3076  USBSTOR - ok
15:01:35.0544 3076  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:01:35.0579 3076  usbuhci - ok
15:01:35.0633 3076  [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:01:35.0660 3076  usbvideo - ok
15:01:35.0694 3076  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:01:35.0753 3076  UxSms - ok
15:01:35.0775 3076  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:01:35.0790 3076  VaultSvc - ok
15:01:35.0825 3076  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:01:35.0842 3076  vdrvroot - ok
15:01:35.0917 3076  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:01:36.0019 3076  vds - ok
15:01:36.0093 3076  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:01:36.0136 3076  vga - ok
15:01:36.0146 3076  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:01:36.0201 3076  VgaSave - ok
15:01:36.0221 3076  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:01:36.0242 3076  vhdmp - ok
15:01:36.0274 3076  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:01:36.0298 3076  viaide - ok
15:01:36.0325 3076  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:01:36.0355 3076  volmgr - ok
15:01:36.0379 3076  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:01:36.0401 3076  volmgrx - ok
15:01:36.0452 3076  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:01:36.0485 3076  volsnap - ok
15:01:36.0531 3076  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:01:36.0549 3076  vsmraid - ok
15:01:36.0687 3076  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:01:36.0853 3076  VSS - ok
15:01:36.0873 3076  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:01:36.0908 3076  vwifibus - ok
15:01:36.0941 3076  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:01:37.0000 3076  vwififlt - ok
15:01:37.0073 3076  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:01:37.0139 3076  W32Time - ok
15:01:37.0152 3076  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:01:37.0187 3076  WacomPen - ok
15:01:37.0243 3076  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:01:37.0335 3076  WANARP - ok
15:01:37.0365 3076  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:01:37.0404 3076  Wanarpv6 - ok
15:01:37.0543 3076  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:01:37.0601 3076  WatAdminSvc - ok
15:01:37.0671 3076  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:01:37.0796 3076  wbengine - ok
15:01:37.0838 3076  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:01:37.0864 3076  WbioSrvc - ok
15:01:37.0885 3076  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:01:37.0929 3076  wcncsvc - ok
15:01:37.0951 3076  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:01:37.0974 3076  WcsPlugInService - ok
15:01:38.0000 3076  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:01:38.0021 3076  Wd - ok
15:01:38.0092 3076  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:01:38.0226 3076  Wdf01000 - ok
15:01:38.0254 3076  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:01:38.0540 3076  WdiServiceHost - ok
15:01:38.0566 3076  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:01:38.0592 3076  WdiSystemHost - ok
15:01:38.0647 3076  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
15:01:38.0678 3076  WebClient - ok
15:01:38.0770 3076  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:01:38.0857 3076  Wecsvc - ok
15:01:38.0890 3076  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:01:38.0932 3076  wercplsupport - ok
15:01:38.0986 3076  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:01:39.0027 3076  WerSvc - ok
15:01:39.0141 3076  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:01:39.0212 3076  WfpLwf - ok
15:01:39.0262 3076  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:01:39.0297 3076  WIMMount - ok
15:01:39.0325 3076  WinDefend - ok
15:01:39.0349 3076  WinHttpAutoProxySvc - ok
15:01:39.0479 3076  [ BC67C1E4B36063968E54C3B2E4DB8978 ] WinisoCDBus     C:\Windows\system32\drivers\WinisoCDBus.sys
15:01:39.0512 3076  WinisoCDBus - ok
15:01:39.0585 3076  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:01:39.0653 3076  Winmgmt - ok
15:01:39.0800 3076  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:01:39.0940 3076  WinRM - ok
15:01:40.0037 3076  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
15:01:40.0067 3076  WinUsb - ok
15:01:40.0110 3076  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:01:40.0157 3076  Wlansvc - ok
15:01:40.0186 3076  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:01:40.0226 3076  WmiAcpi - ok
15:01:40.0277 3076  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:01:40.0320 3076  wmiApSrv - ok
15:01:40.0350 3076  WMPNetworkSvc - ok
15:01:40.0393 3076  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:01:40.0487 3076  WPCSvc - ok
15:01:40.0507 3076  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:01:40.0566 3076  WPDBusEnum - ok
15:01:40.0610 3076  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:01:40.0665 3076  ws2ifsl - ok
15:01:40.0721 3076  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
15:01:40.0772 3076  wscsvc - ok
15:01:40.0822 3076  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:01:40.0841 3076  WSDPrintDevice - ok
15:01:40.0845 3076  WSearch - ok
15:01:41.0025 3076  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:01:41.0133 3076  wuauserv - ok
15:01:41.0193 3076  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:01:41.0249 3076  WudfPf - ok
15:01:41.0284 3076  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:01:41.0325 3076  WUDFRd - ok
15:01:41.0358 3076  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:01:41.0405 3076  wudfsvc - ok
15:01:41.0442 3076  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:01:41.0531 3076  WwanSvc - ok
15:01:41.0559 3076  ================ Scan global ===============================
15:01:41.0594 3076  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:01:41.0646 3076  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
15:01:41.0674 3076  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
15:01:41.0706 3076  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:01:41.0735 3076  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:01:41.0752 3076  [Global] - ok
15:01:41.0753 3076  ================ Scan MBR ==================================
15:01:41.0766 3076  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:01:43.0222 3076  \Device\Harddisk0\DR0 - ok
15:01:43.0222 3076  ================ Scan VBR ==================================
15:01:43.0253 3076  [ 7DBB4C7A6374C7C413E72BDC666EDA7F ] \Device\Harddisk0\DR0\Partition1
15:01:43.0255 3076  \Device\Harddisk0\DR0\Partition1 - ok
15:01:43.0270 3076  [ 6765872C3CD61A07EB75210C02DDC603 ] \Device\Harddisk0\DR0\Partition2
15:01:43.0272 3076  \Device\Harddisk0\DR0\Partition2 - ok
15:01:43.0303 3076  [ C2BA637957E267B2D109A77A95FA4E0B ] \Device\Harddisk0\DR0\Partition3
15:01:43.0344 3076  \Device\Harddisk0\DR0\Partition3 - ok
15:01:43.0344 3076  ============================================================
15:01:43.0344 3076  Scan finished
15:01:43.0344 3076  ============================================================
15:01:43.0356 3596  Detected object count: 0
15:01:43.0356 3596  Actual detected object count: 0


#9 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 AM

Posted 16 October 2013 - 12:09 AM

I can't run the aswMBR? It opens up, but all the buttons are greyed out, except for 'save log' and 'exit'?



#10 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 AM

Posted 16 October 2013 - 12:20 AM

I got it to run, it just had to download Avast definitions.
 
But, half-way through this popped up from Norton?
 
Filename: unp152827218.tmp
Threat name: Trojan.Gen.2
Full Path: c:\users\nick\appdata\local\temp\_avast4_\unp152827218.tmp
 
____________________________
 
 
 
Details
Unknown Community Usage,  Unknown Age,  Risk High
 
 
 
 
 
Origin
Downloaded from
 Unknown
 
 
 
 
 
Activity
Actions performed: Actions performed: 1
 
 
 
____________________________
 
 
 
On computers as of 
16/10/2013 at 3:17:34 PM
 
 
Last Used 
16/10/2013 at 3:17:34 PM
 
 
Startup Item 
No
 
 
Launched 
No
 
 
____________________________
 
 
Unknown
It is unknown how many users in the Norton Community have used this file.
 
Unknown
This file release is currently not known.
 
High
This file risk is high.
 
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
 
 
 
____________________________
 
 
 
Source: External Media
 
 
 
____________________________
 
File Actions
 
File: c:\users\nick\appdata\local\temp\_avast4_\ unp152827218.tmp Blocked
____________________________
 
 
File Thumbprint - SHA:
04c807a78c94516ac7ff7e2e77f405f5819561d7d0d1da9fd2e12f7701e07fb5
File Thumbprint - MD5:
Not available


#11 iswearimnotparanoid

iswearimnotparanoid
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 AM

Posted 16 October 2013 - 12:56 AM

aswMBR log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-16 15:08:31
-----------------------------
15:08:31.537    OS Version: Windows x64 6.1.7601 Service Pack 1
15:08:31.538    Number of processors: 4 586 0x100
15:08:31.538    ComputerName: NICK-HP  UserName: Nick
15:08:34.914    Initialize success
15:12:01.625    AVAST engine defs: 13101501
15:15:17.746    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006e
15:15:17.750    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 11
15:15:18.331    Disk 0 MBR read successfully
15:15:18.334    Disk 0 MBR scan
15:15:18.419    Disk 0 Windows 7 default MBR code
15:15:18.447    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
15:15:18.464    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       700547 MB offset 409600
15:15:18.497    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        14554 MB offset 1435129856
15:15:18.701    Disk 0 scanning C:\Windows\system32\drivers
15:15:42.752    Service scanning
15:15:57.683    Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys **LOCKED** 5
15:16:08.431    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
15:16:09.494    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
15:16:17.405    Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131014.001\IDSvia64.sys **LOCKED** 5
15:16:28.275    Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131015.020\ENG64.SYS **LOCKED** 5
15:16:28.697    Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20131015.020\EX64.SYS **LOCKED** 5
15:17:09.376    Modules scanning
15:17:09.383    Disk 0 trace - called modules:
15:17:09.401    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
15:17:09.408    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800753c060]
15:17:09.413    3 CLASSPNP.SYS[fffff88001b1643f] -> nt!IofCallDriver -> [0xfffffa800737eb10]
15:17:09.419    5 hpdskflt.sys[fffff88001abd189] -> nt!IofCallDriver -> [0xfffffa8007271040]
15:17:09.426    7 amd_xata.sys[fffff8800107f8f7] -> nt!IofCallDriver -> \Device\0000006e[0xfffffa800727a060]
15:17:14.042    AVAST engine scan C:\Windows
15:18:41.393    AVAST engine scan C:\Windows\system32
15:24:49.820    AVAST engine scan C:\Windows\system32\drivers
15:26:12.776    AVAST engine scan C:\Users\Nick
15:45:47.476    AVAST engine scan C:\ProgramData
15:54:09.464    Scan finished successfully
15:55:40.264    Disk 0 MBR has been saved successfully to "C:\Users\Nick\Desktop\MBR.dat"
15:55:40.270    The log file has been saved successfully to "C:\Users\Nick\Desktop\aswMBR.txt"


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:11 PM

Posted 16 October 2013 - 09:29 AM

Your logs are clean.

To reset some of the setting you can run this Window repair tool.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users