TechSpot

Google search result redirect virus

By Slizyboy
Sep 20, 2012
  1. Hey guys, I've been tackling this problem the last couple of days, and realized I'm way in over my head. Please, and thanks in advance, kindly help me out :) I'd rather not reinstall my system.

    mbam log:

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.20.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Andrew :: SHEPARD [administrator]

    9/19/2012 11:45:06 PM
    mbam-log-2012-09-19 (23-45-06).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 218662
    Time elapsed: 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    GMER:
    No output
    DDS.txt:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Andrew at 23:50:17 on 2012-09-19
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8165.5063 [GMT -7:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\UnHackMe\hackmon.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Microsoft Device Center\itype.exe
    C:\Program Files\Microsoft Device Center\ipoint.exe
    E:\Games\Steam\Steam.exe
    C:\Users\Andrew\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\GridRepublic\boinctray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\Andrew\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\notepad.exe
    C:\Windows\notepad.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\notepad.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Steam] "E:\Games\Steam\Steam.exe" -silent
    uRun: [F.lux] "C:\Users\Andrew\Local Settings\Apps\F.lux\flux.exe" /noshow
    uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    uRun: [Facebook Update] "C:\Users\Andrew\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [boincmgr] "C:\Program Files (x86)\GridRepublic\gridrepublic.exe" /a /s
    mRun: [boinctray] "C:\Program Files (x86)\GridRepublic\boinctray.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Andrew\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{4F74AB67-4866-4E6C-9891-19B9200E1AF7} : DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [boincmgr] "C:\Program Files (x86)\GridRepublic\gridrepublic.exe" /a /s
    mRun-x64: [boinctray] "C:\Program Files (x86)\GridRepublic\boinctray.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\t9zb8zqn.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Users\Andrew\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll
    FF - plugin: C:\Users\Andrew\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]
    R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-6-28 382312]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-8 138912]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
    R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-2 1258856]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-19 114144]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-10-21 130976]
    .
    =============== Created Last 30 ================
    .
    2012-09-20 06:44:2025928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-09-20 05:50:2839184----a-w-C:\Windows\SysWow64\Partizan.exe
    2012-09-20 05:50:2835816----a-w-C:\Windows\SysWow64\drivers\Partizan.sys
    2012-09-20 05:50:0312800----a-w-C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
    2012-09-19 17:17:53--------d-----w-C:\Users\Andrew\AppData\Roaming\f-secure
    2012-09-19 17:17:46--------d-----w-C:\ProgramData\F-Secure
    2012-09-19 08:47:0695208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-19 08:25:5439184----a-w-C:\Windows\System32\Partizan.exe
    2012-09-19 08:25:422--shatr-C:\Windows\winstart.bat
    2012-09-19 08:20:37--------d-----w-C:\$RECYCLE.BIN
    2012-09-19 08:16:59256000----a-w-C:\Windows\PEV.exe
    2012-09-19 08:16:59208896----a-w-C:\Windows\MBR.exe
    2012-09-19 07:45:01--------d-----w-C:\Device
    2012-09-19 07:38:0998816----a-w-C:\Windows\sed.exe
    2012-09-19 07:38:09518144----a-w-C:\Windows\SWREG.exe
    2012-09-19 07:37:45--------d-----w-C:\Belahzur
    2012-09-19 07:08:50--------d-----w-C:\ProgramData\RegRun
    2012-09-19 07:08:43--------d-----w-C:\Program Files (x86)\UnHackMe
    2012-09-19 07:05:11--------d-----w-C:\Users\Andrew\AppData\Roaming\Malwarebytes
    2012-09-19 07:05:05--------d-----w-C:\ProgramData\Malwarebytes
    2012-09-19 07:05:04--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-19 00:59:35--------d-----w-C:\Users\Andrew\AppData\Local\Package Cache
    2012-09-18 05:42:45--------d-----w-C:\Program Files (x86)\Common Files\Merge Modules
    2012-09-17 07:03:39--------d-----w-C:\Windows\System32\appmgmt
    2012-09-16 16:41:20--------d-----w-C:\Program Files\Debugging Tools for Windows (x64)
    2012-09-16 16:41:18--------d-----w-C:\Program Files (x86)\Application Verifier
    2012-09-16 16:41:17--------d-----w-C:\Program Files\Application Verifier (x64)
    2012-09-16 16:37:03--------d-----w-C:\Users\Andrew\AppData\Local\Microsoft Help
    2012-09-16 15:55:37--------d-----w-C:\Program Files\Microsoft Device Center
    2012-09-16 15:53:06--------d-----w-C:\ProgramData\VS
    2012-09-16 15:28:55--------d-----w-C:\Program Files\Microsoft Synchronization Services
    2012-09-16 15:28:55--------d-----w-C:\Program Files\Microsoft SQL Server Compact Edition
    2012-09-16 15:28:54--------d-----w-C:\Program Files (x86)\Microsoft Synchronization Services
    2012-09-16 15:28:54--------d-----w-C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-09-16 15:28:47112832----a-w-C:\ProgramData\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
    2012-09-16 15:28:13--------d-----w-C:\Program Files (x86)\Microsoft Visual Studio 10.0
    2012-09-16 15:27:59--------d-----w-C:\Program Files\Microsoft Visual Studio 10.0
    2012-09-16 15:27:58--------d-----w-C:\Program Files\Microsoft Help Viewer
    2012-09-16 06:46:07514560----a-w-C:\Windows\SysWow64\qdvd.dll
    2012-09-16 06:46:07366592----a-w-C:\Windows\System32\qdvd.dll
    2012-09-16 05:25:50950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-09-16 05:25:50574464----a-w-C:\Windows\System32\d3d10level9.dll
    2012-09-16 05:25:50490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
    2012-09-16 05:25:5041472----a-w-C:\Windows\System32\drivers\RNDISMP.sys
    2012-09-16 05:25:49376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-09-16 05:25:49288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-09-16 05:25:491913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    .
    ==================== Find3M ====================
    .
    2012-09-19 08:47:03821736----a-w-C:\Windows\SysWow64\npdeployJava1.dll
    2012-09-19 08:47:03746984----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-09-06 16:20:28225328----a-w-C:\Windows\System32\drivers\wpshelper.sys
    2012-08-20 07:05:35426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-20 07:05:3470344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-18 18:15:063148800----a-w-C:\Windows\System32\win32k.sys
    2012-07-04 22:13:2759392----a-w-C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27136704----a-w-C:\Windows\System32\browser.dll
    2012-07-04 21:14:3441984----a-w-C:\Windows\SysWow64\browcli.dll
    2012-06-29 03:56:342312704----a-w-C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:111392128----a-w-C:\Windows\System32\wininet.dll
    2012-06-29 03:48:071494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:482382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-06-29 00:44:42428904----a-w-C:\Windows\SysWow64\nvStreaming.exe
    2012-06-29 00:16:581800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:011129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:591427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:452382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-06-28 23:56:152667062----a-w-C:\Windows\System32\nvcoproc.bin
    2012-06-28 23:55:573266408----a-w-C:\Windows\System32\nvsvc64.dll
    2012-06-28 23:55:466193000----a-w-C:\Windows\System32\nvcpl.dll
    2012-06-28 23:55:40118120----a-w-C:\Windows\System32\nvmctray.dll
    2012-06-28 23:55:39891240----a-w-C:\Windows\System32\nvvsvc.exe
    2012-06-28 23:55:3963336----a-w-C:\Windows\System32\nvshext.dll
    2012-06-27 04:38:3046176----a-w-C:\Windows\System32\drivers\point64.sys
    2012-06-25 05:24:4852320----a-w-C:\Windows\System32\drivers\dc3d.sys
    .
    ============= FINISH: 23:50:27.84 ===============

    Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/21/2011 11:12:17 PM
    System Uptime: 9/19/2012 11:23:38 PM (0 hours ago)
    .
    Motherboard: MSI | | Z68A-GD65 (MS-7681)
    Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz | SOCKET 0 | 3101/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 16.414 GiB free.
    D: is FIXED (NTFS) - 500 GiB total, 316.871 GiB free.
    E: is FIXED (NTFS) - 300 GiB total, 165.527 GiB free.
    F: is FIXED (NTFS) - 112 GiB total, 79.107 GiB free.
    H: is CDROM ()
    I: is CDROM ()
    J: is CDROM ()
    K: is CDROM ()
    L: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP121: 9/19/2012 1:12:08 AM - Removed Java(TM) 6 Update 35
    RP122: 9/19/2012 1:12:32 AM - Removed Java(TM) 7 Update 1 (64-bit)
    RP123: 9/19/2012 1:27:45 AM - RegRun Virus Scan
    RP124: 9/19/2012 1:46:57 AM - Installed Java 7 Update 7
    RP125: 9/19/2012 1:48:55 AM - Manual!
    RP126: 9/19/2012 1:52:37 AM - Windows Update
    RP127: 9/19/2012 11:03:48 PM - RegRun Virus Scan
    RP128: 9/19/2012 11:18:47 PM - RegRun Virus Scan
    RP129: 9/19/2012 11:24:34 PM - RegRun Virus Scan
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1)
    Auslogics Disk Defrag
    Bastion
    Bitcoin
    Combined Community Codec Pack 2011-07-30
    ControlCenter
    Deus Ex: Human Revolution
    Diablo II
    Diablo III
    Dropbox
    Dungeon Defenders
    EVE Online (remove only)
    F.lux
    Facebook Messenger 2.1.4631.0
    Facebook Video Calling 1.2.0.159
    Futuremark SystemInfo
    GIMP 2.6.11
    Google Chrome
    Gratuitous Space Battles Demo
    GridRepublic
    Hotfix for Microsoft Document Explorer 2008 (KB953196)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    Java 7 Update 7
    Java Auto Updater
    Krater
    League of Legends
    Legend of Grimrock
    LiveUpdate 3.3 (Symantec Corporation)
    Magicka
    Malwarebytes Anti-Malware version 1.65.0.1400
    marvell 91xx driver
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Document Explorer 2008
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 Express - ENU
    Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Morrowind AnimKit 2.1 (remove only)
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSI Afterburner 2.2.3
    MSI Kombustor 2.3.0
    Notepad++
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OpenTTD 1.1.5
    Pando Media Booster
    Portal 2
    Rage
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype Click to Call
    Skype™ 5.10
    StarCraft II
    Steam
    StreetSmart Edge
    Terraria
    The Elder Scrolls V: Skyrim
    The Witcher: Enhanced Edition
    Torchlight
    Trine
    UnHackMe 5.99 release
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Windows SDK Intellidocs
    Windows SDK IntellisenseNFX
    ZipGenius 6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/19/2012 7:40:12 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    9/19/2012 7:40:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/19/2012 7:40:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/19/2012 7:40:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    9/19/2012 7:40:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/19/2012 7:40:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/19/2012 7:40:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/19/2012 7:39:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tdx VBoxDrv VBoxUSBMon Wanarpv6 WfpLwf WPS ws2ifsl
    9/19/2012 7:39:29 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/19/2012 7:39:29 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/19/2012 7:39:29 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    9/19/2012 7:39:29 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/19/2012 7:39:29 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/19/2012 7:39:29 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    9/19/2012 7:39:29 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/19/2012 7:39:29 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/19/2012 7:39:29 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/19/2012 7:39:29 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/19/2012 7:39:29 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/19/2012 12:59:00 AM, Error: Application Popup [1060] - \??\C:\Belahzur19834B\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    9/19/2012 12:46:59 AM, Error: Application Popup [1060] - \??\C:\Users\Andrew\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    9/19/2012 12:46:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vkquwexg
    9/19/2012 12:45:14 AM, Error: Application Popup [1060] - \??\C:\Users\Andrew\AppData\Local\Temp\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    9/19/2012 12:38:58 AM, Error: Application Popup [1060] - \??\C:\Belahzur\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    9/19/2012 11:26:03 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    9/19/2012 11:26:03 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    9/19/2012 11:23:39 PM, Error: Application Popup [56] - Driver PCI returned invalid ID for a child device (FFFFFFFFFFFFFFFF00).
    9/19/2012 10:17:57 AM, Error: Application Popup [1060] - \??\C:\Users\Andrew\AppData\Local\Temp\OnlineScanner\Anti-Virus has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    9/19/2012 1:20:32 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
    9/19/2012 1:19:31 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    9/19/2012 1:19:18 AM, Error: Application Popup [1060] - \??\C:\Belahzur32307B\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    9/19/2012 1:16:52 AM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
    9/19/2012 1:11:22 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    9/19/2012 1:08:45 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    9/19/2012 1:08:12 AM, Error: Service Control Manager [7003] - The IP Helper service depends the following service: winmgmt. This service might not be installed.
    9/19/2012 1:08:12 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: winmgmt. This service might not be installed.
    9/19/2012 1:02:16 AM, Error: Service Control Manager [7003] - The Security Center service depends the following service: winmgmt. This service might not be installed.
    9/15/2012 11:46:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f020b: Microsoft - Other hardware - Microsoft Hardware USB Mouse.
    9/15/2012 11:46:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f020b: Microsoft - Other hardware - Microsoft Hardware USB Keyboard.
    9/15/2012 10:42:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    9/15/2012 10:42:28 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  2. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    Again, thanks for your help. I've seen at least one other thread dealing with this issue, so this might be getting repetitive for some of you, but I appreciate the effort it takes to dig through these logs.
     
  3. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    Some further background info:

    Symantec corporate AV didn't find anything, but at the beginning of the week it *did* quarantine some .dll files that appeared inside of my print-to-pdf printer, CutePDF. I thought nothing of it and deleted the files. When I started experiencing the issue, I tried a variety of things to dig into it, before deciding it was just a malicious Firefox extension (I had not noticed it happening in Chrome, but then it did). UnhackMe's startup scanning was finding a randomly named .sys file in System32/drivers, which would change names each time I rebooted. It also claimed to be worried about a file called wbamess.dll, but again, that file does not exist (it also stated I needed to pay to download an offline removal tool to fix it). I also tried booting an Ubuntu LiveCD and doing a full drive scan with ClamAV, but again, nothing was detected. At this point I gave up and I've home here for help :)
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  5. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    Hi DragonMaster Jay, I'll be able to do this when I get home from work this afternoon, in about 8 hours. See you then!
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Okie dokie. See you...
     
  7. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    ComboFix log:

    ComboFix 12-09-20.02 - Andrew 09/20/2012 18:48:21.2.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8165.5965 [GMT -7:00]
    Running from: c:\users\Andrew\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-20 06:44 . 2012-09-08 00:0425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-19 17:17 . 2012-09-19 17:17--------d-----w-c:\users\Andrew\AppData\Roaming\f-secure
    2012-09-19 17:17 . 2012-09-19 17:17--------d-----w-c:\programdata\F-Secure
    2012-09-19 08:47 . 2012-09-19 08:47--------d-----w-c:\program files (x86)\Common Files\Java
    2012-09-19 08:47 . 2012-09-19 08:4795208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-19 08:47 . 2012-09-19 08:47--------d-----w-c:\program files (x86)\Java
    2012-09-19 08:45 . 2012-09-19 08:45--------d-----w-c:\program files (x86)\Mozilla Maintenance Service
    2012-09-19 08:25 . 2012-09-19 08:2539184----a-w-c:\windows\system32\Partizan.exe
    2012-09-19 08:25 . 2012-09-20 05:502--shatr-c:\windows\winstart.bat
    2012-09-19 07:45 . 2012-09-19 07:45--------d-----w-C:\Device
    2012-09-19 07:37 . 2012-09-19 08:10--------d-----w-C:\Belahzur
    2012-09-19 07:08 . 2012-09-20 13:55--------d-----w-c:\programdata\RegRun
    2012-09-19 07:08 . 2012-09-20 13:56--------d-----w-c:\program files (x86)\UnHackMe
    2012-09-19 07:05 . 2012-09-19 07:05--------d-----w-c:\users\Andrew\AppData\Roaming\Malwarebytes
    2012-09-19 07:05 . 2012-09-19 07:05--------d-----w-c:\programdata\Malwarebytes
    2012-09-19 07:05 . 2012-09-20 06:44--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-19 00:59 . 2012-09-19 08:10--------d-----w-c:\users\Andrew\AppData\Local\Package Cache
    2012-09-18 05:42 . 2012-09-18 05:42--------d-----w-c:\program files (x86)\Microsoft SDKs
    2012-09-18 05:42 . 2012-09-18 05:42--------d-----w-c:\program files (x86)\Common Files\Merge Modules
    2012-09-17 07:03 . 2012-09-17 07:03--------d-----w-c:\windows\system32\appmgmt
    2012-09-16 16:41 . 2012-09-16 16:41--------d-----w-c:\program files\Debugging Tools for Windows (x64)
    2012-09-16 16:41 . 2012-09-16 16:41--------d-----w-c:\program files (x86)\Application Verifier
    2012-09-16 16:41 . 2012-09-16 16:41--------d-----w-c:\program files\Application Verifier (x64)
    2012-09-16 16:40 . 2012-09-16 16:40--------d-----w-c:\program files (x86)\Microsoft Visual Studio 9.0
    2012-09-16 16:37 . 2012-09-16 16:37--------d-----w-c:\users\Andrew\AppData\Local\Microsoft Help
    2012-09-16 16:37 . 2012-09-16 16:40--------d-----w-c:\programdata\Microsoft Help
    2012-09-16 16:37 . 2012-09-16 16:37--------d-----w-c:\program files\Microsoft SDKs
    2012-09-16 15:55 . 2012-09-16 15:55--------d-----w-c:\program files\Microsoft Device Center
    2012-09-16 15:53 . 2012-09-16 15:53--------d-----w-c:\programdata\VS
    2012-09-16 15:28 . 2012-09-16 15:28--------d-----w-c:\program files\Microsoft Synchronization Services
    2012-09-16 15:28 . 2012-09-16 15:28--------d-----w-c:\program files\Microsoft SQL Server Compact Edition
    2012-09-16 15:28 . 2012-09-16 15:28--------d-----w-c:\program files (x86)\Microsoft Synchronization Services
    2012-09-16 15:28 . 2012-09-16 15:28--------d-----w-c:\program files (x86)\Microsoft SQL Server Compact Edition
    2012-09-16 15:28 . 2012-09-19 08:53112832----a-w-c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
    2012-09-16 15:28 . 2012-09-18 05:43--------d-----w-c:\program files (x86)\Microsoft Visual Studio 10.0
    2012-09-16 15:27 . 2012-09-16 15:27--------d-----w-c:\windows\symbols
    2012-09-16 15:27 . 2012-09-16 15:27--------d-----w-c:\program files\Microsoft Visual Studio 10.0
    2012-09-16 15:27 . 2012-09-16 15:27--------d-----w-c:\program files\Microsoft Help Viewer
    2012-09-16 06:46 . 2012-05-04 11:00366592----a-w-c:\windows\system32\qdvd.dll
    2012-09-16 06:46 . 2012-05-04 09:59514560----a-w-c:\windows\SysWow64\qdvd.dll
    2012-09-16 05:47 . 2012-09-16 05:47--------d-----w-c:\programdata\McAfee
    2012-09-16 05:25 . 2012-08-22 18:12950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-09-16 05:25 . 2012-08-02 17:58574464----a-w-c:\windows\system32\d3d10level9.dll
    2012-09-16 05:25 . 2012-08-02 16:57490496----a-w-c:\windows\SysWow64\d3d10level9.dll
    2012-09-16 05:25 . 2012-07-04 20:2641472----a-w-c:\windows\system32\drivers\RNDISMP.sys
    2012-09-16 05:25 . 2012-08-22 18:121913200----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-09-16 05:25 . 2012-08-22 18:12376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-09-16 05:25 . 2012-08-22 18:12288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-19 08:47 . 2012-05-09 02:04821736----a-w-c:\windows\SysWow64\npdeployJava1.dll
    2012-09-19 08:47 . 2011-11-03 06:06746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-09-16 06:46 . 2011-10-22 06:4364462936----a-w-c:\windows\system32\MRT.exe
    2012-08-20 07:05 . 2012-04-04 03:09426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-20 07:05 . 2011-10-22 07:0670344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-18 18:15 . 2012-08-18 02:333148800----a-w-c:\windows\system32\win32k.sys
    2012-07-04 22:16 . 2012-08-18 02:3373216----a-w-c:\windows\system32\netapi32.dll
    2012-07-04 22:13 . 2012-08-18 02:3359392----a-w-c:\windows\system32\browcli.dll
    2012-07-04 22:13 . 2012-08-18 02:33136704----a-w-c:\windows\system32\browser.dll
    2012-07-04 21:14 . 2012-08-18 02:3341984----a-w-c:\windows\SysWow64\browcli.dll
    2012-06-29 04:55 . 2012-08-18 08:4117809920----a-w-c:\windows\system32\mshtml.dll
    2012-06-29 04:09 . 2012-08-18 08:4110925568----a-w-c:\windows\system32\ieframe.dll
    2012-06-29 03:56 . 2012-08-18 08:412312704----a-w-c:\windows\system32\jscript9.dll
    2012-06-29 03:49 . 2012-08-18 08:411346048----a-w-c:\windows\system32\urlmon.dll
    2012-06-29 03:49 . 2012-08-18 08:411392128----a-w-c:\windows\system32\wininet.dll
    2012-06-29 03:48 . 2012-08-18 08:411494528----a-w-c:\windows\system32\inetcpl.cpl
    2012-06-29 03:47 . 2012-08-18 08:41237056----a-w-c:\windows\system32\url.dll
    2012-06-29 03:45 . 2012-08-18 08:4185504----a-w-c:\windows\system32\jsproxy.dll
    2012-06-29 03:44 . 2012-08-18 08:41816640----a-w-c:\windows\system32\jscript.dll
    2012-06-29 03:43 . 2012-08-18 08:41173056----a-w-c:\windows\system32\ieUnatt.exe
    2012-06-29 03:42 . 2012-08-18 08:412144768----a-w-c:\windows\system32\iertutil.dll
    2012-06-29 03:40 . 2012-08-18 08:4196768----a-w-c:\windows\system32\mshtmled.dll
    2012-06-29 03:39 . 2012-08-18 08:412382848----a-w-c:\windows\system32\mshtml.tlb
    2012-06-29 03:37 . 2012-07-27 05:519164648----a-w-c:\windows\system32\nvcuda.dll
    2012-06-29 03:37 . 2012-07-27 05:51828264----a-w-c:\windows\SysWow64\nvumdshim.dll
    2012-06-29 03:37 . 2012-07-27 05:512744680----a-w-c:\windows\system32\nvcuvid.dll
    2012-06-29 03:37 . 2012-07-27 05:5126226536----a-w-c:\windows\system32\nvoglv64.dll
    2012-06-29 03:37 . 2012-07-27 05:512573160----a-w-c:\windows\SysWow64\nvcuvid.dll
    2012-06-29 03:37 . 2012-07-27 05:5125256296----a-w-c:\windows\system32\nvcompiler.dll
    2012-06-29 03:37 . 2012-07-27 05:51247144----a-w-c:\windows\system32\nvinitx.dll
    2012-06-29 03:37 . 2012-07-27 05:512216296----a-w-c:\windows\system32\nvcuvenc.dll
    2012-06-29 03:37 . 2012-07-27 05:51202600----a-w-c:\windows\SysWow64\nvinit.dll
    2012-06-29 03:37 . 2012-07-27 05:5119828072----a-w-c:\windows\SysWow64\nvoglv32.dll
    2012-06-29 03:37 . 2012-07-27 05:511865064----a-w-c:\windows\SysWow64\nvcuvenc.dll
    2012-06-29 03:37 . 2012-07-27 05:5118228072----a-w-c:\windows\system32\nvd3dumx.dll
    2012-06-29 03:37 . 2012-07-27 05:5117559912----a-w-c:\windows\SysWow64\nvcompiler.dll
    2012-06-29 03:37 . 2012-07-27 05:5115290216----a-w-c:\windows\SysWow64\nvd3dum.dll
    2012-06-29 03:37 . 2012-07-27 05:511472360----a-w-c:\windows\system32\nvdispgenco64.dll
    2012-06-29 03:37 . 2012-07-27 05:5113365608----a-w-c:\windows\system32\drivers\nvlddmkm.sys
    2012-06-29 03:37 . 2012-07-27 05:5112388712----a-w-c:\windows\SysWow64\nvwgf2um.dll
    2012-06-29 03:37 . 2012-03-31 02:327699304----a-w-c:\windows\SysWow64\nvcuda.dll
    2012-06-29 03:37 . 2012-03-31 02:3260776----a-w-c:\windows\system32\OpenCL.dll
    2012-06-29 03:37 . 2012-03-31 02:3252584----a-w-c:\windows\SysWow64\OpenCL.dll
    2012-06-29 03:37 . 2012-02-12 18:592422120----a-w-c:\windows\SysWow64\nvapi.dll
    2012-06-29 03:37 . 2012-02-02 07:40969064----a-w-c:\windows\system32\nvumdshimx.dll
    2012-06-29 03:37 . 2011-10-22 06:2114806376----a-w-c:\windows\system32\nvwgf2umx.dll
    2012-06-29 03:37 . 2011-10-22 06:212723688----a-w-c:\windows\system32\nvapi64.dll
    2012-06-29 03:37 . 2011-10-22 06:211758056----a-w-c:\windows\system32\nvdispco64.dll
    2012-06-29 03:35 . 2012-08-18 08:41248320----a-w-c:\windows\system32\ieui.dll
    2012-06-29 00:44 . 2012-06-29 00:44428904----a-w-c:\windows\SysWow64\nvStreaming.exe
    2012-06-29 00:16 . 2012-08-18 08:411800704----a-w-c:\windows\SysWow64\jscript9.dll
    2012-06-29 00:09 . 2012-08-18 08:411129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-06-29 00:08 . 2012-08-18 08:411427968----a-w-c:\windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04 . 2012-08-18 08:41142848----a-w-c:\windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00 . 2012-08-18 08:412382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-06-28 23:56 . 2012-02-02 07:432667062----a-w-c:\windows\system32\nvcoproc.bin
    2012-06-28 23:55 . 2011-10-22 06:213266408----a-w-c:\windows\system32\nvsvc64.dll
    2012-06-28 23:55 . 2011-10-22 06:216193000----a-w-c:\windows\system32\nvcpl.dll
    2012-06-28 23:55 . 2011-10-22 06:21118120----a-w-c:\windows\system32\nvmctray.dll
    2012-06-28 23:55 . 2011-10-22 06:21891240----a-w-c:\windows\system32\nvvsvc.exe
    2012-06-28 23:55 . 2011-10-22 06:2163336----a-w-c:\windows\system32\nvshext.dll
    2012-06-27 04:38 . 2012-06-27 04:3846176----a-w-c:\windows\system32\drivers\point64.sys
    2012-06-25 05:24 . 2012-06-25 05:2452320----a-w-c:\windows\system32\drivers\dc3d.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-09-19_08.20.38 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-09-18 05:5116384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-09-21 01:4616384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-09-18 05:5132768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-21 01:4632768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-09-18 05:5116384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-21 01:4616384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-10-22 07:15 . 2012-09-21 01:4542006 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-09-21 01:4532380 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-10-22 06:31 . 2012-09-21 01:4517046 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3842091948-3901834928-2535491561-1000_UserData.bin
    + 2011-10-22 06:11 . 2012-09-19 17:1116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-10-22 06:11 . 2012-09-18 05:4516384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-10-22 06:11 . 2012-09-19 17:1132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-10-22 06:11 . 2012-09-18 05:4532768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-09-18 05:4516384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-09-19 17:1116384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-09-19 08:20 . 2012-09-19 08:202048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-09-21 01:51 . 2012-09-21 01:512048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-09-19 08:20 . 2012-09-19 08:202048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-09-21 01:51 . 2012-09-21 01:512048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-09-19 08:47 . 2012-09-19 08:47246760 c:\windows\SysWOW64\javaws.exe
    + 2012-09-19 08:47 . 2012-09-19 08:47174056 c:\windows\SysWOW64\javaw.exe
    + 2012-09-19 08:47 . 2012-09-19 08:47174056 c:\windows\SysWOW64\java.exe
    + 2009-07-14 02:36 . 2012-09-21 01:47660068 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-09-19 08:17660068 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-09-21 01:47120996 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-09-19 08:17120996 c:\windows\system32\perfc009.dat
    + 2011-10-23 19:28 . 2011-06-23 23:25225328 c:\windows\system32\drivers\wpshelper.sys
    - 2011-10-23 19:28 . 2012-09-06 16:20225328 c:\windows\system32\drivers\wpshelper.sys
    - 2009-07-14 05:01 . 2012-09-19 08:19235764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-09-21 01:50235764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-09-19 08:52 . 2012-09-19 08:52723256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll
    + 2012-09-19 08:47 . 2012-09-19 08:47179200 c:\windows\Installer\12b611.msi
    - 2011-10-22 07:11 . 2012-09-19 07:177833812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3842091948-3901834928-2535491561-1000-12288.dat
    + 2011-10-22 07:11 . 2012-09-19 17:247833812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3842091948-3901834928-2535491561-1000-12288.dat
    + 2011-06-29 04:27 . 2011-06-29 04:274028928 c:\windows\Installer\12b693.msp
    + 2011-10-22 09:31 . 2012-09-21 01:5037418244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3842091948-3901834928-2535491561-1000-8192.dat
    + 2011-12-16 19:18 . 2011-12-16 19:1810532864 c:\windows\Installer\12b688.msp
    + 2012-09-19 08:46 . 2012-09-19 08:4627549696 c:\windows\Installer\12b608.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="e:\games\Steam\Steam.exe" [2012-08-05 1353080]
    "F.lux"="c:\users\Andrew\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
    "Facebook Update"="c:\users\Andrew\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]
    "boincmgr"="c:\program files (x86)\GridRepublic\gridrepublic.exe" [2012-02-24 4519008]
    "boinctray"="c:\program files (x86)\GridRepublic\boinctray.exe" [2012-02-24 58464]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Andrew\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    Facebook Messenger.lnk - c:\users\Andrew\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe [2012-9-5 247728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-06-29 1258856]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-22 1255736]
    R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
    S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2011-03-14 24880]
    S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [2011-03-14 313136]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-10-24 871408]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-06-29 382312]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-08 138912]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-05-21 188776]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3842091948-3901834928-2535491561-1000Core.job
    - c:\users\Andrew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-11 02:06]
    .
    2012-09-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3842091948-3901834928-2535491561-1000UA.job
    - c:\users\Andrew\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-11 02:06]
    .
    2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842091948-3901834928-2535491561-1000Core.job
    - c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 01:05]
    .
    2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3842091948-3901834928-2535491561-1000UA.job
    - c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 01:05]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Andrew\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-06-24 7233640]
    "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
    "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\t9zb8zqn.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-20 18:52:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-21 01:52
    ComboFix2.txt 2012-09-19 08:21
    ComboFix3.txt 2012-09-19 08:06
    .
    Pre-Run: 18,183,237,632 bytes free
    Post-Run: 18,159,919,104 bytes free
    .
    - - End Of File - - 2B1EDA809BB2B9550B04029F51F62E40
     
  8. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    I did a full reinstall of Firefox and Chrome, and that seems to have fixed the issue... I don't trust it though. It didn't happen often enough for me to be sure with just a couple test searches.

    Edit: I know you said don't make any changes... I did the reinstall of Firefox before I arrived here, noticed it worked, then stopped caring until I noticed it in Chrome. I remembered today that the reinstall worked, so just on a hunch I tried it in Chrome and it seems to have also fixed the problem. I haven't used IE in a very long time, so I haven't even tested it yet.
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Let's see what this reveals...

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
     
  10. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    TDSS:

    07:10:28.0504 4596 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    07:10:28.0879 4596 ============================================================
    07:10:28.0879 4596 Current date / time: 2012/09/21 07:10:28.0879
    07:10:28.0879 4596 SystemInfo:
    07:10:28.0879 4596
    07:10:28.0879 4596 OS Version: 6.1.7601 ServicePack: 1.0
    07:10:28.0879 4596 Product type: Workstation
    07:10:28.0879 4596 ComputerName: SHEPARD
    07:10:28.0879 4596 UserName: Andrew
    07:10:28.0879 4596 Windows directory: C:\Windows
    07:10:28.0879 4596 System windows directory: C:\Windows
    07:10:28.0879 4596 Running under WOW64
    07:10:28.0879 4596 Processor architecture: Intel x64
    07:10:28.0879 4596 Number of processors: 4
    07:10:28.0879 4596 Page size: 0x1000
    07:10:28.0879 4596 Boot type: Normal boot
    07:10:28.0879 4596 ============================================================
    07:10:29.0191 4596 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    07:10:29.0206 4596 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    07:10:29.0206 4596 ============================================================
    07:10:29.0206 4596 \Device\Harddisk0\DR0:
    07:10:29.0206 4596 MBR partitions:
    07:10:29.0206 4596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    07:10:29.0206 4596 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
    07:10:29.0206 4596 \Device\Harddisk1\DR1:
    07:10:29.0206 4596 MBR partitions:
    07:10:29.0206 4596 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3E800000
    07:10:29.0206 4596 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3E800800, BlocksNum 0x25800000
    07:10:29.0206 4596 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x64000800, BlocksNum 0xDF05800
    07:10:29.0206 4596 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x6, StartLBA 0x71F06000, BlocksNum 0x2800000
    07:10:29.0206 4596 ============================================================
    07:10:29.0206 4596 C: <-> \Device\Harddisk0\DR0\Partition2
    07:10:29.0237 4596 D: <-> \Device\Harddisk1\DR1\Partition1
    07:10:29.0269 4596 E: <-> \Device\Harddisk1\DR1\Partition2
    07:10:29.0300 4596 F: <-> \Device\Harddisk1\DR1\Partition3
    07:10:29.0300 4596 ============================================================
    07:10:29.0300 4596 Initialize success
    07:10:29.0300 4596 ============================================================
    07:10:47.0957 2460 ============================================================
    07:10:47.0957 2460 Scan started
    07:10:47.0957 2460 Mode: Manual; SigCheck; TDLFS;
    07:10:47.0957 2460 ============================================================
    07:10:48.0098 2460 ================ Scan system memory ========================
    07:10:48.0098 2460 System memory - ok
    07:10:48.0098 2460 ================ Scan services =============================
    07:10:48.0129 2460 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    07:10:48.0176 2460 1394ohci - ok
    07:10:48.0176 2460 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    07:10:48.0191 2460 ACPI - ok
    07:10:48.0207 2460 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    07:10:48.0238 2460 AcpiPmi - ok
    07:10:48.0238 2460 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    07:10:48.0254 2460 AdobeARMservice - ok
    07:10:48.0269 2460 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    07:10:48.0301 2460 adp94xx - ok
    07:10:48.0301 2460 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    07:10:48.0332 2460 adpahci - ok
    07:10:48.0332 2460 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    07:10:48.0347 2460 adpu320 - ok
    07:10:48.0347 2460 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    07:10:48.0410 2460 AeLookupSvc - ok
    07:10:48.0410 2460 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    07:10:48.0441 2460 AFD - ok
    07:10:48.0441 2460 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    07:10:48.0457 2460 agp440 - ok
    07:10:48.0457 2460 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    07:10:48.0488 2460 ALG - ok
    07:10:48.0488 2460 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    07:10:48.0503 2460 aliide - ok
    07:10:48.0503 2460 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    07:10:48.0519 2460 amdide - ok
    07:10:48.0535 2460 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    07:10:48.0550 2460 AmdK8 - ok
    07:10:48.0550 2460 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    07:10:48.0566 2460 AmdPPM - ok
    07:10:48.0581 2460 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    07:10:48.0597 2460 amdsata - ok
    07:10:48.0597 2460 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    07:10:48.0613 2460 amdsbs - ok
    07:10:48.0628 2460 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    07:10:48.0644 2460 amdxata - ok
    07:10:48.0644 2460 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    07:10:48.0722 2460 AppID - ok
    07:10:48.0722 2460 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    07:10:48.0769 2460 AppIDSvc - ok
    07:10:48.0769 2460 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    07:10:48.0800 2460 Appinfo - ok
    07:10:48.0800 2460 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    07:10:48.0831 2460 AppMgmt - ok
    07:10:48.0831 2460 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    07:10:48.0847 2460 arc - ok
    07:10:48.0847 2460 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    07:10:48.0862 2460 arcsas - ok
    07:10:48.0878 2460 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    07:10:48.0925 2460 aspnet_state - ok
    07:10:48.0925 2460 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    07:10:48.0956 2460 AsyncMac - ok
    07:10:48.0956 2460 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    07:10:48.0956 2460 atapi - ok
    07:10:48.0971 2460 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    07:10:49.0018 2460 AudioEndpointBuilder - ok
    07:10:49.0034 2460 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    07:10:49.0081 2460 AudioSrv - ok
    07:10:49.0081 2460 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    07:10:49.0112 2460 AxInstSV - ok
    07:10:49.0127 2460 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    07:10:49.0159 2460 b06bdrv - ok
    07:10:49.0159 2460 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    07:10:49.0174 2460 b57nd60a - ok
    07:10:49.0190 2460 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    07:10:49.0205 2460 BDESVC - ok
    07:10:49.0205 2460 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    07:10:49.0237 2460 Beep - ok
    07:10:49.0252 2460 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    07:10:49.0283 2460 BFE - ok
    07:10:49.0299 2460 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    07:10:49.0330 2460 BITS - ok
    07:10:49.0330 2460 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    07:10:49.0346 2460 blbdrive - ok
    07:10:49.0346 2460 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    07:10:49.0361 2460 bowser - ok
    07:10:49.0377 2460 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    07:10:49.0393 2460 BrFiltLo - ok
    07:10:49.0393 2460 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    07:10:49.0424 2460 BrFiltUp - ok
    07:10:49.0424 2460 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    07:10:49.0455 2460 BridgeMP - ok
    07:10:49.0455 2460 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    07:10:49.0471 2460 Browser - ok
    07:10:49.0486 2460 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    07:10:49.0502 2460 Brserid - ok
    07:10:49.0517 2460 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    07:10:49.0533 2460 BrSerWdm - ok
    07:10:49.0533 2460 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    07:10:49.0549 2460 BrUsbMdm - ok
    07:10:49.0549 2460 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    07:10:49.0580 2460 BrUsbSer - ok
    07:10:49.0580 2460 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    07:10:49.0595 2460 BTHMODEM - ok
    07:10:49.0595 2460 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    07:10:49.0627 2460 bthserv - ok
    07:10:49.0642 2460 catchme - ok
    07:10:49.0642 2460 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    07:10:49.0658 2460 ccEvtMgr - ok
    07:10:49.0658 2460 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    07:10:49.0673 2460 ccSetMgr - ok
    07:10:49.0673 2460 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    07:10:49.0705 2460 cdfs - ok
    07:10:49.0720 2460 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    07:10:49.0736 2460 cdrom - ok
    07:10:49.0736 2460 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    07:10:49.0767 2460 CertPropSvc - ok
    07:10:49.0767 2460 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    07:10:49.0798 2460 circlass - ok
    07:10:49.0798 2460 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    07:10:49.0814 2460 CLFS - ok
    07:10:49.0829 2460 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    07:10:49.0861 2460 clr_optimization_v2.0.50727_32 - ok
    07:10:49.0876 2460 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    07:10:49.0892 2460 clr_optimization_v2.0.50727_64 - ok
    07:10:49.0892 2460 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    07:10:49.0923 2460 clr_optimization_v4.0.30319_32 - ok
    07:10:49.0923 2460 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    07:10:49.0939 2460 clr_optimization_v4.0.30319_64 - ok
    07:10:49.0939 2460 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    07:10:49.0954 2460 CmBatt - ok
    07:10:49.0970 2460 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    07:10:49.0985 2460 cmdide - ok
    07:10:49.0985 2460 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    07:10:50.0017 2460 CNG - ok
    07:10:50.0032 2460 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    07:10:50.0048 2460 Compbatt - ok
    07:10:50.0048 2460 [ 59D203C3F46F3CA536ECAC0E084CD887 ] CompFilter64 C:\Windows\system32\DRIVERS\lvbflt64.sys
    07:10:50.0063 2460 CompFilter64 - ok
    07:10:50.0063 2460 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    07:10:50.0079 2460 CompositeBus - ok
    07:10:50.0079 2460 COMSysApp - ok
    07:10:50.0079 2460 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    07:10:50.0095 2460 crcdisk - ok
    07:10:50.0110 2460 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    07:10:50.0126 2460 CryptSvc - ok
    07:10:50.0126 2460 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    07:10:50.0157 2460 CSC - ok
    07:10:50.0157 2460 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    07:10:50.0188 2460 CscService - ok
    07:10:50.0188 2460 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    07:10:50.0204 2460 dc3d - ok
    07:10:50.0219 2460 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    07:10:50.0251 2460 DcomLaunch - ok
    07:10:50.0251 2460 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    07:10:50.0297 2460 defragsvc - ok
    07:10:50.0297 2460 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    07:10:50.0329 2460 DfsC - ok
    07:10:50.0329 2460 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    07:10:50.0360 2460 Dhcp - ok
    07:10:50.0360 2460 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    07:10:50.0391 2460 discache - ok
    07:10:50.0391 2460 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    07:10:50.0422 2460 Disk - ok
    07:10:50.0422 2460 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    07:10:50.0438 2460 Dnscache - ok
    07:10:50.0438 2460 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    07:10:50.0485 2460 dot3svc - ok
    07:10:50.0485 2460 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    07:10:50.0516 2460 DPS - ok
    07:10:50.0516 2460 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    07:10:50.0531 2460 drmkaud - ok
    07:10:50.0547 2460 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    07:10:50.0563 2460 DXGKrnl - ok
    07:10:50.0578 2460 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    07:10:50.0609 2460 EapHost - ok
    07:10:50.0641 2460 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    07:10:50.0703 2460 ebdrv - ok
    07:10:50.0719 2460 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    07:10:50.0734 2460 eeCtrl - ok
    07:10:50.0734 2460 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    07:10:50.0750 2460 EFS - ok
    07:10:50.0765 2460 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    07:10:50.0812 2460 ehRecvr - ok
    07:10:50.0812 2460 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    07:10:50.0843 2460 ehSched - ok
    07:10:50.0859 2460 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    07:10:50.0890 2460 elxstor - ok
    07:10:50.0890 2460 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    07:10:50.0906 2460 EraserUtilRebootDrv - ok
    07:10:50.0906 2460 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    07:10:50.0921 2460 ErrDev - ok
    07:10:50.0921 2460 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    07:10:50.0968 2460 EventSystem - ok
    07:10:50.0968 2460 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    07:10:50.0999 2460 exfat - ok
    07:10:50.0999 2460 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    07:10:51.0046 2460 fastfat - ok
    07:10:51.0062 2460 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    07:10:51.0077 2460 Fax - ok
    07:10:51.0077 2460 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    07:10:51.0109 2460 fdc - ok
    07:10:51.0109 2460 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    07:10:51.0140 2460 fdPHost - ok
    07:10:51.0140 2460 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    07:10:51.0171 2460 FDResPub - ok
    07:10:51.0171 2460 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    07:10:51.0187 2460 FileInfo - ok
    07:10:51.0187 2460 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    07:10:51.0218 2460 Filetrace - ok
    07:10:51.0218 2460 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    07:10:51.0233 2460 flpydisk - ok
    07:10:51.0249 2460 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    07:10:51.0265 2460 FltMgr - ok
    07:10:51.0265 2460 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    07:10:51.0296 2460 FontCache - ok
    07:10:51.0311 2460 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    07:10:51.0327 2460 FontCache3.0.0.0 - ok
    07:10:51.0327 2460 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    07:10:51.0343 2460 FsDepends - ok
    07:10:51.0343 2460 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    07:10:51.0358 2460 Fs_Rec - ok
    07:10:51.0358 2460 [ 79B4CDE2B69ED8BA4011859780A66A4D ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
    07:10:51.0389 2460 Futuremark SystemInfo Service - ok
    07:10:51.0389 2460 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    07:10:51.0421 2460 fvevol - ok
    07:10:51.0421 2460 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    07:10:51.0436 2460 gagp30kx - ok
    07:10:51.0452 2460 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    07:10:51.0499 2460 gpsvc - ok
    07:10:51.0514 2460 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    07:10:51.0530 2460 hcw85cir - ok
    07:10:51.0530 2460 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    07:10:51.0561 2460 HdAudAddService - ok
    07:10:51.0561 2460 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    07:10:51.0577 2460 HDAudBus - ok
    07:10:51.0577 2460 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    07:10:51.0592 2460 HidBatt - ok
    07:10:51.0608 2460 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    07:10:51.0623 2460 HidBth - ok
    07:10:51.0623 2460 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    07:10:51.0639 2460 HidIr - ok
    07:10:51.0639 2460 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    07:10:51.0670 2460 hidserv - ok
    07:10:51.0670 2460 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    07:10:51.0686 2460 HidUsb - ok
    07:10:51.0686 2460 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    07:10:51.0733 2460 hkmsvc - ok
    07:10:51.0733 2460 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    07:10:51.0748 2460 HomeGroupListener - ok
    07:10:51.0764 2460 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    07:10:51.0779 2460 HomeGroupProvider - ok
    07:10:51.0779 2460 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    07:10:51.0795 2460 HpSAMD - ok
    07:10:51.0811 2460 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    07:10:51.0842 2460 HTTP - ok
    07:10:51.0842 2460 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    07:10:51.0857 2460 hwpolicy - ok
    07:10:51.0873 2460 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    07:10:51.0889 2460 i8042prt - ok
    07:10:51.0889 2460 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    07:10:51.0920 2460 iaStorV - ok
    07:10:51.0935 2460 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    07:10:51.0982 2460 idsvc - ok
    07:10:51.0982 2460 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    07:10:51.0998 2460 iirsp - ok
    07:10:52.0013 2460 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    07:10:52.0060 2460 IKEEXT - ok
    07:10:52.0076 2460 [ EB5FA493A4B6EA290200AE39EBA2FBC6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    07:10:52.0123 2460 IntcAzAudAddService - ok
    07:10:52.0123 2460 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    07:10:52.0138 2460 intelide - ok
    07:10:52.0138 2460 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    07:10:52.0154 2460 intelppm - ok
    07:10:52.0154 2460 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    07:10:52.0185 2460 IPBusEnum - ok
    07:10:52.0201 2460 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    07:10:52.0232 2460 IpFilterDriver - ok
    07:10:52.0232 2460 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    07:10:52.0279 2460 iphlpsvc - ok
    07:10:52.0279 2460 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    07:10:52.0294 2460 IPMIDRV - ok
    07:10:52.0294 2460 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    07:10:52.0341 2460 IPNAT - ok
    07:10:52.0341 2460 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    07:10:52.0372 2460 IRENUM - ok
    07:10:52.0372 2460 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    07:10:52.0388 2460 isapnp - ok
    07:10:52.0388 2460 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    07:10:52.0419 2460 iScsiPrt - ok
    07:10:52.0419 2460 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    07:10:52.0435 2460 kbdclass - ok
    07:10:52.0435 2460 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    07:10:52.0450 2460 kbdhid - ok
    07:10:52.0450 2460 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    07:10:52.0466 2460 KeyIso - ok
    07:10:52.0466 2460 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    07:10:52.0481 2460 KSecDD - ok
    07:10:52.0481 2460 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    07:10:52.0513 2460 KSecPkg - ok
    07:10:52.0513 2460 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    07:10:52.0528 2460 ksthunk - ok
    07:10:52.0544 2460 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    07:10:52.0575 2460 KtmRm - ok
    07:10:52.0591 2460 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    07:10:52.0622 2460 LanmanServer - ok
    07:10:52.0622 2460 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    07:10:52.0653 2460 LanmanWorkstation - ok
    07:10:52.0684 2460 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
    07:10:52.0762 2460 LiveUpdate - ok
    07:10:52.0762 2460 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    07:10:52.0793 2460 lltdio - ok
    07:10:52.0793 2460 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    07:10:52.0840 2460 lltdsvc - ok
    07:10:52.0840 2460 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    07:10:52.0871 2460 lmhosts - ok
    07:10:52.0871 2460 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    07:10:52.0887 2460 LSI_FC - ok
    07:10:52.0887 2460 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    07:10:52.0918 2460 LSI_SAS - ok
    07:10:52.0918 2460 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    07:10:52.0934 2460 LSI_SAS2 - ok
    07:10:52.0934 2460 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    07:10:52.0949 2460 LSI_SCSI - ok
    07:10:52.0949 2460 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    07:10:52.0981 2460 luafv - ok
    07:10:52.0996 2460 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
    07:10:52.0996 2460 LVRS64 - ok
    07:10:53.0043 2460 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
    07:10:53.0105 2460 LVUVC64 - ok
    07:10:53.0105 2460 [ E5ECF40E5FD459141E5F6685FFD51804 ] Lycosa C:\Windows\system32\drivers\Lycosa.sys
    07:10:53.0121 2460 Lycosa - ok
    07:10:53.0121 2460 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
    07:10:53.0137 2460 MBfilt - ok
    07:10:53.0137 2460 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    07:10:53.0152 2460 Mcx2Svc - ok
    07:10:53.0152 2460 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    07:10:53.0183 2460 megasas - ok
    07:10:53.0183 2460 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    07:10:53.0199 2460 MegaSR - ok
    07:10:53.0215 2460 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    07:10:53.0230 2460 MMCSS - ok
    07:10:53.0246 2460 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    07:10:53.0277 2460 Modem - ok
    07:10:53.0277 2460 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    07:10:53.0293 2460 monitor - ok
    07:10:53.0293 2460 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    07:10:53.0308 2460 mouclass - ok
    07:10:53.0308 2460 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    07:10:53.0324 2460 mouhid - ok
    07:10:53.0324 2460 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    07:10:53.0339 2460 mountmgr - ok
    07:10:53.0339 2460 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    07:10:53.0371 2460 MozillaMaintenance - ok
    07:10:53.0371 2460 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    07:10:53.0386 2460 mpio - ok
    07:10:53.0402 2460 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    07:10:53.0417 2460 mpsdrv - ok
    07:10:53.0433 2460 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    07:10:53.0480 2460 MpsSvc - ok
    07:10:53.0480 2460 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    07:10:53.0511 2460 MRxDAV - ok
    07:10:53.0511 2460 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    07:10:53.0542 2460 mrxsmb - ok
    07:10:53.0542 2460 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    07:10:53.0558 2460 mrxsmb10 - ok
    07:10:53.0558 2460 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    07:10:53.0573 2460 mrxsmb20 - ok
    07:10:53.0573 2460 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    07:10:53.0589 2460 msahci - ok
    07:10:53.0589 2460 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    07:10:53.0620 2460 msdsm - ok
    07:10:53.0620 2460 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    07:10:53.0636 2460 MSDTC - ok
    07:10:53.0636 2460 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    07:10:53.0667 2460 Msfs - ok
    07:10:53.0667 2460 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    07:10:53.0698 2460 mshidkmdf - ok
    07:10:53.0698 2460 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    07:10:53.0714 2460 msisadrv - ok
    07:10:53.0729 2460 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    07:10:53.0761 2460 MSiSCSI - ok
    07:10:53.0761 2460 msiserver - ok
     
  11. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    07:10:53.0761 2460 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    07:10:53.0792 2460 MSKSSRV - ok
    07:10:53.0792 2460 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    07:10:53.0839 2460 MSPCLOCK - ok
    07:10:53.0839 2460 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    07:10:53.0870 2460 MSPQM - ok
    07:10:53.0870 2460 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    07:10:53.0901 2460 MsRPC - ok
    07:10:53.0901 2460 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    07:10:53.0917 2460 mssmbios - ok
    07:10:53.0917 2460 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    07:10:53.0948 2460 MSTEE - ok
    07:10:53.0948 2460 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    07:10:53.0963 2460 MTConfig - ok
    07:10:53.0963 2460 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    07:10:53.0995 2460 Mup - ok
    07:10:53.0995 2460 [ BAA293F089077FE71F855BA5649648D9 ] mv91cons C:\Windows\system32\DRIVERS\mv91cons.sys
    07:10:54.0010 2460 mv91cons - ok
    07:10:54.0026 2460 [ A986DC81534582FA478C286E8F57A877 ] mvs91xx C:\Windows\system32\DRIVERS\mvs91xx.sys
    07:10:54.0041 2460 mvs91xx - ok
    07:10:54.0057 2460 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    07:10:54.0088 2460 napagent - ok
    07:10:54.0088 2460 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    07:10:54.0119 2460 NativeWifiP - ok
    07:10:54.0135 2460 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120920.017\ENG64.SYS
    07:10:54.0135 2460 NAVENG - ok
    07:10:54.0166 2460 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120920.017\EX64.SYS
    07:10:54.0197 2460 NAVEX15 - ok
    07:10:54.0197 2460 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    07:10:54.0229 2460 NDIS - ok
    07:10:54.0244 2460 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    07:10:54.0275 2460 NdisCap - ok
    07:10:54.0275 2460 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    07:10:54.0307 2460 NdisTapi - ok
    07:10:54.0307 2460 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    07:10:54.0338 2460 Ndisuio - ok
    07:10:54.0338 2460 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    07:10:54.0369 2460 NdisWan - ok
    07:10:54.0369 2460 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    07:10:54.0400 2460 NDProxy - ok
    07:10:54.0400 2460 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    07:10:54.0431 2460 NetBIOS - ok
    07:10:54.0431 2460 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    07:10:54.0463 2460 NetBT - ok
    07:10:54.0463 2460 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    07:10:54.0478 2460 Netlogon - ok
    07:10:54.0478 2460 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    07:10:54.0525 2460 Netman - ok
    07:10:54.0525 2460 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    07:10:54.0541 2460 NetMsmqActivator - ok
    07:10:54.0541 2460 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    07:10:54.0556 2460 NetPipeActivator - ok
    07:10:54.0556 2460 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    07:10:54.0603 2460 netprofm - ok
    07:10:54.0603 2460 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    07:10:54.0619 2460 NetTcpActivator - ok
    07:10:54.0619 2460 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    07:10:54.0634 2460 NetTcpPortSharing - ok
    07:10:54.0634 2460 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    07:10:54.0650 2460 nfrd960 - ok
    07:10:54.0665 2460 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    07:10:54.0697 2460 NlaSvc - ok
    07:10:54.0712 2460 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    07:10:54.0728 2460 Npfs - ok
    07:10:54.0728 2460 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    07:10:54.0759 2460 nsi - ok
    07:10:54.0759 2460 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    07:10:54.0790 2460 nsiproxy - ok
    07:10:54.0806 2460 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    07:10:54.0853 2460 Ntfs - ok
    07:10:54.0853 2460 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    07:10:54.0884 2460 Null - ok
    07:10:54.0884 2460 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
    07:10:54.0899 2460 nusb3hub - ok
    07:10:54.0899 2460 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
    07:10:54.0915 2460 nusb3xhc - ok
    07:10:54.0931 2460 [ 5F1FF880ADACF7E0FF7C27BA188B05DA ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    07:10:54.0946 2460 NVHDA - ok
    07:10:55.0071 2460 [ 39DEFE644321F9A4B7F527664F628DEA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    07:10:55.0243 2460 nvlddmkm - ok
    07:10:55.0243 2460 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    07:10:55.0274 2460 nvraid - ok
    07:10:55.0274 2460 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    07:10:55.0289 2460 nvstor - ok
    07:10:55.0305 2460 [ A8BD627C6B78745CE8D591E9636E533F ] nvsvc C:\Windows\system32\nvvsvc.exe
    07:10:55.0336 2460 nvsvc - ok
    07:10:55.0352 2460 [ ABF9218BC7B87ED93C0B5DEAD9E2F7E9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    07:10:55.0414 2460 nvUpdatusService - ok
    07:10:55.0414 2460 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    07:10:55.0445 2460 nv_agp - ok
    07:10:55.0445 2460 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    07:10:55.0461 2460 ohci1394 - ok
    07:10:55.0461 2460 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    07:10:55.0492 2460 p2pimsvc - ok
    07:10:55.0492 2460 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    07:10:55.0523 2460 p2psvc - ok
    07:10:55.0523 2460 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    07:10:55.0539 2460 Parport - ok
    07:10:55.0555 2460 Partizan - ok
    07:10:55.0555 2460 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    07:10:55.0570 2460 partmgr - ok
    07:10:55.0570 2460 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    07:10:55.0586 2460 PcaSvc - ok
    07:10:55.0601 2460 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    07:10:55.0617 2460 pci - ok
    07:10:55.0617 2460 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    07:10:55.0633 2460 pciide - ok
    07:10:55.0633 2460 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    07:10:55.0664 2460 pcmcia - ok
    07:10:55.0664 2460 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    07:10:55.0679 2460 pcw - ok
    07:10:55.0695 2460 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    07:10:55.0726 2460 PEAUTH - ok
    07:10:55.0742 2460 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    07:10:55.0773 2460 PeerDistSvc - ok
    07:10:55.0789 2460 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    07:10:55.0820 2460 PerfHost - ok
    07:10:55.0835 2460 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    07:10:55.0882 2460 pla - ok
    07:10:55.0898 2460 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    07:10:55.0913 2460 PlugPlay - ok
    07:10:55.0913 2460 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    07:10:55.0929 2460 PNRPAutoReg - ok
    07:10:55.0945 2460 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    07:10:55.0960 2460 PNRPsvc - ok
    07:10:55.0960 2460 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    07:10:55.0976 2460 Point64 - ok
    07:10:55.0976 2460 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    07:10:56.0007 2460 PolicyAgent - ok
    07:10:56.0023 2460 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    07:10:56.0054 2460 Power - ok
    07:10:56.0054 2460 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    07:10:56.0085 2460 PptpMiniport - ok
    07:10:56.0085 2460 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    07:10:56.0101 2460 Processor - ok
    07:10:56.0116 2460 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    07:10:56.0132 2460 ProfSvc - ok
    07:10:56.0132 2460 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    07:10:56.0147 2460 ProtectedStorage - ok
    07:10:56.0147 2460 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    07:10:56.0179 2460 Psched - ok
    07:10:56.0194 2460 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    07:10:56.0241 2460 ql2300 - ok
    07:10:56.0257 2460 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    07:10:56.0272 2460 ql40xx - ok
    07:10:56.0272 2460 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    07:10:56.0303 2460 QWAVE - ok
    07:10:56.0303 2460 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    07:10:56.0319 2460 QWAVEdrv - ok
    07:10:56.0319 2460 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    07:10:56.0366 2460 RasAcd - ok
    07:10:56.0366 2460 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    07:10:56.0397 2460 RasAgileVpn - ok
    07:10:56.0397 2460 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    07:10:56.0428 2460 RasAuto - ok
    07:10:56.0428 2460 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    07:10:56.0459 2460 Rasl2tp - ok
    07:10:56.0459 2460 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    07:10:56.0506 2460 RasMan - ok
    07:10:56.0506 2460 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    07:10:56.0537 2460 RasPppoe - ok
    07:10:56.0537 2460 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    07:10:56.0569 2460 RasSstp - ok
    07:10:56.0569 2460 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    07:10:56.0600 2460 rdbss - ok
    07:10:56.0600 2460 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    07:10:56.0615 2460 rdpbus - ok
    07:10:56.0615 2460 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    07:10:56.0647 2460 RDPCDD - ok
    07:10:56.0647 2460 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    07:10:56.0678 2460 RDPDR - ok
    07:10:56.0678 2460 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    07:10:56.0709 2460 RDPENCDD - ok
    07:10:56.0709 2460 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    07:10:56.0740 2460 RDPREFMP - ok
    07:10:56.0740 2460 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    07:10:56.0756 2460 RdpVideoMiniport - ok
    07:10:56.0756 2460 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    07:10:56.0787 2460 RDPWD - ok
    07:10:56.0787 2460 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    07:10:56.0803 2460 rdyboost - ok
    07:10:56.0818 2460 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    07:10:56.0849 2460 RemoteAccess - ok
    07:10:56.0849 2460 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    07:10:56.0896 2460 RemoteRegistry - ok
    07:10:56.0896 2460 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    07:10:56.0927 2460 RpcEptMapper - ok
    07:10:56.0927 2460 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    07:10:56.0943 2460 RpcLocator - ok
    07:10:56.0943 2460 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
    07:10:56.0974 2460 RpcSs - ok
    07:10:56.0990 2460 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    07:10:57.0005 2460 rspndr - ok
    07:10:57.0021 2460 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    07:10:57.0037 2460 RTL8167 - ok
    07:10:57.0037 2460 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    07:10:57.0052 2460 s3cap - ok
    07:10:57.0052 2460 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    07:10:57.0068 2460 SamSs - ok
    07:10:57.0068 2460 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    07:10:57.0099 2460 sbp2port - ok
    07:10:57.0099 2460 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    07:10:57.0130 2460 SCardSvr - ok
    07:10:57.0130 2460 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    07:10:57.0161 2460 scfilter - ok
    07:10:57.0177 2460 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    07:10:57.0239 2460 Schedule - ok
    07:10:57.0239 2460 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    07:10:57.0271 2460 SCPolicySvc - ok
    07:10:57.0271 2460 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    07:10:57.0302 2460 SDRSVC - ok
    07:10:57.0302 2460 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    07:10:57.0333 2460 secdrv - ok
    07:10:57.0333 2460 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    07:10:57.0364 2460 seclogon - ok
    07:10:57.0364 2460 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    07:10:57.0395 2460 SENS - ok
    07:10:57.0395 2460 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    07:10:57.0411 2460 SensrSvc - ok
    07:10:57.0411 2460 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    07:10:57.0427 2460 Serenum - ok
    07:10:57.0427 2460 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    07:10:57.0442 2460 Serial - ok
    07:10:57.0442 2460 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    07:10:57.0473 2460 sermouse - ok
    07:10:57.0473 2460 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    07:10:57.0505 2460 SessionEnv - ok
    07:10:57.0505 2460 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    07:10:57.0536 2460 sffdisk - ok
    07:10:57.0536 2460 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    07:10:57.0551 2460 sffp_mmc - ok
    07:10:57.0551 2460 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    07:10:57.0567 2460 sffp_sd - ok
    07:10:57.0567 2460 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    07:10:57.0583 2460 sfloppy - ok
    07:10:57.0598 2460 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    07:10:57.0629 2460 SharedAccess - ok
    07:10:57.0645 2460 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    07:10:57.0676 2460 ShellHWDetection - ok
    07:10:57.0676 2460 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    07:10:57.0692 2460 SiSRaid2 - ok
    07:10:57.0692 2460 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    07:10:57.0707 2460 SiSRaid4 - ok
    07:10:57.0739 2460 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    07:10:57.0817 2460 Skype C2C Service - ok
    07:10:57.0817 2460 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    07:10:57.0910 2460 SkypeUpdate - ok
    07:10:57.0910 2460 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    07:10:57.0941 2460 Smb - ok
    07:10:57.0973 2460 [ AD97B711074CF27DA0C00F2C26E1A62C ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    07:10:58.0051 2460 SmcService - ok
    07:10:58.0051 2460 [ 91BD8E268D93AAF5F59AAC9DE84A25BB ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
    07:10:58.0082 2460 SNAC - ok
    07:10:58.0082 2460 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    07:10:58.0097 2460 SNMPTRAP - ok
    07:10:58.0097 2460 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    07:10:58.0113 2460 spldr - ok
    07:10:58.0129 2460 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    07:10:58.0144 2460 Spooler - ok
    07:10:58.0175 2460 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    07:10:58.0269 2460 sppsvc - ok
    07:10:58.0285 2460 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    07:10:58.0316 2460 sppuinotify - ok
    07:10:58.0331 2460 [ 88E5162E58C8919CC873F5D8946197CF ] sptd C:\Windows\system32\Drivers\sptd.sys
    07:10:58.0331 2460 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88E5162E58C8919CC873F5D8946197CF
    07:10:58.0331 2460 sptd ( LockedFile.Multi.Generic ) - warning
    07:10:58.0331 2460 sptd - detected LockedFile.Multi.Generic (1)
    07:10:58.0347 2460 [ 32900AC9CFDC578531279886CA16A4DF ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
    07:10:58.0363 2460 SRTSP - ok
    07:10:58.0363 2460 [ 8929566D1F14685FD78EAF25BEE3ECC7 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
    07:10:58.0394 2460 SRTSPL - ok
    07:10:58.0394 2460 [ CB2FDF47EE67F8CCA5362ED9B94FE955 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
    07:10:58.0409 2460 SRTSPX - ok
    07:10:58.0425 2460 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    07:10:58.0441 2460 srv - ok
    07:10:58.0456 2460 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    07:10:58.0472 2460 srv2 - ok
    07:10:58.0472 2460 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    07:10:58.0487 2460 srvnet - ok
    07:10:58.0487 2460 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    07:10:58.0519 2460 SSDPSRV - ok
    07:10:58.0519 2460 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    07:10:58.0550 2460 SstpSvc - ok
    07:10:58.0550 2460 Steam Client Service - ok
    07:10:58.0565 2460 [ 2C25A72B53B28034BE260D81C4EA4955 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    07:10:58.0597 2460 Stereo Service - ok
    07:10:58.0597 2460 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    07:10:58.0612 2460 stexstor - ok
    07:10:58.0628 2460 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    07:10:58.0643 2460 stisvc - ok
    07:10:58.0643 2460 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    07:10:58.0659 2460 storflt - ok
    07:10:58.0675 2460 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    07:10:58.0690 2460 storvsc - ok
    07:10:58.0690 2460 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    07:10:58.0690 2460 swenum - ok
    07:10:58.0706 2460 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    07:10:58.0753 2460 swprv - ok
    07:10:58.0768 2460 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    07:10:58.0815 2460 Symantec AntiVirus - ok
    07:10:58.0831 2460 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    07:10:58.0846 2460 SymEvent - ok
    07:10:58.0846 2460 Synth3dVsc - ok
    07:10:58.0862 2460 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    07:10:58.0909 2460 SysMain - ok
    07:10:58.0909 2460 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    07:10:58.0940 2460 TabletInputService - ok
    07:10:58.0940 2460 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    07:10:58.0971 2460 TapiSrv - ok
    07:10:58.0971 2460 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    07:10:59.0002 2460 TBS - ok
    07:10:59.0018 2460 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    07:10:59.0080 2460 Tcpip - ok
    07:10:59.0096 2460 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    07:10:59.0127 2460 TCPIP6 - ok
    07:10:59.0127 2460 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    07:10:59.0158 2460 tcpipreg - ok
    07:10:59.0158 2460 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    07:10:59.0174 2460 TDPIPE - ok
    07:10:59.0174 2460 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    07:10:59.0205 2460 TDTCP - ok
    07:10:59.0205 2460 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    07:10:59.0221 2460 tdx - ok
    07:10:59.0236 2460 [ 13657DC475DE564247745BF4DA23207C ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
    07:10:59.0236 2460 Teefer2 - ok
    07:10:59.0236 2460 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    07:10:59.0252 2460 TermDD - ok
    07:10:59.0267 2460 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    07:10:59.0314 2460 TermService - ok
    07:10:59.0314 2460 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    07:10:59.0330 2460 Themes - ok
    07:10:59.0330 2460 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    07:10:59.0361 2460 THREADORDER - ok
    07:10:59.0361 2460 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    07:10:59.0392 2460 TrkWks - ok
    07:10:59.0408 2460 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    07:10:59.0439 2460 TrustedInstaller - ok
    07:10:59.0439 2460 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    07:10:59.0470 2460 tssecsrv - ok
    07:10:59.0470 2460 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    07:10:59.0486 2460 TsUsbFlt - ok
    07:10:59.0486 2460 tsusbhub - ok
    07:10:59.0501 2460 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    07:10:59.0517 2460 tunnel - ok
    07:10:59.0533 2460 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    07:10:59.0548 2460 uagp35 - ok
    07:10:59.0548 2460 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    07:10:59.0595 2460 udfs - ok
    07:10:59.0595 2460 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    07:10:59.0611 2460 UI0Detect - ok
    07:10:59.0611 2460 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    07:10:59.0626 2460 uliagpkx - ok
    07:10:59.0626 2460 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    07:10:59.0642 2460 umbus - ok
    07:10:59.0642 2460 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    07:10:59.0657 2460 UmPass - ok
    07:10:59.0673 2460 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    07:10:59.0689 2460 UmRdpService - ok
    07:10:59.0704 2460 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    07:10:59.0735 2460 UMVPFSrv - ok
    07:10:59.0735 2460 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    07:10:59.0782 2460 upnphost - ok
    07:10:59.0782 2460 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    07:10:59.0798 2460 usbaudio - ok
    07:10:59.0798 2460 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    07:10:59.0813 2460 usbccgp - ok
    07:10:59.0813 2460 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    07:10:59.0845 2460 usbcir - ok
    07:10:59.0845 2460 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    07:10:59.0860 2460 usbehci - ok
    07:10:59.0860 2460 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    07:10:59.0876 2460 usbhub - ok
    07:10:59.0876 2460 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    07:10:59.0891 2460 usbohci - ok
    07:10:59.0907 2460 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    07:10:59.0923 2460 usbprint - ok
    07:10:59.0923 2460 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
    07:10:59.0938 2460 USBSTOR - ok
    07:10:59.0938 2460 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    07:10:59.0969 2460 usbuhci - ok
    07:10:59.0969 2460 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    07:10:59.0985 2460 usbvideo - ok
    07:11:00.0001 2460 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    07:11:00.0032 2460 UxSms - ok
    07:11:00.0032 2460 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    07:11:00.0047 2460 VaultSvc - ok
    07:11:00.0047 2460 [ C30F3D43CEB6F79ADE9B805387E5F63C ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
    07:11:00.0063 2460 VBoxDrv - ok
    07:11:00.0079 2460 [ 8ACF22B86CE4E85C23E3E9513BF45C37 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
    07:11:00.0094 2460 VBoxNetAdp - ok
    07:11:00.0094 2460 [ 7B657669C53A0E6583F07EBAA303D9EA ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
    07:11:00.0125 2460 VBoxNetFlt - ok
    07:11:00.0125 2460 [ CF3EE68CD9723E9F21E3198A0F690400 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
    07:11:00.0141 2460 VBoxUSBMon - ok
    07:11:00.0157 2460 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    07:11:00.0172 2460 vdrvroot - ok
    07:11:00.0172 2460 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    07:11:00.0219 2460 vds - ok
    07:11:00.0219 2460 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    07:11:00.0235 2460 vga - ok
    07:11:00.0250 2460 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    07:11:00.0266 2460 VgaSave - ok
    07:11:00.0266 2460 VGPU - ok
    07:11:00.0281 2460 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    07:11:00.0297 2460 vhdmp - ok
    07:11:00.0297 2460 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    07:11:00.0313 2460 viaide - ok
    07:11:00.0328 2460 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    07:11:00.0344 2460 vmbus - ok
    07:11:00.0344 2460 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    07:11:00.0375 2460 VMBusHID - ok
    07:11:00.0375 2460 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    07:11:00.0391 2460 volmgr - ok
    07:11:00.0391 2460 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    07:11:00.0422 2460 volmgrx - ok
    07:11:00.0437 2460 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    07:11:00.0469 2460 volsnap - ok
    07:11:00.0469 2460 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    07:11:00.0484 2460 vsmraid - ok
    07:11:00.0500 2460 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    07:11:00.0562 2460 VSS - ok
    07:11:00.0562 2460 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    07:11:00.0578 2460 vwifibus - ok
    07:11:00.0593 2460 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    07:11:00.0656 2460 W32Time - ok
    07:11:00.0656 2460 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    07:11:00.0671 2460 WacomPen - ok
    07:11:00.0671 2460 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    07:11:00.0703 2460 WANARP - ok
    07:11:00.0703 2460 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    07:11:00.0734 2460 Wanarpv6 - ok
    07:11:00.0749 2460 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    07:11:00.0796 2460 WatAdminSvc - ok
    07:11:00.0812 2460 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    07:11:00.0859 2460 wbengine - ok
    07:11:00.0859 2460 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    07:11:00.0890 2460 WbioSrvc - ok
    07:11:00.0890 2460 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    07:11:00.0921 2460 wcncsvc - ok
    07:11:00.0921 2460 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    07:11:00.0952 2460 WcsPlugInService - ok
    07:11:00.0952 2460 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    07:11:00.0968 2460 Wd - ok
    07:11:00.0968 2460 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    07:11:00.0999 2460 Wdf01000 - ok
    07:11:00.0999 2460 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    07:11:01.0030 2460 WdiServiceHost - ok
    07:11:01.0030 2460 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    07:11:01.0061 2460 WdiSystemHost - ok
    07:11:01.0061 2460 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    07:11:01.0093 2460 WebClient - ok
    07:11:01.0093 2460 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    07:11:01.0139 2460 Wecsvc - ok
    07:11:01.0139 2460 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    07:11:01.0171 2460 wercplsupport - ok
    07:11:01.0171 2460 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    07:11:01.0202 2460 WerSvc - ok
    07:11:01.0202 2460 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    07:11:01.0233 2460 WfpLwf - ok
    07:11:01.0233 2460 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    07:11:01.0249 2460 WIMMount - ok
    07:11:01.0249 2460 WinDefend - ok
    07:11:01.0249 2460 WinHttpAutoProxySvc - ok
    07:11:01.0264 2460 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    07:11:01.0295 2460 Winmgmt - ok
    07:11:01.0327 2460 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    07:11:01.0389 2460 WinRM - ok
    07:11:01.0389 2460 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    07:11:01.0405 2460 WinUsb - ok
    07:11:01.0420 2460 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    07:11:01.0451 2460 Wlansvc - ok
    07:11:01.0451 2460 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    07:11:01.0467 2460 WmiAcpi - ok
    07:11:01.0483 2460 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    07:11:01.0498 2460 wmiApSrv - ok
    07:11:01.0498 2460 WMPNetworkSvc - ok
    07:11:01.0498 2460 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    07:11:01.0529 2460 WPCSvc - ok
    07:11:01.0529 2460 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    07:11:01.0545 2460 WPDBusEnum - ok
    07:11:01.0545 2460 [ 6CAB753B203F39B4CE05FF10013DE2EF ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys
    07:11:01.0561 2460 WPS - ok
    07:11:01.0561 2460 [ D9B5A13804B7D97770C42DA484A9D86E ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys
    07:11:01.0576 2460 WpsHelper - ok
    07:11:01.0576 2460 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    07:11:01.0607 2460 ws2ifsl - ok
    07:11:01.0607 2460 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    07:11:01.0623 2460 wscsvc - ok
    07:11:01.0623 2460 WSearch - ok
    07:11:01.0654 2460 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    07:11:01.0701 2460 wuauserv - ok
    07:11:01.0701 2460 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    07:11:01.0732 2460 WudfPf - ok
    07:11:01.0732 2460 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    07:11:01.0779 2460 WUDFRd - ok
    07:11:01.0779 2460 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    07:11:01.0795 2460 wudfsvc - ok
    07:11:01.0810 2460 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    07:11:01.0826 2460 WwanSvc - ok
    07:11:01.0841 2460 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
    07:11:01.0873 2460 xnacc - ok
    07:11:01.0873 2460 ================ Scan global ===============================
    07:11:01.0873 2460 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    07:11:01.0888 2460 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    07:11:01.0888 2460 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    07:11:01.0888 2460 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    07:11:01.0904 2460 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    07:11:01.0904 2460 [Global] - ok
    07:11:01.0904 2460 ================ Scan MBR ==================================
    07:11:01.0904 2460 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    07:11:01.0982 2460 \Device\Harddisk0\DR0 - ok
    07:11:01.0982 2460 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    07:11:02.0060 2460 \Device\Harddisk1\DR1 - ok
    07:11:02.0060 2460 ================ Scan VBR ==================================
    07:11:02.0060 2460 [ 636D0A9EC641E2FF1E66A39B10483645 ] \Device\Harddisk0\DR0\Partition1
    07:11:02.0060 2460 \Device\Harddisk0\DR0\Partition1 - ok
    07:11:02.0060 2460 [ 16E8EE5F123D443394A4FF1E80080C23 ] \Device\Harddisk0\DR0\Partition2
    07:11:02.0060 2460 \Device\Harddisk0\DR0\Partition2 - ok
    07:11:02.0060 2460 [ F105F13B2D1655D1C562BD8A4B849143 ] \Device\Harddisk1\DR1\Partition1
    07:11:02.0060 2460 \Device\Harddisk1\DR1\Partition1 - ok
    07:11:02.0060 2460 [ EAA3830BA643D1298B2AE2406C48A2BB ] \Device\Harddisk1\DR1\Partition2
    07:11:02.0060 2460 \Device\Harddisk1\DR1\Partition2 - ok
    07:11:02.0091 2460 [ FA5598708FB1D0C748BBD778327DD0F8 ] \Device\Harddisk1\DR1\Partition3
    07:11:02.0091 2460 \Device\Harddisk1\DR1\Partition3 - ok
    07:11:02.0091 2460 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition4
    07:11:02.0091 2460 \Device\Harddisk1\DR1\Partition4 - ok
    07:11:02.0091 2460 ============================================================
    07:11:02.0091 2460 Scan finished
    07:11:02.0091 2460 ============================================================
    07:11:02.0091 1796 Detected object count: 1
    07:11:02.0091 1796 Actual detected object count: 1
    07:11:26.0879 1796 sptd ( LockedFile.Multi.Generic ) - skipped by user
    07:11:26.0879 1796 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    07:11:32.0745 4580 Deinitialize success
     
  12. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    One suspicious file found.
     
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    That's a CD/DVD emulation driver, a driver file used to help write data to discs.

    It's common for it to be detected as rootkits.

    avast! aswMBR

    Please download aswMBR from here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below
    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    Dr. Web CureIt!

    Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

    • Double-click on drweb-cureit.exe to start the program.
      An Express Scan of your PC notice will appear.
    • Under Start the Express Scan Now, Click OK to start the scan.
      This is a short scan that will scan the files currently running in memory.
      If something is found, click the Yes button when it asks you if you want to cure it.
    • Once the short scan has finished, Click Options > Change settings
    • Choose the Scan tab and UNcheck Heuristic analysis
    • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
    • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
    • When finished, a message will be displayed at the bottom advising if any viruses were found.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can see the icon next to the files found.
      If so, click it, then click the next icon right below and select Move incurable.
      (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
    • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
    • Save the DrWeb.csv report to your Desktop.
    • Exit Dr.Web Cureit when you have finished.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
     
  14. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    The aswMBR version I downloaded is different than the one pictured, and had options for an antivirus scan. I skipped that and only did a basic scan. I hope that was correct. Here is that log.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-21 18:01:59
    -----------------------------
    18:01:59.193 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:01:59.193 Number of processors: 4 586 0x2A07
    18:01:59.193 ComputerName: SHEPARD UserName: Andrew
    18:01:59.423 Initialize success
    18:02:04.093 AVAST engine defs: 12092100
    18:02:08.803 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    18:02:08.803 Disk 0 Vendor: INTEL_SSDSA2CW080G3 4PC10302 Size: 76319MB BusType: 3
    18:02:08.813 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
    18:02:08.813 Disk 1 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
    18:02:08.823 Disk 0 MBR read successfully
    18:02:08.823 Disk 0 MBR scan
    18:02:08.833 Disk 0 Windows 7 default MBR code
    18:02:08.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    18:02:08.853 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
    18:02:08.893 Disk 0 scanning C:\Windows\system32\drivers
    18:02:14.043 Service scanning
    18:02:23.313 Modules scanning
    18:02:23.313 Disk 0 trace - called modules:
    18:02:23.323 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80079fa2c0]<<spxe.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    18:02:23.333 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e65060]
    18:02:23.333 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8007b99520]
    18:02:23.353 5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b95680]
    18:02:23.363 \Driver\atapi[0xfffffa8007b54700] -> IRP_MJ_CREATE -> 0xfffffa80079fa2c0
    18:02:23.363 Scan finished successfully
    18:02:29.753 Disk 0 MBR has been saved successfully to "C:\Users\Andrew\Desktop\MBR.dat"
    18:02:29.763 The log file has been saved successfully to "C:\Users\Andrew\Desktop\aswMBR.txt"


    The line with \Driver\atapi[...] was red in the output screen.
     
  15. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    DrWeb:

    OTL.exe;C:\Documents and Settings\Andrew\Downloads;Trojan.Siggen4.14927;Incurable.Moved.;

    I downloaded OTL earlier and ran it's scan while working on the problem myself.
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    That's fine. What other issues are being experienced?
     
  17. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    The only thing I was noticing was the randomly named .sys file in system32/drivers, and the supposedly infected wbamess.dll that UnhackMe was complaining about, but other than that I wasn't noticing anything. Since the issue has been resolved in Firefox and Chrome via reinstalls, maybe there isn't anything left, but I wanted to be completely sure there wasn't still a passive backdoor or keylogger or something lurking around.
     
  18. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    If it seems that I'm clean, then I greatly appreciate you taking the time to help me confirm that, and sorry it wasn't very interesting :)

    Out of curiosity, when I ran gmer, a bunch of the checkboxes on the top were greyed out and unselectable. What does that mean?
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please run this scan to check for remnants:

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
     
  20. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    Thanks, will do!

    Unfortunately I've been called away from home for a week for work :( I'll have to do it when I get back, a week from now. Thanks for the patience!
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Okay. Topic marked inactive.
     
  22. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    ESET found nothing on my C:\ drive, currently chugging through my games and media drives. I'll rescan those in the morning, I need to go to sleep.
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Okie dokie.
     
  24. Slizyboy

    Slizyboy TS Rookie Topic Starter Posts: 18

    ESET found 0 threats.
     
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Let's finish up. :)

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...