Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus


  • Please log in to reply
13 replies to this topic

#1 bugging57

bugging57

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 22 June 2012 - 02:51 PM

My computer is infected with a search engine redirect virus.

I am running windows 7. This is my work computer and it is on a network. One of the other computers had a keylogger and our company credit card information was stolen and they helped themselves to $6000 through paypal.


I am running Norton 360. It keeps finding and removing viruses but they come back right away. I have used Norton Power Eraser. It didnt help. I have run Ad-Aware and it didn't help. I have run Malwarebytes and it keeps finding viruses and removes them but they come back right away. I have run Advanced System Care and it finds lots of junk but, again, the problems keep coming back.

Norton keeps finding Hacktool.Rootkit and removing it but it returns.

Malwarebytes keeps finding Trojan.Dropper.BCMiner but it returns right away.

Please help me!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:39 PM

Posted 22 June 2012 - 02:55 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 bugging57

bugging57
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 22 June 2012 - 06:43 PM

13:14:24.0594 6260 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
13:14:24.0969 6260 ============================================================
13:14:24.0969 6260 Current date / time: 2012/06/22 13:14:24.0969
13:14:24.0969 6260 SystemInfo:
13:14:24.0969 6260
13:14:24.0969 6260 OS Version: 6.1.7601 ServicePack: 1.0
13:14:24.0969 6260 Product type: Workstation
13:14:24.0969 6260 ComputerName: CATIA2
13:14:24.0969 6260 UserName: Glen
13:14:24.0969 6260 Windows directory: C:\Windows
13:14:24.0969 6260 System windows directory: C:\Windows
13:14:24.0969 6260 Running under WOW64
13:14:24.0969 6260 Processor architecture: Intel x64
13:14:24.0969 6260 Number of processors: 8
13:14:24.0969 6260 Page size: 0x1000
13:14:24.0969 6260 Boot type: Normal boot
13:14:24.0969 6260 ============================================================
13:14:31.0739 6260 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1600000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:14:31.0739 6260 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:14:31.0770 6260 ============================================================
13:14:31.0770 6260 \Device\Harddisk0\DR0:
13:14:31.0770 6260 MBR partitions:
13:14:31.0770 6260 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:14:31.0770 6260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD3800
13:14:31.0770 6260 \Device\Harddisk1\DR1:
13:14:31.0770 6260 MBR partitions:
13:14:31.0770 6260 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
13:14:31.0770 6260 ============================================================
13:14:31.0786 6260 C: <-> \Device\Harddisk0\DR0\Partition1
13:14:31.0817 6260 E: <-> \Device\Harddisk1\DR1\Partition0
13:14:31.0817 6260 ============================================================
13:14:31.0817 6260 Initialize success
13:14:31.0817 6260 ============================================================
13:14:49.0745 5844 ============================================================
13:14:49.0745 5844 Scan started
13:14:49.0745 5844 Mode: Manual; TDLFS;
13:14:49.0745 5844 ============================================================
13:14:51.0445 5844 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
13:14:51.0445 5844 1394ohci - ok
13:14:51.0492 5844 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:14:51.0492 5844 ACPI - ok
13:14:51.0508 5844 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:14:51.0508 5844 AcpiPmi - ok
13:14:51.0679 5844 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
13:14:51.0679 5844 Ad-Aware Service - ok
13:14:51.0788 5844 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:14:51.0788 5844 AdobeARMservice - ok
13:14:51.0991 5844 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:14:51.0991 5844 AdobeFlashPlayerUpdateSvc - ok
13:14:52.0069 5844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:14:52.0069 5844 adp94xx - ok
13:14:52.0116 5844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:14:52.0116 5844 adpahci - ok
13:14:52.0132 5844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:14:52.0132 5844 adpu320 - ok
13:14:52.0319 5844 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
13:14:52.0334 5844 AdvancedSystemCareService5 - ok
13:14:52.0381 5844 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:14:52.0381 5844 AeLookupSvc - ok
13:14:52.0444 5844 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:14:52.0459 5844 AFD - ok
13:14:52.0475 5844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:14:52.0475 5844 agp440 - ok
13:14:52.0506 5844 AiCharger (a41b855edc1f141851e27f984827942c) C:\Windows\system32\DRIVERS\AiCharger.sys
13:14:52.0506 5844 AiCharger - ok
13:14:52.0522 5844 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:14:52.0522 5844 ALG - ok
13:14:52.0553 5844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:14:52.0568 5844 aliide - ok
13:14:52.0568 5844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:14:52.0584 5844 amdide - ok
13:14:52.0600 5844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:14:52.0600 5844 AmdK8 - ok
13:14:52.0615 5844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:14:52.0615 5844 AmdPPM - ok
13:14:52.0646 5844 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:14:52.0646 5844 amdsata - ok
13:14:52.0662 5844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:14:52.0662 5844 amdsbs - ok
13:14:52.0693 5844 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:14:52.0693 5844 amdxata - ok
13:14:52.0724 5844 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:14:52.0724 5844 AppID - ok
13:14:52.0740 5844 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:14:52.0740 5844 AppIDSvc - ok
13:14:52.0756 5844 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:14:52.0756 5844 Appinfo - ok
13:14:52.0834 5844 Application Updater (592f7ae254995274e166eec95c28f551) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
13:14:52.0849 5844 Application Updater - ok
13:14:52.0896 5844 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:14:52.0896 5844 AppMgmt - ok
13:14:52.0896 5844 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:14:52.0896 5844 arc - ok
13:14:52.0912 5844 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:14:52.0912 5844 arcsas - ok
13:14:53.0052 5844 asComSvc (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
13:14:53.0068 5844 asComSvc - ok
13:14:53.0083 5844 ASDiskUnlocker (c6c1fba3b599f2bfeab467dc9e66aa5e) C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
13:14:53.0083 5844 ASDiskUnlocker - ok
13:14:53.0083 5844 ASFLTDrv.sys (2921131f9a111fd6c6d2c5e1e5b6b75c) C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys
13:14:53.0099 5844 ASFLTDrv.sys - ok
13:14:53.0192 5844 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
13:14:53.0208 5844 asHmComSvc - ok
13:14:53.0317 5844 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
13:14:53.0317 5844 AsIO - ok
13:14:53.0411 5844 asmthub3 (718692fff22d6af47eba0a741a924921) C:\Windows\system32\DRIVERS\asmthub3.sys
13:14:53.0411 5844 asmthub3 - ok
13:14:53.0489 5844 asmtxhci (bad70a5ac534c108f680a33c654bc626) C:\Windows\system32\DRIVERS\asmtxhci.sys
13:14:53.0489 5844 asmtxhci - ok
13:14:53.0567 5844 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:14:53.0582 5844 aspnet_state - ok
13:14:53.0645 5844 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
13:14:53.0645 5844 AsSysCtrlService - ok
13:14:53.0692 5844 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
13:14:53.0692 5844 AsUpIO - ok
13:14:53.0738 5844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:14:53.0738 5844 AsyncMac - ok
13:14:53.0754 5844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:14:53.0754 5844 atapi - ok
13:14:53.0785 5844 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:14:53.0785 5844 AudioEndpointBuilder - ok
13:14:53.0801 5844 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:14:53.0801 5844 AudioSrv - ok
13:14:53.0816 5844 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:14:53.0816 5844 AxInstSV - ok
13:14:53.0863 5844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:14:53.0863 5844 b06bdrv - ok
13:14:53.0894 5844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:14:53.0894 5844 b57nd60a - ok
13:14:54.0097 5844 BBDemon (b9342bfd65ad21398e1863a946fbee2e) C:\Program Files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe
13:14:54.0097 5844 BBDemon - ok
13:14:54.0128 5844 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:14:54.0128 5844 BDESVC - ok
13:14:54.0144 5844 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:14:54.0144 5844 Beep - ok
13:14:54.0472 5844 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20111201.001\BHDrvx64.sys
13:14:54.0472 5844 BHDrvx64 - ok
13:14:54.0519 5844 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:14:54.0519 5844 BITS - ok
13:14:54.0534 5844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:14:54.0550 5844 blbdrive - ok
13:14:54.0597 5844 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:14:54.0597 5844 bowser - ok
13:14:54.0597 5844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:14:54.0597 5844 BrFiltLo - ok
13:14:54.0612 5844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:14:54.0612 5844 BrFiltUp - ok
13:14:54.0643 5844 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:14:54.0643 5844 Browser - ok
13:14:54.0659 5844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:14:54.0675 5844 Brserid - ok
13:14:54.0675 5844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:14:54.0675 5844 BrSerWdm - ok
13:14:54.0690 5844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:14:54.0706 5844 BrUsbMdm - ok
13:14:54.0706 5844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:14:54.0706 5844 BrUsbSer - ok
13:14:54.0721 5844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:14:54.0721 5844 BTHMODEM - ok
13:14:54.0753 5844 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:14:54.0753 5844 bthserv - ok
13:14:54.0831 5844 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
13:14:54.0831 5844 ccSet_N360 - ok
13:14:54.0862 5844 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:14:54.0862 5844 cdfs - ok
13:14:54.0909 5844 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:14:54.0909 5844 cdrom - ok
13:14:54.0924 5844 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:14:54.0924 5844 CertPropSvc - ok
13:14:54.0940 5844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:14:54.0955 5844 circlass - ok
13:14:55.0002 5844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:14:55.0002 5844 CLFS - ok
13:14:55.0049 5844 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:14:55.0049 5844 clr_optimization_v2.0.50727_32 - ok
13:14:55.0111 5844 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:14:55.0111 5844 clr_optimization_v2.0.50727_64 - ok
13:14:55.0236 5844 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) c:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:14:55.0236 5844 clr_optimization_v4.0.30319_32 - ok
13:14:55.0330 5844 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:14:55.0330 5844 clr_optimization_v4.0.30319_64 - ok
13:14:55.0377 5844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:14:55.0377 5844 CmBatt - ok
13:14:55.0392 5844 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:14:55.0408 5844 cmdide - ok
13:14:55.0455 5844 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:14:55.0455 5844 CNG - ok
13:14:55.0470 5844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:14:55.0486 5844 Compbatt - ok
13:14:55.0501 5844 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:14:55.0501 5844 CompositeBus - ok
13:14:55.0517 5844 COMSysApp - ok
13:14:55.0517 5844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:14:55.0517 5844 crcdisk - ok
13:14:55.0548 5844 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:14:55.0548 5844 CryptSvc - ok
13:14:55.0579 5844 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:14:55.0595 5844 CSC - ok
13:14:55.0642 5844 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:14:55.0642 5844 CscService - ok
13:14:55.0735 5844 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:14:55.0735 5844 DcomLaunch - ok
13:14:55.0767 5844 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:14:55.0767 5844 defragsvc - ok
13:14:55.0829 5844 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:14:55.0829 5844 DfsC - ok
13:14:55.0860 5844 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:14:55.0860 5844 Dhcp - ok
13:14:55.0860 5844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:14:55.0860 5844 discache - ok
13:14:55.0876 5844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:14:55.0891 5844 Disk - ok
13:14:55.0907 5844 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
13:14:55.0907 5844 dmvsc - ok
13:14:55.0969 5844 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:14:55.0969 5844 Dnscache - ok
13:14:55.0985 5844 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:14:56.0001 5844 dot3svc - ok
13:14:56.0047 5844 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:14:56.0047 5844 Dot4 - ok
13:14:56.0047 5844 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:14:56.0063 5844 Dot4Print - ok
13:14:56.0079 5844 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:14:56.0094 5844 dot4usb - ok
13:14:56.0110 5844 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:14:56.0110 5844 DPS - ok
13:14:56.0157 5844 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:14:56.0157 5844 drmkaud - ok
13:14:56.0203 5844 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:14:56.0203 5844 DXGKrnl - ok
13:14:56.0235 5844 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:14:56.0235 5844 EapHost - ok
13:14:56.0359 5844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:14:56.0375 5844 ebdrv - ok
13:14:56.0500 5844 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:14:56.0500 5844 eeCtrl - ok
13:14:56.0578 5844 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:14:56.0578 5844 EFS - ok
13:14:56.0671 5844 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:14:56.0671 5844 ehRecvr - ok
13:14:56.0703 5844 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:14:56.0703 5844 ehSched - ok
13:14:56.0765 5844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:14:56.0781 5844 elxstor - ok
13:14:56.0874 5844 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:14:56.0890 5844 EraserUtilRebootDrv - ok
13:14:56.0890 5844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:14:56.0890 5844 ErrDev - ok
13:14:56.0999 5844 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:14:57.0015 5844 EventSystem - ok
13:14:57.0046 5844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:14:57.0046 5844 exfat - ok
13:14:57.0077 5844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:14:57.0093 5844 fastfat - ok
13:14:57.0155 5844 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:14:57.0155 5844 Fax - ok
13:14:57.0155 5844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:14:57.0171 5844 fdc - ok
13:14:57.0171 5844 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:14:57.0171 5844 fdPHost - ok
13:14:57.0186 5844 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:14:57.0186 5844 FDResPub - ok
13:14:57.0202 5844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:14:57.0202 5844 FileInfo - ok
13:14:57.0217 5844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:14:57.0217 5844 Filetrace - ok
13:14:57.0233 5844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:14:57.0233 5844 flpydisk - ok
13:14:57.0264 5844 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:14:57.0264 5844 FltMgr - ok
13:14:57.0327 5844 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:14:57.0342 5844 FontCache - ok
13:14:57.0389 5844 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:14:57.0389 5844 FontCache3.0.0.0 - ok
13:14:57.0405 5844 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:14:57.0405 5844 FsDepends - ok
13:14:57.0436 5844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:14:57.0436 5844 Fs_Rec - ok
13:14:57.0483 5844 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:14:57.0483 5844 fvevol - ok
13:14:57.0514 5844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:14:57.0514 5844 gagp30kx - ok
13:14:57.0592 5844 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
13:14:57.0592 5844 ggflt - ok
13:14:57.0623 5844 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
13:14:57.0623 5844 ggsemc - ok
13:14:57.0685 5844 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:14:57.0685 5844 gpsvc - ok
13:14:57.0748 5844 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:14:57.0748 5844 gupdate - ok
13:14:57.0748 5844 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:14:57.0748 5844 gupdatem - ok
13:14:57.0779 5844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:14:57.0779 5844 hcw85cir - ok
13:14:57.0810 5844 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:14:57.0810 5844 HdAudAddService - ok
13:14:57.0841 5844 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:14:57.0841 5844 HDAudBus - ok
13:14:57.0841 5844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:14:57.0857 5844 HidBatt - ok
13:14:57.0857 5844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:14:57.0873 5844 HidBth - ok
13:14:57.0904 5844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:14:57.0919 5844 HidIr - ok
13:14:57.0951 5844 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:14:57.0951 5844 hidserv - ok
13:14:57.0966 5844 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:14:57.0966 5844 HidUsb - ok
13:14:57.0997 5844 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:14:57.0997 5844 hkmsvc - ok
13:14:57.0997 5844 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:14:57.0997 5844 HomeGroupListener - ok
13:14:58.0075 5844 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:14:58.0075 5844 HomeGroupProvider - ok
13:14:58.0231 5844 hpqcxs08 (08457d8f8149757c70cea59c71ec5d27) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:14:58.0231 5844 hpqcxs08 - ok
13:14:58.0247 5844 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:14:58.0247 5844 hpqddsvc - ok
13:14:58.0263 5844 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:14:58.0263 5844 HpSAMD - ok
13:14:58.0403 5844 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:14:58.0403 5844 HPSLPSVC - ok
13:14:58.0465 5844 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:14:58.0465 5844 HTTP - ok
13:14:58.0481 5844 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:14:58.0481 5844 hwpolicy - ok
13:14:58.0512 5844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:14:58.0512 5844 i8042prt - ok
13:14:58.0575 5844 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:14:58.0590 5844 iaStorV - ok
13:14:58.0653 5844 IBM LUM CR (395af2e7bb512008ad72528289e63ff4) C:\IFOR\WIN\BIN\I4GDB.EXE
13:14:58.0653 5844 IBM LUM CR - ok
13:14:58.0699 5844 IBM LUM LMD (e63894a2e627fc8dc5691bca559d3f31) C:\IFOR\WIN\BIN\I4LMD.EXE
13:14:58.0715 5844 IBM LUM LMD - ok
13:14:58.0731 5844 IBM LUM NDL (ae4f28f188457ab26c55a7eacb753be7) C:\IFOR\WIN\BIN\I4LLMD.EXE
13:14:58.0746 5844 IBM LUM NDL - ok
13:14:58.0777 5844 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
13:14:58.0777 5844 ICCWDT - ok
13:14:58.0855 5844 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:14:58.0855 5844 IDriverT - ok
13:14:59.0011 5844 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:14:59.0011 5844 idsvc - ok
13:14:59.0370 5844 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120618.004\IDSvia64.sys
13:14:59.0386 5844 IDSVia64 - ok
13:14:59.0495 5844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:14:59.0495 5844 iirsp - ok
13:14:59.0573 5844 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:14:59.0573 5844 IKEEXT - ok
13:14:59.0760 5844 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
13:14:59.0776 5844 IntcAzAudAddService - ok
13:14:59.0869 5844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:14:59.0869 5844 intelide - ok
13:14:59.0885 5844 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:14:59.0885 5844 intelppm - ok
13:14:59.0916 5844 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:14:59.0932 5844 IPBusEnum - ok
13:14:59.0947 5844 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:14:59.0947 5844 IpFilterDriver - ok
13:14:59.0963 5844 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:14:59.0963 5844 IPMIDRV - ok
13:14:59.0979 5844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:14:59.0979 5844 IPNAT - ok
13:14:59.0979 5844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:14:59.0979 5844 IRENUM - ok
13:14:59.0994 5844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:14:59.0994 5844 isapnp - ok
13:15:00.0025 5844 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:15:00.0041 5844 iScsiPrt - ok
13:15:00.0072 5844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:15:00.0072 5844 kbdclass - ok
13:15:00.0088 5844 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:15:00.0103 5844 kbdhid - ok
13:15:00.0119 5844 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:15:00.0119 5844 KeyIso - ok
13:15:00.0135 5844 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:15:00.0150 5844 KSecDD - ok
13:15:00.0181 5844 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:15:00.0181 5844 KSecPkg - ok
13:15:00.0197 5844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:15:00.0197 5844 ksthunk - ok
13:15:00.0244 5844 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:15:00.0244 5844 KtmRm - ok
13:15:00.0306 5844 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:15:00.0322 5844 LanmanServer - ok
13:15:00.0322 5844 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:15:00.0337 5844 LanmanWorkstation - ok
13:15:00.0353 5844 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:15:00.0369 5844 lltdio - ok
13:15:00.0415 5844 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:15:00.0415 5844 lltdsvc - ok
13:15:00.0431 5844 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:15:00.0431 5844 lmhosts - ok
13:15:00.0462 5844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:15:00.0462 5844 LSI_FC - ok
13:15:00.0493 5844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:15:00.0493 5844 LSI_SAS - ok
13:15:00.0493 5844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:15:00.0493 5844 LSI_SAS2 - ok
13:15:00.0525 5844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:15:00.0525 5844 LSI_SCSI - ok
13:15:00.0540 5844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:15:00.0540 5844 luafv - ok
13:15:00.0556 5844 LUMDriver (6e8eae4df2e72362eee0410073019085) C:\Windows\system32\drivers\LUMDriver.sys
13:15:00.0571 5844 LUMDriver - ok
13:15:00.0587 5844 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:15:00.0821 5844 MBAMProtector - ok
13:15:00.0915 5844 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:15:00.0915 5844 MBAMService - ok
13:15:01.0008 5844 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:15:01.0039 5844 Mcx2Svc - ok
13:15:01.0039 5844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:15:01.0039 5844 megasas - ok
13:15:01.0055 5844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:15:01.0055 5844 MegaSR - ok
13:15:01.0086 5844 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:15:01.0102 5844 MEIx64 - ok
13:15:01.0133 5844 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:15:01.0133 5844 MMCSS - ok
13:15:01.0149 5844 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:15:01.0149 5844 Modem - ok
13:15:01.0164 5844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:15:01.0164 5844 monitor - ok
13:15:01.0180 5844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:15:01.0180 5844 mouclass - ok
13:15:01.0195 5844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:15:01.0195 5844 mouhid - ok
13:15:01.0211 5844 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:15:01.0227 5844 mountmgr - ok
13:15:01.0227 5844 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:15:01.0227 5844 mpio - ok
13:15:01.0258 5844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:15:01.0258 5844 mpsdrv - ok
13:15:01.0305 5844 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:15:01.0320 5844 MRxDAV - ok
13:15:01.0351 5844 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:15:01.0351 5844 mrxsmb - ok
13:15:01.0398 5844 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:15:01.0398 5844 mrxsmb10 - ok
13:15:01.0429 5844 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:15:01.0429 5844 mrxsmb20 - ok
13:15:01.0429 5844 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:15:01.0445 5844 msahci - ok
13:15:01.0461 5844 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:15:01.0476 5844 msdsm - ok
13:15:01.0523 5844 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:15:01.0523 5844 MSDTC - ok
13:15:01.0539 5844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:15:01.0539 5844 Msfs - ok
13:15:01.0570 5844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:15:01.0570 5844 mshidkmdf - ok
13:15:01.0585 5844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:15:01.0585 5844 msisadrv - ok
13:15:01.0632 5844 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:15:01.0632 5844 MSiSCSI - ok
13:15:01.0632 5844 msiserver - ok
13:15:01.0663 5844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:15:01.0663 5844 MSKSSRV - ok
13:15:01.0663 5844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:15:01.0679 5844 MSPCLOCK - ok
13:15:01.0695 5844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:15:01.0695 5844 MSPQM - ok
13:15:01.0726 5844 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:15:01.0726 5844 MsRPC - ok
13:15:01.0741 5844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:15:01.0741 5844 mssmbios - ok
13:15:01.0757 5844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:15:01.0757 5844 MSTEE - ok
13:15:01.0788 5844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:15:01.0804 5844 MTConfig - ok
13:15:01.0819 5844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:15:01.0819 5844 Mup - ok
13:15:02.0038 5844 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
13:15:02.0038 5844 N360 - ok
13:15:02.0085 5844 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:15:02.0085 5844 napagent - ok
13:15:02.0116 5844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:15:02.0116 5844 NativeWifiP - ok
13:15:02.0256 5844 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120622.005\ENG64.SYS
13:15:02.0256 5844 NAVENG - ok
13:15:02.0350 5844 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120622.005\EX64.SYS
13:15:02.0350 5844 NAVEX15 - ok
13:15:02.0506 5844 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:15:02.0506 5844 NDIS - ok
13:15:02.0537 5844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:15:02.0537 5844 NdisCap - ok
13:15:02.0553 5844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:15:02.0553 5844 NdisTapi - ok
13:15:02.0568 5844 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:15:02.0568 5844 Ndisuio - ok
13:15:02.0599 5844 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:15:02.0599 5844 NdisWan - ok
13:15:02.0615 5844 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:15:02.0631 5844 NDProxy - ok
13:15:02.0709 5844 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
13:15:02.0709 5844 Net Driver HPZ12 - ok
13:15:02.0724 5844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:15:02.0724 5844 NetBIOS - ok
13:15:02.0755 5844 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:15:02.0755 5844 NetBT - ok
13:15:02.0771 5844 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:15:02.0771 5844 Netlogon - ok
13:15:02.0833 5844 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:15:02.0833 5844 Netman - ok
13:15:03.0052 5844 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:15:03.0052 5844 NetMsmqActivator - ok
13:15:03.0052 5844 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:15:03.0052 5844 NetPipeActivator - ok
13:15:03.0083 5844 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:15:03.0083 5844 netprofm - ok
13:15:03.0114 5844 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:15:03.0114 5844 NetTcpActivator - ok
13:15:03.0114 5844 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:15:03.0114 5844 NetTcpPortSharing - ok
13:15:03.0161 5844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:15:03.0161 5844 nfrd960 - ok
13:15:03.0192 5844 NIS - ok
13:15:03.0223 5844 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:15:03.0223 5844 NlaSvc - ok
13:15:03.0239 5844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:15:03.0239 5844 Npfs - ok
13:15:03.0270 5844 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:15:03.0270 5844 nsi - ok
13:15:03.0286 5844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:15:03.0286 5844 nsiproxy - ok
13:15:03.0379 5844 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:15:03.0395 5844 Ntfs - ok
13:15:03.0457 5844 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:15:03.0457 5844 Null - ok
13:15:04.0191 5844 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:15:04.0253 5844 nvlddmkm - ok
13:15:04.0331 5844 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:15:04.0347 5844 nvraid - ok
13:15:04.0378 5844 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:15:04.0378 5844 nvstor - ok
13:15:04.0440 5844 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
13:15:04.0456 5844 nvsvc - ok
13:15:04.0596 5844 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:15:04.0596 5844 nvUpdatusService - ok
13:15:04.0643 5844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:15:04.0659 5844 nv_agp - ok
13:15:04.0659 5844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:15:04.0659 5844 ohci1394 - ok
13:15:04.0721 5844 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:15:04.0721 5844 ose - ok
13:15:05.0205 5844 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:15:05.0220 5844 osppsvc - ok
13:15:05.0298 5844 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:15:05.0298 5844 p2pimsvc - ok
13:15:05.0345 5844 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:15:05.0345 5844 p2psvc - ok
13:15:05.0376 5844 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:15:05.0376 5844 Parport - ok
13:15:05.0392 5844 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:15:05.0392 5844 partmgr - ok
13:15:05.0423 5844 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:15:05.0423 5844 PcaSvc - ok
13:15:05.0454 5844 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:15:05.0454 5844 pci - ok
13:15:05.0454 5844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:15:05.0470 5844 pciide - ok
13:15:05.0485 5844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:15:05.0501 5844 pcmcia - ok
13:15:05.0501 5844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:15:05.0501 5844 pcw - ok
13:15:05.0579 5844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:15:05.0579 5844 PEAUTH - ok
13:15:05.0673 5844 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:15:05.0673 5844 PeerDistSvc - ok
13:15:05.0735 5844 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:15:05.0735 5844 PerfHost - ok
13:15:05.0844 5844 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:15:05.0860 5844 pla - ok
13:15:05.0938 5844 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:15:05.0938 5844 PlugPlay - ok
13:15:06.0000 5844 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
13:15:06.0000 5844 Pml Driver HPZ12 - ok
13:15:06.0016 5844 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:15:06.0016 5844 PNRPAutoReg - ok
13:15:06.0031 5844 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:15:06.0031 5844 PNRPsvc - ok
13:15:06.0094 5844 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:15:06.0109 5844 PolicyAgent - ok
13:15:06.0125 5844 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:15:06.0125 5844 Power - ok
13:15:06.0156 5844 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:15:06.0172 5844 PptpMiniport - ok
13:15:06.0172 5844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:15:06.0187 5844 Processor - ok
13:15:06.0421 5844 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:15:06.0437 5844 ProfSvc - ok
13:15:06.0453 5844 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:15:06.0453 5844 ProtectedStorage - ok
13:15:06.0468 5844 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:15:06.0468 5844 Psched - ok
13:15:06.0531 5844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:15:06.0562 5844 ql2300 - ok
13:15:06.0624 5844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:15:06.0624 5844 ql40xx - ok
13:15:06.0671 5844 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:15:06.0671 5844 QWAVE - ok
13:15:06.0671 5844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:15:06.0671 5844 QWAVEdrv - ok
13:15:06.0687 5844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:15:06.0687 5844 RasAcd - ok
13:15:06.0718 5844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:15:06.0733 5844 RasAgileVpn - ok
13:15:06.0749 5844 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:15:06.0765 5844 RasAuto - ok
13:15:06.0780 5844 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:15:06.0780 5844 Rasl2tp - ok
13:15:06.0811 5844 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:15:06.0827 5844 RasMan - ok
13:15:06.0843 5844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:15:06.0858 5844 RasPppoe - ok
13:15:06.0874 5844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:15:06.0874 5844 RasSstp - ok
13:15:06.0921 5844 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:15:06.0921 5844 rdbss - ok
13:15:06.0921 5844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:15:06.0921 5844 rdpbus - ok
13:15:06.0983 5844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:15:06.0999 5844 RDPCDD - ok
13:15:07.0045 5844 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:15:07.0061 5844 RDPDR - ok
13:15:07.0077 5844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:15:07.0077 5844 RDPENCDD - ok
13:15:07.0108 5844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:15:07.0108 5844 RDPREFMP - ok
13:15:07.0139 5844 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:15:07.0155 5844 RDPWD - ok
13:15:07.0186 5844 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:15:07.0186 5844 rdyboost - ok
13:15:07.0357 5844 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:15:07.0373 5844 RemoteAccess - ok
13:15:07.0404 5844 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:15:07.0404 5844 RemoteRegistry - ok
13:15:07.0420 5844 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:15:07.0420 5844 RpcEptMapper - ok
13:15:07.0467 5844 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:15:07.0467 5844 RpcLocator - ok
13:15:07.0498 5844 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:15:07.0498 5844 RpcSs - ok
13:15:07.0513 5844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:15:07.0529 5844 rspndr - ok
13:15:07.0576 5844 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:15:07.0576 5844 RTL8167 - ok
13:15:07.0591 5844 RtNdPt60 (e16b7c030a05ef649b18fab0a93d871f) C:\Windows\system32\DRIVERS\RtNdPt60.sys
13:15:07.0591 5844 RtNdPt60 - ok
13:15:07.0623 5844 RTTEAMPT (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys
13:15:07.0623 5844 RTTEAMPT - ok
13:15:07.0654 5844 RTVLANPT (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVlan60.sys
13:15:07.0654 5844 RTVLANPT - ok
13:15:07.0669 5844 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:15:07.0669 5844 s3cap - ok
13:15:07.0685 5844 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:15:07.0685 5844 SamSs - ok
13:15:07.0903 5844 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
13:15:07.0919 5844 SBAMSvc - ok
13:15:08.0013 5844 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
13:15:08.0013 5844 sbapifs - ok
13:15:08.0075 5844 SbFw (19954328dda3d656f8a879b3a46ffed6) C:\Windows\system32\drivers\SbFw.sys
13:15:08.0091 5844 SbFw - ok
13:15:08.0122 5844 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\sbfwim.sys
13:15:08.0122 5844 SBFWIMCL - ok
13:15:08.0122 5844 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\SBFWIM.sys
13:15:08.0122 5844 SBFWIMCLMP - ok
13:15:08.0153 5844 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys
13:15:08.0153 5844 sbhips - ok
13:15:08.0184 5844 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:15:08.0184 5844 sbp2port - ok
13:15:08.0215 5844 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
13:15:08.0215 5844 SBRE - ok
13:15:08.0262 5844 sbwtis (eab54adcceca64b2f38cd859fb494895) C:\Windows\system32\DRIVERS\sbwtis.sys
13:15:08.0262 5844 sbwtis - ok
13:15:08.0293 5844 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:15:08.0293 5844 SCardSvr - ok
13:15:08.0309 5844 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:15:08.0309 5844 scfilter - ok
13:15:08.0387 5844 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:15:08.0387 5844 Schedule - ok
13:15:08.0403 5844 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:15:08.0403 5844 SCPolicySvc - ok
13:15:08.0418 5844 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:15:08.0418 5844 SDRSVC - ok
13:15:08.0449 5844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:15:08.0449 5844 secdrv - ok
13:15:08.0465 5844 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:15:08.0465 5844 seclogon - ok
13:15:08.0481 5844 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:15:08.0496 5844 SENS - ok
13:15:08.0496 5844 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:15:08.0496 5844 SensrSvc - ok
13:15:08.0527 5844 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
13:15:08.0527 5844 Sentinel64 - ok
13:15:08.0605 5844 SentinelKeysServer (1ba2c677c6146a8b3adea7b69d2eed56) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
13:15:08.0605 5844 SentinelKeysServer - ok
13:15:08.0668 5844 SentinelProtectionServer (d1a2ba8bf092ddf18f3d3db1d5ac7803) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
13:15:08.0668 5844 SentinelProtectionServer - ok
13:15:08.0699 5844 SentinelSecurityRuntime (e80b91aec007711b1eec9c83487754e2) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
13:15:08.0699 5844 SentinelSecurityRuntime - ok
13:15:08.0793 5844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:15:08.0793 5844 Serenum - ok
13:15:08.0824 5844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:15:08.0824 5844 Serial - ok
13:15:08.0855 5844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:15:08.0855 5844 sermouse - ok
13:15:08.0871 5844 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:15:08.0871 5844 SessionEnv - ok
13:15:08.0886 5844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:15:08.0886 5844 sffdisk - ok
13:15:08.0886 5844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:15:08.0886 5844 sffp_mmc - ok
13:15:08.0886 5844 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:15:08.0886 5844 sffp_sd - ok
13:15:08.0886 5844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:15:08.0902 5844 sfloppy - ok
13:15:08.0933 5844 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:15:08.0933 5844 ShellHWDetection - ok
13:15:08.0949 5844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:15:08.0949 5844 SiSRaid2 - ok
13:15:08.0949 5844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:15:08.0964 5844 SiSRaid4 - ok
13:15:08.0995 5844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:15:08.0995 5844 Smb - ok
13:15:09.0027 5844 SMR300 (10bc9f077fc149e4e0a40bae1d42a259) C:\Windows\system32\drivers\SMR300.SYS
13:15:09.0027 5844 SMR300 - ok
13:15:09.0042 5844 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:15:09.0042 5844 SNMPTRAP - ok
13:15:09.0073 5844 SNTUSB64 (2d5576c01c8a34aa614870e745fe8f19) C:\Windows\system32\DRIVERS\SNTUSB64.SYS
13:15:09.0089 5844 SNTUSB64 - ok
13:15:09.0089 5844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:15:09.0089 5844 spldr - ok
13:15:09.0136 5844 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:15:09.0136 5844 Spooler - ok
13:15:09.0323 5844 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:15:09.0339 5844 sppsvc - ok
13:15:09.0370 5844 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:15:09.0385 5844 sppuinotify - ok
13:15:09.0448 5844 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
13:15:09.0495 5844 SRTSP - ok
13:15:09.0526 5844 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
13:15:09.0557 5844 SRTSPX - ok
13:15:09.0604 5844 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:15:09.0604 5844 srv - ok
13:15:09.0635 5844 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:15:09.0635 5844 srv2 - ok
13:15:09.0744 5844 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:15:09.0760 5844 srvnet - ok
13:15:10.0072 5844 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:15:10.0087 5844 SSDPSRV - ok
13:15:10.0103 5844 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:15:10.0119 5844 SstpSvc - ok
13:15:10.0134 5844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:15:10.0134 5844 stexstor - ok
13:15:10.0181 5844 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:15:10.0197 5844 stisvc - ok
13:15:10.0243 5844 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:15:10.0243 5844 storflt - ok
13:15:10.0259 5844 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:15:10.0259 5844 StorSvc - ok
13:15:10.0290 5844 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:15:10.0290 5844 storvsc - ok
13:15:10.0337 5844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:15:10.0353 5844 swenum - ok
13:15:10.0384 5844 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:15:10.0384 5844 swprv - ok
13:15:10.0462 5844 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
13:15:10.0477 5844 SymDS - ok
13:15:10.0540 5844 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
13:15:10.0571 5844 SymEFA - ok
13:15:10.0649 5844 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:15:10.0649 5844 SymEvent - ok
13:15:10.0711 5844 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
13:15:10.0711 5844 SymIRON - ok
13:15:10.0805 5844 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
13:15:10.0821 5844 SymNetS - ok
13:15:10.0914 5844 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:15:10.0914 5844 SysMain - ok
13:15:10.0992 5844 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:15:10.0992 5844 TabletInputService - ok
13:15:11.0008 5844 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:15:11.0008 5844 TapiSrv - ok
13:15:11.0023 5844 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:15:11.0023 5844 TBS - ok
13:15:11.0117 5844 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:15:11.0148 5844 Tcpip - ok
13:15:11.0257 5844 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:15:11.0273 5844 TCPIP6 - ok
13:15:11.0304 5844 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:15:11.0304 5844 tcpipreg - ok
13:15:11.0320 5844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:15:11.0320 5844 TDPIPE - ok
13:15:11.0335 5844 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:15:11.0351 5844 TDTCP - ok
13:15:11.0367 5844 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:15:11.0382 5844 tdx - ok
13:15:11.0413 5844 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:15:11.0429 5844 TermDD - ok
13:15:11.0476 5844 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:15:11.0476 5844 TermService - ok
13:15:11.0491 5844 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:15:11.0491 5844 Themes - ok
13:15:11.0523 5844 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:15:11.0523 5844 THREADORDER - ok
13:15:11.0538 5844 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:15:11.0538 5844 TrkWks - ok
13:15:11.0569 5844 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:15:11.0569 5844 TrustedInstaller - ok
13:15:11.0585 5844 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:15:11.0585 5844 tssecsrv - ok
13:15:11.0616 5844 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:15:11.0616 5844 TsUsbFlt - ok
13:15:11.0632 5844 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:15:11.0632 5844 TsUsbGD - ok
13:15:11.0663 5844 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:15:11.0663 5844 tunnel - ok
13:15:11.0679 5844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:15:11.0679 5844 uagp35 - ok
13:15:11.0710 5844 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:15:11.0725 5844 udfs - ok
13:15:11.0772 5844 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:15:11.0772 5844 UI0Detect - ok
13:15:11.0788 5844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:15:11.0788 5844 uliagpkx - ok
13:15:11.0788 5844 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:15:11.0803 5844 umbus - ok
13:15:11.0819 5844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:15:11.0819 5844 UmPass - ok
13:15:11.0866 5844 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:15:11.0866 5844 UmRdpService - ok
13:15:11.0897 5844 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:15:11.0913 5844 upnphost - ok
13:15:11.0913 5844 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:15:11.0928 5844 usbccgp - ok
13:15:11.0944 5844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:15:11.0944 5844 usbcir - ok
13:15:11.0959 5844 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:15:11.0975 5844 usbehci - ok
13:15:12.0069 5844 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:15:12.0069 5844 usbhub - ok
13:15:12.0100 5844 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:15:12.0100 5844 usbohci - ok
13:15:12.0115 5844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:15:12.0115 5844 usbprint - ok
13:15:12.0147 5844 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:15:12.0147 5844 usbscan - ok
13:15:12.0178 5844 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:15:12.0193 5844 USBSTOR - ok
13:15:12.0209 5844 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:15:12.0209 5844 usbuhci - ok
13:15:12.0225 5844 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:15:12.0225 5844 UxSms - ok
13:15:12.0256 5844 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:15:12.0256 5844 VaultSvc - ok
13:15:12.0287 5844 VDiskBus (1d3d716e05caa17122de65d0dba4f6d7) C:\Windows\system32\DRIVERS\VDiskBus64.sys
13:15:12.0303 5844 VDiskBus - ok
13:15:12.0303 5844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:15:12.0318 5844 vdrvroot - ok
13:15:12.0334 5844 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:15:12.0349 5844 vds - ok
13:15:12.0365 5844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:15:12.0365 5844 vga - ok
13:15:12.0381 5844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:15:12.0381 5844 VgaSave - ok
13:15:12.0412 5844 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:15:12.0412 5844 vhdmp - ok
13:15:12.0443 5844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:15:12.0443 5844 viaide - ok
13:15:12.0443 5844 VLAN (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVLAN60.sys
13:15:12.0443 5844 VLAN - ok
13:15:12.0474 5844 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:15:12.0474 5844 vmbus - ok
13:15:12.0490 5844 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:15:12.0490 5844 VMBusHID - ok
13:15:12.0505 5844 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:15:12.0521 5844 volmgr - ok
13:15:12.0552 5844 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:15:12.0552 5844 volmgrx - ok
13:15:12.0583 5844 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:15:12.0583 5844 volsnap - ok
13:15:12.0615 5844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:15:12.0615 5844 vsmraid - ok
13:15:12.0724 5844 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:15:12.0724 5844 VSS - ok
13:15:12.0833 5844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:15:12.0833 5844 vwifibus - ok
13:15:12.0864 5844 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:15:12.0864 5844 W32Time - ok
13:15:12.0880 5844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:15:12.0880 5844 WacomPen - ok
13:15:12.0911 5844 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:15:12.0911 5844 WANARP - ok
13:15:12.0911 5844 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:15:12.0911 5844 Wanarpv6 - ok
13:15:12.0989 5844 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:15:13.0005 5844 WatAdminSvc - ok
13:15:13.0098 5844 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:15:13.0114 5844 wbengine - ok
13:15:13.0192 5844 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:15:13.0192 5844 WbioSrvc - ok
13:15:13.0223 5844 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:15:13.0223 5844 wcncsvc - ok
13:15:13.0239 5844 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:15:13.0239 5844 WcsPlugInService - ok
13:15:13.0285 5844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:15:13.0285 5844 Wd - ok
13:15:13.0332 5844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:15:13.0348 5844 Wdf01000 - ok
13:15:13.0379 5844 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:15:13.0379 5844 WdiServiceHost - ok
13:15:13.0379 5844 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:15:13.0379 5844 WdiSystemHost - ok
13:15:13.0410 5844 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:15:13.0410 5844 WebClient - ok
13:15:13.0426 5844 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:15:13.0426 5844 Wecsvc - ok
13:15:13.0426 5844 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:15:13.0441 5844 wercplsupport - ok
13:15:13.0457 5844 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:15:13.0457 5844 WerSvc - ok
13:15:13.0473 5844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:15:13.0473 5844 WfpLwf - ok
13:15:13.0473 5844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:15:13.0488 5844 WIMMount - ok
13:15:13.0488 5844 WinHttpAutoProxySvc - ok
13:15:13.0535 5844 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:15:13.0551 5844 Winmgmt - ok
13:15:13.0644 5844 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:15:13.0691 5844 WinRM - ok
13:15:13.0800 5844 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:15:13.0816 5844 Wlansvc - ok
13:15:13.0831 5844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:15:13.0831 5844 WmiAcpi - ok
13:15:13.0863 5844 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:15:13.0878 5844 wmiApSrv - ok
13:15:13.0925 5844 WMPNetworkSvc - ok
13:15:13.0925 5844 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:15:13.0925 5844 WPCSvc - ok
13:15:13.0956 5844 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:15:13.0956 5844 WPDBusEnum - ok
13:15:13.0956 5844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:15:13.0956 5844 ws2ifsl - ok
13:15:13.0956 5844 WSearch - ok
13:15:14.0065 5844 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:15:14.0081 5844 wuauserv - ok
13:15:14.0112 5844 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:15:14.0112 5844 WudfPf - ok
13:15:14.0128 5844 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:15:14.0128 5844 WUDFRd - ok
13:15:14.0143 5844 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:15:14.0143 5844 wudfsvc - ok
13:15:14.0175 5844 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:15:14.0175 5844 WwanSvc - ok
13:15:14.0206 5844 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:15:14.0518 5844 \Device\Harddisk0\DR0 - ok
13:15:14.0518 5844 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:15:14.0845 5844 \Device\Harddisk1\DR1 - ok
13:15:14.0845 5844 Boot (0x1200) (256a38a70a8a1d77d3ace215d7d5670d) \Device\Harddisk0\DR0\Partition0
13:15:14.0845 5844 \Device\Harddisk0\DR0\Partition0 - ok
13:15:14.0845 5844 Boot (0x1200) (e663583f084aa12d8381d7feaf76c48f) \Device\Harddisk0\DR0\Partition1
13:15:14.0845 5844 \Device\Harddisk0\DR0\Partition1 - ok
13:15:14.0845 5844 Boot (0x1200) (948dddde9297fc0e90abc7097da003bf) \Device\Harddisk1\DR1\Partition0
13:15:14.0845 5844 \Device\Harddisk1\DR1\Partition0 - ok
13:15:14.0845 5844 ============================================================
13:15:14.0845 5844 Scan finished
13:15:14.0845 5844 ============================================================
13:15:14.0861 1468 Detected object count: 0
13:15:14.0861 1468 Actual detected object count: 0






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-22 13:25:21
-----------------------------
13:25:21.142 OS Version: Windows x64 6.1.7601 Service Pack 1
13:25:21.142 Number of processors: 8 586 0x2A07
13:25:21.142 ComputerName: CATIA2 UserName: Glen
13:25:26.243 Initialize success
13:26:28.959 AVAST engine defs: 12062201
13:26:41.034 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
13:26:41.034 Disk 0 Vendor: Intel___ 1.0. Size: 1907734MB BusType: 8
13:26:41.034 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
13:26:41.034 Disk 1 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 8
13:26:41.034 Disk 0 MBR read successfully
13:26:41.049 Disk 0 MBR scan
13:26:41.049 Disk 0 Windows 7 default MBR code
13:26:41.065 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:26:41.065 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907623 MB offset 206848
13:26:41.080 Disk 0 scanning C:\Windows\system32\drivers
13:26:50.238 Service scanning
13:27:06.602 Modules scanning
13:27:06.602 Disk 0 trace - called modules:
13:27:06.602 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
13:27:06.618 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ea51790]
13:27:06.618 3 CLASSPNP.SYS[fffff88001d8843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800dc94050]
13:27:12.873 AVAST engine scan C:\Windows
13:27:17.475 AVAST engine scan C:\Windows\system32
13:30:08.337 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:30:11.331 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:34:31.851 AVAST engine scan C:\Windows\system32\drivers
13:36:32.727 AVAST engine scan C:\Users\Glen
13:39:46.349 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
13:39:46.356 The log file has been saved successfully to "C:\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-22 13:25:21
-----------------------------
13:25:21.142 OS Version: Windows x64 6.1.7601 Service Pack 1
13:25:21.142 Number of processors: 8 586 0x2A07
13:25:21.142 ComputerName: CATIA2 UserName: Glen
13:25:26.243 Initialize success
13:26:28.959 AVAST engine defs: 12062201
13:26:41.034 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
13:26:41.034 Disk 0 Vendor: Intel___ 1.0. Size: 1907734MB BusType: 8
13:26:41.034 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
13:26:41.034 Disk 1 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 8
13:26:41.034 Disk 0 MBR read successfully
13:26:41.049 Disk 0 MBR scan
13:26:41.049 Disk 0 Windows 7 default MBR code
13:26:41.065 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:26:41.065 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907623 MB offset 206848
13:26:41.080 Disk 0 scanning C:\Windows\system32\drivers
13:26:50.238 Service scanning
13:27:06.602 Modules scanning
13:27:06.602 Disk 0 trace - called modules:
13:27:06.602 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
13:27:06.618 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ea51790]
13:27:06.618 3 CLASSPNP.SYS[fffff88001d8843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800dc94050]
13:27:12.873 AVAST engine scan C:\Windows
13:27:17.475 AVAST engine scan C:\Windows\system32
13:30:08.337 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:30:11.331 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:34:31.851 AVAST engine scan C:\Windows\system32\drivers
13:36:32.727 AVAST engine scan C:\Users\Glen
13:39:46.349 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
13:39:46.356 The log file has been saved successfully to "C:\aswMBR.txt"
13:39:50.676 File: C:\Users\Glen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\73bede4-382221cf **INFECTED** Win32:Buzus-AYA [Trj]
13:40:08.429 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
13:40:08.434 The log file has been saved successfully to "C:\aswMBR.txt"

ESET

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files (x86)\IObit Toolbar\IE\5.9\iobitToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{3a24863a-bede-c5d5-8ab9-cc7cae2b1419}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:39 PM

Posted 22 June 2012 - 07:01 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.


Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{3a24863a-bede-c5d5-8ab9-cc7cae2b1419

Click on LOOK,post the generated log

#5 bugging57

bugging57
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 22 June 2012 - 07:35 PM

MiniToolBox by Farbar Version: 09-06-2012
Ran by Glen (administrator) on 22-06-2012 at 17:32:34
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek Virtual Miniport Driver for VLAN (NDIS 6.2) = Local Area Connection 2 (Disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : CATIA2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : seawestproducts.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : seawestproducts.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F4-6D-04-29-C3-2B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6874:6b94:3da4:6e7f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.42.109(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 22, 2012 5:15:47 PM
Lease Expires . . . . . . . . . . : Saturday, June 23, 2012 5:15:47 AM
Default Gateway . . . . . . . . . : 192.168.42.1
DHCP Server . . . . . . . . . . . : 192.168.42.1
DHCPv6 IAID . . . . . . . . . . . : 250899716
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-9A-9C-34-F4-6D-04-29-C3-2B
DNS Servers . . . . . . . . . . . : 192.168.42.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.seawestproducts.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [173.194.33.33] with 32 bytes of data:
Reply from 173.194.33.33: bytes=32 time=9ms TTL=55
Reply from 173.194.33.33: bytes=32 time=10ms TTL=55

Ping statistics for 173.194.33.33:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 10ms, Average = 9ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=54ms TTL=50
Reply from 209.191.122.70: bytes=32 time=55ms TTL=50

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 55ms, Average = 54ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...f4 6d 04 29 c3 2b ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.42.1 192.168.42.109 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.42.0 255.255.255.0 On-link 192.168.42.109 266
192.168.42.109 255.255.255.255 On-link 192.168.42.109 266
192.168.42.255 255.255.255.255 On-link 192.168.42.109 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.42.109 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.42.109 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::6874:6b94:3da4:6e7f/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\system32\NLAapi.dll

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/22/2012 05:16:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2012 01:42:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/22/2012 01:42:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/22/2012 01:42:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/22/2012 00:21:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2012 00:14:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2012 00:11:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2012 00:04:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2012 11:57:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/21/2012 08:00:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/22/2012 05:18:23 PM) (Source: Service Control Manager) (User: )
Description: The sbwtis service failed to start due to the following error:
%%1753

Error: (06/22/2012 05:18:23 PM) (Source: Service Control Manager) (User: )
Description: The sbwtis service failed to start due to the following error:
%%1753

Error: (06/22/2012 05:18:22 PM) (Source: Service Control Manager) (User: )
Description: The sbwtis service failed to start due to the following error:
%%1753

Error: (06/22/2012 05:16:57 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (06/22/2012 05:16:57 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (06/22/2012 05:16:52 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/22/2012 05:16:52 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/22/2012 05:16:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
luafv

Error: (06/22/2012 05:16:00 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/22/2012 05:16:00 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (06/22/2012 05:16:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2012 01:42:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Glen\Downloads\esetsmartinstaller_enu.exe

Error: (06/22/2012 01:42:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Glen\Downloads\esetsmartinstaller_enu.exe

Error: (06/22/2012 01:42:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Glen\Downloads\esetsmartinstaller_enu.exe

Error: (06/22/2012 00:21:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2012 00:14:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2012 00:11:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2012 00:04:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2012 11:57:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/21/2012 08:00:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
8000A809 (Version: 50.0.165.000)
8000A809_eDocs (Version: 50.0.165.000)
8000A809_Help (Version: 1.00.0000)
Acrobat.com (Version: 1.6.65)
Ad-Aware Antivirus (Version: 10.1.211.3382)
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Advanced SystemCare 5 (Version: 5.3.0)
AI Suite II (Version: 1.01.14)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.6.3.0)
ASUS Ai Charger (Version: 1.00.09)
Autodesk Inventor Fusion 2012 Preview (Version: 1.1.1.10)
Autodesk Material Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
Dassault Systemes Software B20
Dassault Systemes Software B21
Dassault Systemes Software Prerequisites x86-x64 (Version: 8.1.3)
Dassault Systemes Software VC9 Prerequisites x86-x64 (Version: 9.1.2)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery (Version: 130.0.465.000)
Disk Unlocker (Version: 2.0.5)
ESET Online Scanner v3
Google Chrome (Version: 19.0.1084.56)
Google Earth (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.111)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
GPBaseService2 (Version: 130.0.371.000)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet Pro 8000 A809 Series (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Product Detection (Version: 11.14.0001)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Watchdog Timer Driver (Intel® WDT)
IObit Toolbar v5.9 (Version: 5.9)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 6 Update 30 (64-bit) (Version: 6.0.300)
Java™ 7 Update 5 (Version: 7.0.50)
LaserJet 1020 series
License Use Management Runtime (Version: 4.6.8)
License Use Management Runtime (Version: 4.6.8.15)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
myPrintMileage (Officejet Pro 8000 A809) (Version: 1.00.0000)
Network64 (Version: 130.0.579.000)
Network64 (Version: 140.0.221.000)
Norton 360 (Version: 6.2.1.5)
Norton Internet Security (Version: 18.7.1.3)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.78.0)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
ProductContext (Version: 50.0.165.000)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Realtek Ethernet Diagnostic Utility (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.6251)
Safari (Version: 5.34.54.16)
Sentinel Protection Installer 7.6.1 (Version: 7.6.1)
SmartWebPrinting (Version: 130.0.457.000)
SolidWorks 2011 Document Manager API (Version: 19.00.5019)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
SURFCAM V5.2 (Version: 1.0.0)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VBA (3821b) (Version: 6.01.00.1234)
Visual Basic for Applications ® Core - English (Version: 6.5.10.32)
Visual Basic for Applications ® Core (Version: 6.5.10.32)
Visual Basic for Applications ® Core (Version: 6.5.10.53)
WebReg (Version: 130.0.132.017)

========================= Memory info: ===================================

Percentage of memory in use: 17%
Total physical RAM: 16365.18 MB
Available physical RAM: 13551.61 MB
Total Pagefile: 32728.55 MB
Available Pagefile: 29715.66 MB
Total Virtual: 4095.88 MB
Available Virtual: 3955.04 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:1862.91 GB) (Free:1764.17 GB) NTFS
3 Drive e: (XP PRO) (Fixed) (Total:298.09 GB) (Free:244.66 GB) NTFS
8 Drive z: (glen) (Network) (Total:192.25 GB) (Free:39.27 GB) NTFS

========================= Users: ========================================

User accounts for \\CATIA2

Administrator Glen Guest
UpdatusUser


**** End of log ****

SystemLook 30.07.11 by jpshortstuff
Log created at 17:33 on 22/06/2012 by Glen
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{3a24863a-bede-c5d5-8ab9-cc7cae2b1419"
No folders found.

-= EOF =-

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:39 PM

Posted 22 June 2012 - 08:51 PM

Did not get your MBAM log


Download

Farbar Service Scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
del services.exe.old
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Post the new system look log

Download

avenger

Extract and launch it,click ok

Copy this script in the BOX

Files to delete:
C:\Windows\assembly\GAC_32\Desktop.ini 
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Glen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\73bede4-382221cf

Click on execute,click YES if it asks for reboot

Post the new aswmbr log after reboot

#7 bugging57

bugging57
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 25 June 2012 - 12:20 PM

Farbar Service Scanner Version: 24-06-2012 01
Ran by Glen (administrator) on 25-06-2012 at 09:39:00
Running from "C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FO8RKTN"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

SystemLook 30.07.11 by jpshortstuff
Log created at 09:50 on 25/06/2012 by Glen
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{3a24863a-bede-c5d5-8ab9-cc7cae2b1419"
No folders found.

Searching for " "
No folders found.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-25 10:10:58
-----------------------------
10:10:58.178 OS Version: Windows x64 6.1.7601 Service Pack 1
10:10:58.178 Number of processors: 8 586 0x2A07
10:10:58.178 ComputerName: CATIA2 UserName: Glen
10:10:59.863 Initialize success
10:11:02.515 AVAST engine defs: 12062500
10:11:04.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
10:11:04.715 Disk 0 Vendor: Intel___ 1.0. Size: 1907734MB BusType: 8
10:11:04.715 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
10:11:04.715 Disk 1 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 8
10:11:04.730 Disk 0 MBR read successfully
10:11:04.730 Disk 0 MBR scan
10:11:04.746 Disk 0 Windows 7 default MBR code
10:11:04.746 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:11:04.746 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907623 MB offset 206848
10:11:04.761 Disk 0 scanning C:\Windows\system32\drivers
10:11:12.577 Service scanning
10:11:25.712 Modules scanning
10:11:25.712 Disk 0 trace - called modules:
10:11:25.728 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
10:11:25.728 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800e971790]
10:11:25.743 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800e356050]
10:11:27.709 AVAST engine scan C:\Windows
10:11:31.281 AVAST engine scan C:\Windows\system32
10:14:27.359 AVAST engine scan C:\Windows\system32\drivers
10:14:37.905 AVAST engine scan C:\Users\Glen
10:16:57.728 AVAST engine scan C:\ProgramData
10:18:15.712 Scan finished successfully
10:18:54.291 Disk 0 MBR has been saved successfully to "C:\Users\Glen\Desktop\MBR.dat"
10:18:54.291 The log file has been saved successfully to "C:\Users\Glen\Desktop\aswMBR.txt"




-= EOF =-

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:39 PM

Posted 25 June 2012 - 09:51 PM

Launch system look

copy this script and paste in the BOX

:folderfind
{3a24863a-bede-c5d5-8ab9-cc7cae2b1419}

Click on LOOK,post the generated log

Create a restore point before trying this

Download

MpsSvc
wscsvc
defender
BFE

Launch them ,click YES when you get UAC prompt

restart the PC

Post the new FSS log

Click on startmenu and type

cmd

RIght click on it and select run as adminstrator and run this command

netsh winsock reset

Now launch minitoolbox and check mark

LIST WINSOCK entries

click on GO and post the log

#9 bugging57

bugging57
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 26 June 2012 - 03:06 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 09:55 on 26/06/2012 by Glen
Administrator - Elevation successful

========== folderfind ==========

Searching for "{3a24863a-bede-c5d5-8ab9-cc7cae2b1419}"
C:\Users\Glen\AppData\Local\{3a24863a-bede-c5d5-8ab9-cc7cae2b1419} d--hs-- [23:46 10/01/2012]
C:\Windows\Installer\{3a24863a-bede-c5d5-8ab9-cc7cae2b1419} d--hs-- [23:46 10/01/2012]

-= EOF =-

Farbar Service Scanner Version: 25-06-2012 01
Ran by Glen (administrator) on 26-06-2012 at 12:56:11
Running from "C:\Users\Glen\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox by Farbar Version: 25-06-2012
Ran by Glen (administrator) on 26-06-2012 at 13:06:03
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:39 PM

Posted 26 June 2012 - 03:30 PM

Open your C drive

On top ,click on organize-folder and search options

Click on view tab and scroll down

Checkmark show hidden files
Uncheck Hide operating system files

CLick ok

C:\Users\Glen\AppData\Local\{3a24863a-bede-c5d5-8ab9-cc7cae2b1419}
C:\Windows\Installer\{3a24863a-bede-c5d5-8ab9-cc7cae2b1419}

Delete both the folders

Press Windows+R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

start base filtering engine service and then windows firewall service.

Post the new FSS log

Good luck

#11 bugging57

bugging57
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 26 June 2012 - 04:30 PM

Farbar Service Scanner Version: 25-06-2012 01
Ran by Glen (administrator) on 26-06-2012 at 14:29:07
Running from "C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YCK9PUU"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:39 PM

Posted 26 June 2012 - 04:35 PM

Launch system look again, copy this script and paste in the BOX


:folderfind
{3a24863a-bede-c5d5-8ab9-cc7cae2b1419}

Click on LOOK,post the generated log

Press Windows+R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

start windows firewall service.

Post the new FSS log

Good luck

Edited by narenxp, 26 June 2012 - 04:35 PM.


#13 bugging57

bugging57
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 27 June 2012 - 12:26 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 15:17 on 26/06/2012 by Glen
Administrator - Elevation successful

========== folderfind ==========

Searching for "{3a24863a-bede-c5d5-8ab9-cc7cae2b1419}"
No folders found.

-= EOF =-

Farbar Service Scanner Version: 25-06-2012 01
Ran by Glen (administrator) on 27-06-2012 at 10:26:17
Running from "C:\Users\Glen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5HG2GUD"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:39 PM

Posted 27 June 2012 - 01:21 PM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users