Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan:DOS/Alureon.J


  • Please log in to reply
14 replies to this topic

#1 Nicksdad

Nicksdad

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 09 September 2012 - 05:36 PM

I ran a scan with Microsoft Malicious Software Removal Tool and it found and claims to have partially removed the above. I ran a another scan with TDSS Killer which did find and remove TDSSever? Subsequent scans with Malwarebytes and TDSS Killer find nothing, but MMSRT still finds the above.

I did have one episode where my browser was being redirected to a search engine with green arrows (I cant remember the name and I closed it quickly). This is no longer happening and I don't see any type of fake "you're infected with this or that" type messages. My computer seems to run better after the scans, but I do get intermittent wireless drops where Windows seems to detect and fix problems with the wireless network adapter. Im not sure if this is related or not.

My computer is runnign Windows 7 64 bit.

Thank you

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 AM

Posted 09 September 2012 - 07:26 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 09 September 2012 - 08:13 PM

21:04:32.0711 4872 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:04:34.0392 4872 ============================================================
21:04:34.0392 4872 Current date / time: 2012/09/09 21:04:34.0392
21:04:34.0392 4872 SystemInfo:
21:04:34.0392 4872
21:04:34.0392 4872 OS Version: 6.1.7601 ServicePack: 1.0
21:04:34.0392 4872 Product type: Workstation
21:04:34.0392 4872 ComputerName: AITLUS0625
21:04:34.0393 4872 UserName: AITTCalandra
21:04:34.0393 4872 Windows directory: C:\windows
21:04:34.0393 4872 System windows directory: C:\windows
21:04:34.0393 4872 Running under WOW64
21:04:34.0393 4872 Processor architecture: Intel x64
21:04:34.0393 4872 Number of processors: 4
21:04:34.0393 4872 Page size: 0x1000
21:04:34.0393 4872 Boot type: Normal boot
21:04:34.0393 4872 ============================================================
21:04:35.0903 4872 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:04:35.0916 4872 ============================================================
21:04:35.0916 4872 \Device\Harddisk0\DR0:
21:04:35.0916 4872 MBR partitions:
21:04:35.0916 4872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1316CE
21:04:35.0916 4872 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x131ECE, BlocksNum 0x3A252D73
21:04:35.0916 4872 ============================================================
21:04:36.0019 4872 C: <-> \Device\Harddisk0\DR0\Partition2
21:04:36.0079 4872 ============================================================
21:04:36.0079 4872 Initialize success
21:04:36.0079 4872 ============================================================
21:05:18.0818 5332 ============================================================
21:05:18.0818 5332 Scan started
21:05:18.0818 5332 Mode: Manual; TDLFS;
21:05:18.0818 5332 ============================================================
21:05:19.0731 5332 ================ Scan system memory ========================
21:05:19.0731 5332 System memory - ok
21:05:19.0732 5332 ================ Scan services =============================
21:05:20.0045 5332 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
21:05:20.0104 5332 1394ohci - ok
21:05:20.0176 5332 [ 1575A815C27789061F34B4F55AE0B5C3 ] Acceler C:\windows\system32\drivers\accelern.sys
21:05:20.0196 5332 Acceler - ok
21:05:20.0262 5332 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
21:05:20.0330 5332 ACPI - ok
21:05:20.0375 5332 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
21:05:20.0399 5332 AcpiPmi - ok
21:05:20.0519 5332 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:05:20.0563 5332 AdobeARMservice - ok
21:05:20.0606 5332 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
21:05:20.0690 5332 adp94xx - ok
21:05:20.0750 5332 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
21:05:20.0810 5332 adpahci - ok
21:05:20.0869 5332 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
21:05:20.0918 5332 adpu320 - ok
21:05:20.0985 5332 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
21:05:20.0988 5332 AeLookupSvc - ok
21:05:21.0050 5332 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
21:05:21.0053 5332 AESTFilters - ok
21:05:21.0133 5332 [ 9203AD68320587889DDDDC0DF6648C29 ] AeXNSClient C:\Program Files (x86)\Altiris\Altiris Agent\AeXNSAgent.exe
21:05:21.0194 5332 AeXNSClient - ok
21:05:21.0255 5332 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
21:05:21.0267 5332 AFD - ok
21:05:21.0320 5332 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
21:05:21.0337 5332 agp440 - ok
21:05:21.0371 5332 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
21:05:21.0375 5332 ALG - ok
21:05:21.0393 5332 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
21:05:21.0412 5332 aliide - ok
21:05:21.0597 5332 [ BF0F243BF4D81835EDB254C2A9CDEAB4 ] Altiris Deployment Agent C:\Program Files\Altiris\Dagent\dagent.exe
21:05:21.0763 5332 Altiris Deployment Agent - ok
21:05:21.0798 5332 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
21:05:21.0821 5332 amdide - ok
21:05:21.0880 5332 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
21:05:21.0896 5332 AmdK8 - ok
21:05:21.0952 5332 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
21:05:21.0967 5332 AmdPPM - ok
21:05:22.0035 5332 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\windows\system32\drivers\amdsata.sys
21:05:22.0054 5332 amdsata - ok
21:05:22.0115 5332 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
21:05:22.0134 5332 amdsbs - ok
21:05:22.0161 5332 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\windows\system32\drivers\amdxata.sys
21:05:22.0178 5332 amdxata - ok
21:05:22.0221 5332 [ 6D4CB1F46A0AC05326F834FD6B822479 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
21:05:22.0255 5332 ApfiltrService - ok
21:05:22.0300 5332 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
21:05:22.0316 5332 AppID - ok
21:05:22.0337 5332 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
21:05:22.0354 5332 AppIDSvc - ok
21:05:22.0374 5332 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
21:05:22.0393 5332 Appinfo - ok
21:05:22.0407 5332 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
21:05:22.0428 5332 AppMgmt - ok
21:05:22.0449 5332 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
21:05:22.0473 5332 arc - ok
21:05:22.0492 5332 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
21:05:22.0514 5332 arcsas - ok
21:05:22.0628 5332 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:05:22.0640 5332 aspnet_state - ok
21:05:22.0658 5332 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:05:22.0676 5332 AsyncMac - ok
21:05:22.0690 5332 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
21:05:22.0710 5332 atapi - ok
21:05:22.0747 5332 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:05:22.0857 5332 AudioEndpointBuilder - ok
21:05:22.0890 5332 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
21:05:22.0905 5332 AudioSrv - ok
21:05:23.0018 5332 [ F7D109AFB1DF146E2CA2304C7E1DCB16 ] awecho C:\windows\syswow64\drivers\awechomd.sys
21:05:23.0036 5332 awecho - ok
21:05:23.0109 5332 [ 64AE9C807B93BA08D63118D01D6FDF2F ] awhost32 C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
21:05:23.0184 5332 awhost32 - ok
21:05:23.0243 5332 [ 9808626EC988C6B7C773589B3B5993A0 ] AW_HOST C:\windows\syswow64\drivers\aw_host5.sys
21:05:23.0261 5332 AW_HOST - ok
21:05:23.0293 5332 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
21:05:23.0310 5332 AxInstSV - ok
21:05:23.0352 5332 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
21:05:23.0395 5332 b06bdrv - ok
21:05:23.0417 5332 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
21:05:23.0451 5332 b57nd60a - ok
21:05:23.0471 5332 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
21:05:23.0492 5332 BDESVC - ok
21:05:23.0535 5332 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
21:05:23.0553 5332 Beep - ok
21:05:23.0599 5332 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
21:05:23.0639 5332 BFE - ok
21:05:23.0693 5332 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
21:05:23.0776 5332 BITS - ok
21:05:23.0794 5332 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
21:05:23.0813 5332 blbdrive - ok
21:05:23.0842 5332 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
21:05:23.0845 5332 bowser - ok
21:05:23.0869 5332 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
21:05:23.0887 5332 BrFiltLo - ok
21:05:23.0904 5332 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
21:05:23.0921 5332 BrFiltUp - ok
21:05:23.0948 5332 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
21:05:23.0967 5332 Browser - ok
21:05:23.0990 5332 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
21:05:24.0016 5332 Brserid - ok
21:05:24.0035 5332 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
21:05:24.0053 5332 BrSerWdm - ok
21:05:24.0068 5332 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
21:05:24.0083 5332 BrUsbMdm - ok
21:05:24.0098 5332 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
21:05:24.0115 5332 BrUsbSer - ok
21:05:24.0153 5332 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
21:05:24.0172 5332 BthEnum - ok
21:05:24.0192 5332 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
21:05:24.0211 5332 BTHMODEM - ok
21:05:24.0241 5332 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
21:05:24.0262 5332 BthPan - ok
21:05:24.0282 5332 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
21:05:24.0313 5332 BTHPORT - ok
21:05:24.0330 5332 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
21:05:24.0349 5332 bthserv - ok
21:05:24.0362 5332 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
21:05:24.0383 5332 BTHUSB - ok
21:05:24.0394 5332 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\drivers\btwavdt.sys
21:05:24.0415 5332 btwavdt - ok
21:05:24.0434 5332 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\drivers\btwrchid.sys
21:05:24.0461 5332 btwrchid - ok
21:05:24.0512 5332 [ 5E68928BA2412E60FF1C61441313CF8D ] ccEvtMgr c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
21:05:24.0543 5332 ccEvtMgr - ok
21:05:24.0550 5332 [ 5E68928BA2412E60FF1C61441313CF8D ] ccSetMgr c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
21:05:24.0553 5332 ccSetMgr - ok
21:05:24.0593 5332 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
21:05:24.0611 5332 cdfs - ok
21:05:24.0642 5332 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
21:05:24.0659 5332 cdrom - ok
21:05:24.0683 5332 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
21:05:24.0700 5332 CertPropSvc - ok
21:05:24.0708 5332 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
21:05:24.0723 5332 circlass - ok
21:05:24.0747 5332 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
21:05:24.0790 5332 CLFS - ok
21:05:24.0846 5332 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:05:24.0849 5332 clr_optimization_v2.0.50727_32 - ok
21:05:24.0875 5332 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:05:24.0878 5332 clr_optimization_v2.0.50727_64 - ok
21:05:24.0944 5332 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:05:24.0962 5332 clr_optimization_v4.0.30319_32 - ok
21:05:24.0983 5332 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:05:24.0986 5332 clr_optimization_v4.0.30319_64 - ok
21:05:25.0008 5332 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
21:05:25.0023 5332 CmBatt - ok
21:05:25.0039 5332 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
21:05:25.0053 5332 cmdide - ok
21:05:25.0091 5332 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
21:05:25.0126 5332 CNG - ok
21:05:25.0143 5332 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
21:05:25.0162 5332 Compbatt - ok
21:05:25.0186 5332 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
21:05:25.0202 5332 CompositeBus - ok
21:05:25.0212 5332 COMSysApp - ok
21:05:25.0230 5332 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
21:05:25.0258 5332 crcdisk - ok
21:05:25.0303 5332 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\windows\system32\cryptsvc.dll
21:05:25.0327 5332 CryptSvc - ok
21:05:25.0370 5332 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
21:05:25.0404 5332 CSC - ok
21:05:25.0439 5332 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
21:05:25.0466 5332 CscService - ok
21:05:25.0499 5332 [ A84CAAE89B487931200B969D94018AFA ] cvusbdrv C:\windows\system32\Drivers\cvusbdrv.sys
21:05:25.0516 5332 cvusbdrv - ok
21:05:25.0569 5332 [ 1F2D3227A107899914068D1A7D041F01 ] Cwbrxd C:\windows\cwbrxd.exe
21:05:25.0572 5332 Cwbrxd - ok
21:05:25.0624 5332 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
21:05:25.0647 5332 DcomLaunch - ok
21:05:25.0680 5332 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
21:05:25.0704 5332 defragsvc - ok
21:05:25.0728 5332 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
21:05:25.0746 5332 DfsC - ok
21:05:25.0776 5332 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
21:05:25.0810 5332 Dhcp - ok
21:05:25.0846 5332 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
21:05:25.0870 5332 discache - ok
21:05:25.0887 5332 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
21:05:25.0911 5332 Disk - ok
21:05:25.0939 5332 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\windows\system32\drivers\dmvsc.sys
21:05:25.0952 5332 dmvsc - ok
21:05:25.0972 5332 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
21:05:25.0992 5332 Dnscache - ok
21:05:26.0003 5332 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
21:05:26.0019 5332 dot3svc - ok
21:05:26.0031 5332 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
21:05:26.0054 5332 DPS - ok
21:05:26.0082 5332 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:05:26.0093 5332 drmkaud - ok
21:05:26.0130 5332 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
21:05:26.0198 5332 DXGKrnl - ok
21:05:26.0227 5332 [ 60633132A929C09FE78FAB16541F9E71 ] e1cexpress C:\windows\system32\DRIVERS\e1c62x64.sys
21:05:26.0252 5332 e1cexpress - ok
21:05:26.0274 5332 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\windows\system32\DRIVERS\E1G6032E.sys
21:05:26.0292 5332 E1G60 - ok
21:05:26.0307 5332 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
21:05:26.0328 5332 EapHost - ok
21:05:26.0449 5332 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
21:05:26.0567 5332 ebdrv - ok
21:05:26.0623 5332 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:05:26.0681 5332 eeCtrl - ok
21:05:26.0720 5332 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
21:05:26.0725 5332 EFS - ok
21:05:26.0801 5332 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
21:05:26.0834 5332 ehRecvr - ok
21:05:26.0863 5332 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
21:05:26.0867 5332 ehSched - ok
21:05:26.0913 5332 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
21:05:26.0989 5332 elxstor - ok
21:05:27.0063 5332 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:05:27.0084 5332 EraserUtilRebootDrv - ok
21:05:27.0115 5332 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
21:05:27.0126 5332 ErrDev - ok
21:05:27.0167 5332 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
21:05:27.0208 5332 EventSystem - ok
21:05:27.0236 5332 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
21:05:27.0251 5332 exfat - ok
21:05:27.0280 5332 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
21:05:27.0313 5332 fastfat - ok
21:05:27.0354 5332 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
21:05:27.0381 5332 Fax - ok
21:05:27.0398 5332 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
21:05:27.0417 5332 fdc - ok
21:05:27.0438 5332 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
21:05:27.0454 5332 fdPHost - ok
21:05:27.0471 5332 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
21:05:27.0485 5332 FDResPub - ok
21:05:27.0507 5332 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
21:05:27.0525 5332 FileInfo - ok
21:05:27.0544 5332 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
21:05:27.0561 5332 Filetrace - ok
21:05:27.0580 5332 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
21:05:27.0592 5332 flpydisk - ok
21:05:27.0617 5332 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
21:05:27.0634 5332 FltMgr - ok
21:05:27.0681 5332 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\windows\system32\FntCache.dll
21:05:27.0784 5332 FontCache - ok
21:05:27.0833 5332 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:05:27.0836 5332 FontCache3.0.0.0 - ok
21:05:27.0860 5332 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
21:05:27.0881 5332 FsDepends - ok
21:05:27.0927 5332 [ CD83AD71000B23735B8FB42522E7F05A ] FSLX C:\windows\system32\drivers\fslx.sys
21:05:27.0979 5332 FSLX - ok
21:05:28.0002 5332 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
21:05:28.0005 5332 Fs_Rec - ok
21:05:28.0054 5332 [ 82D4BD620F7E27EA268EA0E2F701A7AE ] FTDIBUS C:\windows\system32\drivers\ftdibus.sys
21:05:28.0090 5332 FTDIBUS - ok
21:05:28.0131 5332 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
21:05:28.0165 5332 fvevol - ok
21:05:28.0198 5332 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
21:05:28.0231 5332 gagp30kx - ok
21:05:28.0275 5332 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
21:05:28.0289 5332 gpsvc - ok
21:05:28.0316 5332 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
21:05:28.0333 5332 hcw85cir - ok
21:05:28.0374 5332 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
21:05:28.0396 5332 HDAudBus - ok
21:05:28.0404 5332 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
21:05:28.0422 5332 HidBatt - ok
21:05:28.0441 5332 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
21:05:28.0461 5332 HidBth - ok
21:05:28.0484 5332 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
21:05:28.0502 5332 HidIr - ok
21:05:28.0519 5332 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
21:05:28.0539 5332 hidserv - ok
21:05:28.0571 5332 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
21:05:28.0589 5332 HidUsb - ok
21:05:28.0622 5332 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
21:05:28.0645 5332 hkmsvc - ok
21:05:28.0659 5332 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
21:05:28.0687 5332 HomeGroupListener - ok
21:05:28.0715 5332 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
21:05:28.0744 5332 HomeGroupProvider - ok
21:05:28.0768 5332 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
21:05:28.0788 5332 HpSAMD - ok
21:05:28.0832 5332 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
21:05:28.0873 5332 HTTP - ok
21:05:28.0891 5332 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
21:05:28.0906 5332 hwpolicy - ok
21:05:28.0925 5332 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
21:05:28.0942 5332 i8042prt - ok
21:05:28.0963 5332 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\windows\system32\drivers\iaStor.sys
21:05:28.0970 5332 iaStor - ok
21:05:28.0993 5332 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\windows\system32\drivers\iaStorV.sys
21:05:29.0018 5332 iaStorV - ok
21:05:29.0064 5332 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:05:29.0120 5332 idsvc - ok
21:05:29.0544 5332 [ 9937600A1584FF00565D5379EB4C9EDB ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
21:05:29.0813 5332 igfx - ok
21:05:29.0840 5332 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
21:05:29.0852 5332 iirsp - ok
21:05:29.0946 5332 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
21:05:30.0011 5332 IKEEXT - ok
21:05:30.0066 5332 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\drivers\Impcd.sys
21:05:30.0088 5332 Impcd - ok
21:05:30.0203 5332 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
21:05:30.0261 5332 IntcDAud - ok
21:05:30.0321 5332 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
21:05:30.0340 5332 intelide - ok
21:05:30.0420 5332 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
21:05:30.0437 5332 intelppm - ok
21:05:30.0457 5332 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
21:05:30.0476 5332 IPBusEnum - ok
21:05:30.0510 5332 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
21:05:30.0532 5332 IpFilterDriver - ok
21:05:30.0561 5332 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
21:05:30.0592 5332 iphlpsvc - ok
21:05:30.0613 5332 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
21:05:30.0634 5332 IPMIDRV - ok
21:05:30.0658 5332 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
21:05:30.0680 5332 IPNAT - ok
21:05:30.0705 5332 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
21:05:30.0723 5332 IRENUM - ok
21:05:30.0751 5332 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
21:05:30.0772 5332 isapnp - ok
21:05:30.0807 5332 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
21:05:30.0840 5332 iScsiPrt - ok
21:05:30.0859 5332 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
21:05:30.0877 5332 kbdclass - ok
21:05:30.0897 5332 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
21:05:30.0915 5332 kbdhid - ok
21:05:30.0935 5332 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
21:05:30.0940 5332 KeyIso - ok
21:05:30.0969 5332 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
21:05:30.0972 5332 KSecDD - ok
21:05:31.0007 5332 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
21:05:31.0027 5332 KSecPkg - ok
21:05:31.0052 5332 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
21:05:31.0069 5332 ksthunk - ok
21:05:31.0102 5332 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
21:05:31.0141 5332 KtmRm - ok
21:05:31.0192 5332 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
21:05:31.0223 5332 LanmanServer - ok
21:05:31.0246 5332 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:05:31.0273 5332 LanmanWorkstation - ok
21:05:31.0459 5332 [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:05:31.0562 5332 LiveUpdate - ok
21:05:31.0586 5332 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
21:05:31.0602 5332 lltdio - ok
21:05:31.0630 5332 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
21:05:31.0663 5332 lltdsvc - ok
21:05:31.0718 5332 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
21:05:31.0737 5332 lmhosts - ok
21:05:31.0777 5332 Lotus Notes Diagnostics - ok
21:05:31.0828 5332 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
21:05:31.0852 5332 LSI_FC - ok
21:05:31.0888 5332 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
21:05:31.0911 5332 LSI_SAS - ok
21:05:31.0930 5332 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
21:05:31.0950 5332 LSI_SAS2 - ok
21:05:31.0974 5332 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
21:05:31.0994 5332 LSI_SCSI - ok
21:05:32.0034 5332 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
21:05:32.0060 5332 luafv - ok
21:05:32.0122 5332 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
21:05:32.0140 5332 MBAMProtector - ok
21:05:32.0214 5332 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:05:32.0330 5332 MBAMService - ok
21:05:32.0364 5332 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
21:05:32.0403 5332 Mcx2Svc - ok
21:05:32.0429 5332 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
21:05:32.0450 5332 megasas - ok
21:05:32.0465 5332 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
21:05:32.0486 5332 MegaSR - ok
21:05:32.0501 5332 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\drivers\HECIx64.sys
21:05:32.0525 5332 MEIx64 - ok
21:05:32.0579 5332 Microsoft SharePoint Workspace Audit Service - ok
21:05:32.0601 5332 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
21:05:32.0607 5332 MMCSS - ok
21:05:32.0627 5332 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
21:05:32.0644 5332 Modem - ok
21:05:32.0661 5332 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
21:05:32.0678 5332 monitor - ok
21:05:32.0699 5332 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
21:05:32.0714 5332 mouclass - ok
21:05:32.0760 5332 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
21:05:32.0775 5332 mouhid - ok
21:05:32.0797 5332 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
21:05:32.0813 5332 mountmgr - ok
21:05:32.0859 5332 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:05:32.0923 5332 MozillaMaintenance - ok
21:05:32.0955 5332 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
21:05:32.0976 5332 mpio - ok
21:05:33.0027 5332 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
21:05:33.0044 5332 mpsdrv - ok
21:05:33.0079 5332 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
21:05:33.0105 5332 MpsSvc - ok
21:05:33.0122 5332 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
21:05:33.0139 5332 MRxDAV - ok
21:05:33.0157 5332 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
21:05:33.0183 5332 mrxsmb - ok
21:05:33.0220 5332 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
21:05:33.0245 5332 mrxsmb10 - ok
21:05:33.0260 5332 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
21:05:33.0273 5332 mrxsmb20 - ok
21:05:33.0297 5332 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
21:05:33.0312 5332 msahci - ok
21:05:33.0331 5332 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
21:05:33.0350 5332 msdsm - ok
21:05:33.0371 5332 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
21:05:33.0375 5332 MSDTC - ok
21:05:33.0400 5332 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
21:05:33.0414 5332 Msfs - ok
21:05:33.0435 5332 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
21:05:33.0448 5332 mshidkmdf - ok
21:05:33.0459 5332 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
21:05:33.0475 5332 msisadrv - ok
21:05:33.0501 5332 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
21:05:33.0515 5332 MSiSCSI - ok
21:05:33.0525 5332 msiserver - ok
21:05:33.0547 5332 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
21:05:33.0559 5332 MSKSSRV - ok
21:05:33.0593 5332 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
21:05:33.0605 5332 MSPCLOCK - ok
21:05:33.0623 5332 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
21:05:33.0638 5332 MSPQM - ok
21:05:33.0665 5332 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
21:05:33.0741 5332 MsRPC - ok
21:05:33.0812 5332 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
21:05:33.0827 5332 mssmbios - ok
21:05:33.0856 5332 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
21:05:33.0871 5332 MSTEE - ok
21:05:33.0889 5332 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
21:05:33.0907 5332 MTConfig - ok
21:05:33.0950 5332 [ 218D58976C01C60657818ED0EAC81602 ] Multi-user Cleanup Service C:\Notes\ntmulti.exe
21:05:33.0953 5332 Multi-user Cleanup Service - ok
21:05:33.0975 5332 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
21:05:34.0011 5332 Mup - ok
21:05:34.0042 5332 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
21:05:34.0084 5332 napagent - ok
21:05:34.0123 5332 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
21:05:34.0155 5332 NativeWifiP - ok
21:05:34.0272 5332 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120909.008\ENG64.SYS
21:05:34.0275 5332 NAVENG - ok
21:05:34.0357 5332 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120909.008\EX64.SYS
21:05:34.0403 5332 NAVEX15 - ok
21:05:34.0454 5332 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
21:05:34.0543 5332 NDIS - ok
21:05:34.0563 5332 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
21:05:34.0583 5332 NdisCap - ok
21:05:34.0615 5332 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
21:05:34.0643 5332 NdisTapi - ok
21:05:34.0655 5332 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
21:05:34.0671 5332 Ndisuio - ok
21:05:34.0697 5332 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
21:05:34.0721 5332 NdisWan - ok
21:05:34.0743 5332 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
21:05:34.0759 5332 NDProxy - ok
21:05:34.0781 5332 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
21:05:34.0800 5332 NetBIOS - ok
21:05:34.0820 5332 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
21:05:34.0854 5332 NetBT - ok
21:05:34.0909 5332 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
21:05:34.0914 5332 Netlogon - ok
21:05:34.0990 5332 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
21:05:35.0059 5332 Netman - ok
21:05:35.0122 5332 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:35.0125 5332 NetMsmqActivator - ok
21:05:35.0136 5332 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:35.0141 5332 NetPipeActivator - ok
21:05:35.0165 5332 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
21:05:35.0178 5332 netprofm - ok
21:05:35.0191 5332 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:35.0195 5332 NetTcpActivator - ok
21:05:35.0207 5332 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:05:35.0216 5332 NetTcpPortSharing - ok
21:05:35.0516 5332 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
21:05:35.0781 5332 NETwNs64 - ok
21:05:35.0806 5332 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
21:05:35.0822 5332 nfrd960 - ok
21:05:35.0850 5332 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
21:05:35.0872 5332 NlaSvc - ok
21:05:35.0892 5332 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
21:05:35.0906 5332 Npfs - ok
21:05:35.0928 5332 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
21:05:35.0945 5332 nsi - ok
21:05:35.0976 5332 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
21:05:35.0990 5332 nsiproxy - ok
21:05:36.0051 5332 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\windows\system32\drivers\Ntfs.sys
21:05:36.0112 5332 Ntfs - ok
21:05:36.0128 5332 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
21:05:36.0139 5332 Null - ok
21:05:36.0178 5332 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
21:05:36.0203 5332 NVHDA - ok
21:05:36.0262 5332 [ D6DD6F3A6A0C58B95119E0633564988E ] nvkflt C:\windows\system32\DRIVERS\nvkflt.sys
21:05:36.0288 5332 nvkflt - ok
21:05:36.0652 5332 [ 0DEC98637ED9CE8FA02E45AB7D813826 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
21:05:37.0069 5332 nvlddmkm - ok
21:05:37.0098 5332 [ 4499C49459FD803ADAFB7107F329C1F9 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
21:05:37.0111 5332 nvpciflt - ok
21:05:37.0155 5332 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\windows\system32\drivers\nvraid.sys
21:05:37.0172 5332 nvraid - ok
21:05:37.0185 5332 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\windows\system32\drivers\nvstor.sys
21:05:37.0202 5332 nvstor - ok
21:05:37.0248 5332 [ 299D89CDC66C7B294F2E756673138C8E ] NVSvc C:\windows\system32\nvvsvc.exe
21:05:37.0287 5332 NVSvc - ok
21:05:37.0308 5332 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
21:05:37.0323 5332 nv_agp - ok
21:05:37.0349 5332 [ 4E37455DB16AEC75862B1D0BC35B589E ] O2FLASH C:\windows\system32\DRIVERS\o2flash.exe
21:05:37.0351 5332 O2FLASH - ok
21:05:37.0377 5332 [ 6172DB160FC566CF24307941C0E94D8E ] O2MDFRDR C:\windows\system32\drivers\O2MDFw7x64.sys
21:05:37.0388 5332 O2MDFRDR - ok
21:05:37.0404 5332 [ 8ED738ABA394BBF6D7802698BE453112 ] O2MDRRDR C:\windows\system32\drivers\O2MDRw7x64.sys
21:05:37.0419 5332 O2MDRRDR - ok
21:05:37.0440 5332 [ A9C1E6B7C134FAD124338B7944FA996D ] O2SDJRDR C:\windows\system32\drivers\o2sdjw7x64.sys
21:05:37.0455 5332 O2SDJRDR - ok
21:05:37.0472 5332 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
21:05:37.0486 5332 ohci1394 - ok
21:05:37.0527 5332 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:05:37.0591 5332 ose - ok
21:05:37.0752 5332 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:05:37.0894 5332 osppsvc - ok
21:05:37.0935 5332 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
21:05:37.0961 5332 p2pimsvc - ok
21:05:38.0001 5332 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
21:05:38.0035 5332 p2psvc - ok
21:05:38.0076 5332 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
21:05:38.0088 5332 Parport - ok
21:05:38.0119 5332 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
21:05:38.0132 5332 partmgr - ok
21:05:38.0153 5332 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
21:05:38.0174 5332 PcaSvc - ok
21:05:38.0189 5332 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
21:05:38.0214 5332 pci - ok
21:05:38.0229 5332 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
21:05:38.0239 5332 pciide - ok
21:05:38.0261 5332 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
21:05:38.0286 5332 pcmcia - ok
21:05:38.0326 5332 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
21:05:38.0340 5332 pcw - ok
21:05:38.0365 5332 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
21:05:38.0400 5332 PEAUTH - ok
21:05:38.0442 5332 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
21:05:38.0478 5332 PeerDistSvc - ok
21:05:38.0576 5332 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
21:05:38.0579 5332 PerfHost - ok
21:05:38.0638 5332 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
21:05:38.0704 5332 pla - ok
21:05:38.0764 5332 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
21:05:38.0804 5332 PlugPlay - ok
21:05:38.0840 5332 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
21:05:38.0858 5332 PNRPAutoReg - ok
21:05:38.0897 5332 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
21:05:38.0908 5332 PNRPsvc - ok
21:05:38.0951 5332 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
21:05:38.0993 5332 PolicyAgent - ok
21:05:39.0019 5332 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
21:05:39.0045 5332 Power - ok
21:05:39.0064 5332 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
21:05:39.0090 5332 PptpMiniport - ok
21:05:39.0122 5332 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
21:05:39.0138 5332 Processor - ok
21:05:39.0164 5332 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll
21:05:39.0198 5332 ProfSvc - ok
21:05:39.0218 5332 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
21:05:39.0223 5332 ProtectedStorage - ok
21:05:39.0268 5332 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
21:05:39.0283 5332 Psched - ok
21:05:39.0356 5332 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
21:05:39.0425 5332 ql2300 - ok
21:05:39.0456 5332 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
21:05:39.0471 5332 ql40xx - ok
21:05:39.0499 5332 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
21:05:39.0524 5332 QWAVE - ok
21:05:39.0538 5332 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
21:05:39.0554 5332 QWAVEdrv - ok
21:05:39.0567 5332 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
21:05:39.0587 5332 RasAcd - ok
21:05:39.0633 5332 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
21:05:39.0646 5332 RasAgileVpn - ok
21:05:39.0677 5332 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
21:05:39.0695 5332 RasAuto - ok
21:05:39.0738 5332 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
21:05:39.0755 5332 Rasl2tp - ok
21:05:39.0777 5332 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
21:05:39.0811 5332 RasMan - ok
21:05:39.0830 5332 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
21:05:39.0847 5332 RasPppoe - ok
21:05:39.0867 5332 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
21:05:39.0885 5332 RasSstp - ok
21:05:39.0921 5332 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
21:05:39.0979 5332 rdbss - ok
21:05:40.0027 5332 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
21:05:40.0041 5332 rdpbus - ok
21:05:40.0058 5332 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
21:05:40.0071 5332 RDPCDD - ok
21:05:40.0098 5332 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
21:05:40.0116 5332 RDPDR - ok
21:05:40.0151 5332 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
21:05:40.0164 5332 RDPENCDD - ok
21:05:40.0182 5332 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
21:05:40.0194 5332 RDPREFMP - ok
21:05:40.0227 5332 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
21:05:40.0242 5332 RdpVideoMiniport - ok
21:05:40.0279 5332 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
21:05:40.0297 5332 RDPWD - ok
21:05:40.0323 5332 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
21:05:40.0348 5332 rdyboost - ok
21:05:40.0379 5332 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
21:05:40.0397 5332 RemoteAccess - ok
21:05:40.0420 5332 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
21:05:40.0442 5332 RemoteRegistry - ok
21:05:40.0481 5332 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
21:05:40.0500 5332 RFCOMM - ok
21:05:40.0534 5332 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
21:05:40.0551 5332 RimUsb - ok
21:05:40.0578 5332 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
21:05:40.0594 5332 RimVSerPort - ok
21:05:40.0622 5332 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys
21:05:40.0638 5332 ROOTMODEM - ok
21:05:40.0673 5332 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
21:05:40.0694 5332 RpcEptMapper - ok
21:05:40.0725 5332 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
21:05:40.0728 5332 RpcLocator - ok
21:05:40.0757 5332 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
21:05:40.0770 5332 RpcSs - ok
21:05:40.0781 5332 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
21:05:40.0794 5332 rspndr - ok
21:05:40.0837 5332 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
21:05:40.0850 5332 s3cap - ok
21:05:40.0868 5332 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
21:05:40.0871 5332 SamSs - ok
21:05:40.0889 5332 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
21:05:40.0909 5332 sbp2port - ok
21:05:40.0937 5332 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
21:05:40.0963 5332 SCardSvr - ok
21:05:40.0981 5332 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
21:05:40.0995 5332 scfilter - ok
21:05:41.0041 5332 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
21:05:41.0087 5332 Schedule - ok
21:05:41.0133 5332 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
21:05:41.0136 5332 SCPolicySvc - ok
21:05:41.0166 5332 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
21:05:41.0189 5332 SDRSVC - ok
21:05:41.0222 5332 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
21:05:41.0237 5332 secdrv - ok
21:05:41.0252 5332 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
21:05:41.0274 5332 seclogon - ok
21:05:41.0288 5332 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
21:05:41.0311 5332 SENS - ok
21:05:41.0329 5332 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
21:05:41.0347 5332 SensrSvc - ok
21:05:41.0372 5332 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
21:05:41.0386 5332 Serenum - ok
21:05:41.0410 5332 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
21:05:41.0423 5332 Serial - ok
21:05:41.0458 5332 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
21:05:41.0474 5332 sermouse - ok
21:05:41.0518 5332 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
21:05:41.0539 5332 SessionEnv - ok
21:05:41.0567 5332 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
21:05:41.0580 5332 sffdisk - ok
21:05:41.0600 5332 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
21:05:41.0614 5332 sffp_mmc - ok
21:05:41.0624 5332 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
21:05:41.0635 5332 sffp_sd - ok
21:05:41.0650 5332 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
21:05:41.0667 5332 sfloppy - ok
21:05:41.0725 5332 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
21:05:41.0760 5332 SharedAccess - ok
21:05:41.0791 5332 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:05:41.0820 5332 ShellHWDetection - ok
21:05:41.0837 5332 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
21:05:41.0854 5332 SiSRaid2 - ok
21:05:41.0865 5332 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
21:05:41.0882 5332 SiSRaid4 - ok
21:05:41.0915 5332 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
21:05:41.0931 5332 Smb - ok
21:05:42.0079 5332 [ 48BFC901748A6CBDBCADD7991C867060 ] SmcService c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
21:05:42.0226 5332 SmcService - ok
21:05:42.0272 5332 [ 767DE5FFE38B673C03551F50D96EBA0B ] SNAC c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
21:05:42.0307 5332 SNAC - ok
21:05:42.0346 5332 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
21:05:42.0350 5332 SNMPTRAP - ok
21:05:42.0368 5332 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
21:05:42.0385 5332 spldr - ok
21:05:42.0422 5332 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
21:05:42.0438 5332 Spooler - ok
21:05:42.0540 5332 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
21:05:42.0597 5332 sppsvc - ok
21:05:42.0619 5332 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
21:05:42.0636 5332 sppuinotify - ok
21:05:42.0665 5332 [ B531FC8918DCDAAE638511A123C3465E ] SRTSP C:\windows\system32\Drivers\SRTSP64.SYS
21:05:42.0713 5332 SRTSP - ok
21:05:42.0749 5332 [ 2BD3A73D0601320B72486FC3EBC2544F ] SRTSPL C:\windows\system32\Drivers\SRTSPL64.SYS
21:05:42.0784 5332 SRTSPL - ok
21:05:42.0804 5332 [ 529B337C1AEEB289F0B502EB0EE6A8F5 ] SRTSPX C:\windows\system32\Drivers\SRTSPX64.SYS
21:05:42.0819 5332 SRTSPX - ok
21:05:42.0847 5332 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
21:05:42.0880 5332 srv - ok
21:05:42.0905 5332 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
21:05:42.0924 5332 srv2 - ok
21:05:42.0958 5332 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
21:05:42.0962 5332 srvnet - ok
21:05:42.0982 5332 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
21:05:43.0002 5332 SSDPSRV - ok
21:05:43.0024 5332 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
21:05:43.0049 5332 SstpSvc - ok
21:05:43.0110 5332 [ B2D8B364A831427A5741F6C408FA8AE3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
21:05:43.0115 5332 STacSV - ok
21:05:43.0138 5332 [ E4EA2412FB1B8AEE33667A9CC6D456A4 ] stdcfltn C:\windows\system32\DRIVERS\stdcfltn.sys
21:05:43.0156 5332 stdcfltn - ok
21:05:43.0207 5332 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
21:05:43.0225 5332 stexstor - ok
21:05:43.0276 5332 [ EF5ACDE92BA3F691BBFEF781CB063501 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
21:05:43.0343 5332 STHDA - ok
21:05:43.0393 5332 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
21:05:43.0443 5332 stisvc - ok
21:05:43.0477 5332 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
21:05:43.0495 5332 storflt - ok
21:05:43.0515 5332 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
21:05:43.0536 5332 StorSvc - ok
21:05:43.0570 5332 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
21:05:43.0589 5332 storvsc - ok
21:05:43.0618 5332 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
21:05:43.0644 5332 swenum - ok
21:05:43.0700 5332 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
21:05:43.0768 5332 swprv - ok
21:05:43.0857 5332 [ D880FBD65B6F4885AC89628225B91398 ] Symantec AntiVirus c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
21:05:43.0933 5332 Symantec AntiVirus - ok
21:05:43.0984 5332 [ D1F1A5E72E33D6BE449F5F1F4A513DD1 ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
21:05:44.0010 5332 SymEvent - ok
21:05:44.0063 5332 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\windows\system32\drivers\Synth3dVsc.sys
21:05:44.0086 5332 Synth3dVsc - ok
21:05:44.0162 5332 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
21:05:44.0278 5332 SysMain - ok
21:05:44.0300 5332 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
21:05:44.0321 5332 TabletInputService - ok
21:05:44.0351 5332 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
21:05:44.0393 5332 TapiSrv - ok
21:05:44.0424 5332 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
21:05:44.0449 5332 TBS - ok
21:05:44.0463 5332 [ 08228AC4B3EEF0DEE3D38D239692E510 ] tcm C:\windows\system32\drivers\tcm.sys
21:05:44.0483 5332 tcm - ok
21:05:44.0571 5332 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
21:05:44.0663 5332 Tcpip - ok
21:05:44.0745 5332 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
21:05:44.0793 5332 TCPIP6 - ok
21:05:44.0840 5332 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
21:05:44.0861 5332 tcpipreg - ok
21:05:44.0920 5332 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
21:05:44.0938 5332 TDPIPE - ok
21:05:44.0974 5332 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
21:05:44.0992 5332 TDTCP - ok
21:05:45.0045 5332 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
21:05:45.0069 5332 tdx - ok
21:05:45.0101 5332 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
21:05:45.0121 5332 TermDD - ok
21:05:45.0162 5332 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\windows\system32\drivers\terminpt.sys
21:05:45.0182 5332 terminpt - ok
21:05:45.0221 5332 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
21:05:45.0279 5332 TermService - ok
21:05:45.0312 5332 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
21:05:45.0336 5332 Themes - ok
21:05:45.0375 5332 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
21:05:45.0379 5332 THREADORDER - ok
21:05:45.0525 5332 [ CF77958AB434B51CA3595FB2AA0B144A ] TracSrvWrapper c:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
21:05:45.0688 5332 TracSrvWrapper - ok
21:05:45.0753 5332 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
21:05:45.0781 5332 TrkWks - ok
21:05:45.0845 5332 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:05:45.0850 5332 TrustedInstaller - ok
21:05:45.0884 5332 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
21:05:45.0900 5332 tssecsrv - ok
21:05:45.0926 5332 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
21:05:45.0946 5332 TsUsbFlt - ok
21:05:45.0971 5332 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
21:05:45.0987 5332 TsUsbGD - ok
21:05:46.0009 5332 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\windows\system32\drivers\tsusbhub.sys
21:05:46.0031 5332 tsusbhub - ok
21:05:46.0068 5332 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
21:05:46.0091 5332 tunnel - ok
21:05:46.0123 5332 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
21:05:46.0143 5332 uagp35 - ok
21:05:46.0176 5332 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
21:05:46.0227 5332 udfs - ok
21:05:46.0276 5332 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
21:05:46.0281 5332 UI0Detect - ok
21:05:46.0304 5332 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
21:05:46.0324 5332 uliagpkx - ok
21:05:46.0369 5332 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
21:05:46.0389 5332 umbus - ok
21:05:46.0416 5332 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
21:05:46.0435 5332 UmPass - ok
21:05:46.0464 5332 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
21:05:46.0506 5332 UmRdpService - ok
21:05:46.0540 5332 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
21:05:46.0575 5332 upnphost - ok
21:05:46.0602 5332 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
21:05:46.0622 5332 usbccgp - ok
21:05:46.0647 5332 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
21:05:46.0677 5332 usbcir - ok
21:05:46.0700 5332 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\windows\system32\drivers\usbehci.sys
21:05:46.0720 5332 usbehci - ok
21:05:46.0746 5332 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
21:05:46.0779 5332 usbhub - ok
21:05:46.0805 5332 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\drivers\usbohci.sys
21:05:46.0821 5332 usbohci - ok
21:05:46.0851 5332 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
21:05:46.0864 5332 usbprint - ok
21:05:46.0898 5332 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
21:05:46.0911 5332 usbscan - ok
21:05:46.0947 5332 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
21:05:46.0965 5332 USBSTOR - ok
21:05:46.0987 5332 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
21:05:47.0003 5332 usbuhci - ok
21:05:47.0039 5332 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
21:05:47.0064 5332 usbvideo - ok
21:05:47.0087 5332 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
21:05:47.0106 5332 UxSms - ok
21:05:47.0125 5332 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
21:05:47.0128 5332 VaultSvc - ok
21:05:47.0159 5332 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
21:05:47.0173 5332 vdrvroot - ok
21:05:47.0204 5332 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
21:05:47.0230 5332 vds - ok
21:05:47.0254 5332 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
21:05:47.0270 5332 vga - ok
21:05:47.0309 5332 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
21:05:47.0325 5332 VgaSave - ok
21:05:47.0337 5332 VGPU - ok
21:05:47.0367 5332 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
21:05:47.0392 5332 vhdmp - ok
21:05:47.0421 5332 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
21:05:47.0438 5332 viaide - ok
21:05:47.0475 5332 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
21:05:47.0499 5332 vmbus - ok
21:05:47.0524 5332 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
21:05:47.0539 5332 VMBusHID - ok
21:05:47.0570 5332 [ A96AFA32F73C065B9AE9D1554CDD00FC ] vna_ap C:\windows\system32\DRIVERS\vnaap.sys
21:05:47.0595 5332 vna_ap - ok
21:05:47.0610 5332 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
21:05:47.0628 5332 volmgr - ok
21:05:47.0660 5332 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
21:05:47.0718 5332 volmgrx - ok
21:05:47.0778 5332 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
21:05:47.0803 5332 volsnap - ok
21:05:47.0862 5332 [ 3BADB92F3E94EC0C7851DF03482C0187 ] vsdatant C:\windows\system32\DRIVERS\vsdatant.sys
21:05:47.0903 5332 vsdatant - ok
21:05:47.0924 5332 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
21:05:47.0957 5332 vsmraid - ok
21:05:48.0021 5332 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
21:05:48.0079 5332 VSS - ok
21:05:48.0117 5332 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
21:05:48.0150 5332 vwifibus - ok
21:05:48.0197 5332 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
21:05:48.0218 5332 vwififlt - ok
21:05:48.0251 5332 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
21:05:48.0268 5332 W32Time - ok
21:05:48.0299 5332 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
21:05:48.0324 5332 WacomPen - ok
21:05:48.0365 5332 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
21:05:48.0386 5332 WANARP - ok
21:05:48.0410 5332 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
21:05:48.0413 5332 Wanarpv6 - ok
21:05:48.0482 5332 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
21:05:48.0529 5332 WatAdminSvc - ok
21:05:48.0599 5332 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
21:05:48.0690 5332 wbengine - ok
21:05:48.0723 5332 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
21:05:48.0757 5332 WbioSrvc - ok
21:05:48.0793 5332 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
21:05:48.0826 5332 wcncsvc - ok
21:05:48.0854 5332 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:05:48.0876 5332 WcsPlugInService - ok
21:05:48.0899 5332 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
21:05:48.0919 5332 Wd - ok
21:05:48.0968 5332 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
21:05:49.0017 5332 Wdf01000 - ok
21:05:49.0040 5332 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
21:05:49.0069 5332 WdiServiceHost - ok
21:05:49.0086 5332 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
21:05:49.0093 5332 WdiSystemHost - ok
21:05:49.0124 5332 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
21:05:49.0174 5332 WebClient - ok
21:05:49.0204 5332 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
21:05:49.0238 5332 Wecsvc - ok
21:05:49.0268 5332 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
21:05:49.0292 5332 wercplsupport - ok
21:05:49.0332 5332 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
21:05:49.0338 5332 WerSvc - ok
21:05:49.0382 5332 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
21:05:49.0399 5332 WfpLwf - ok
21:05:49.0428 5332 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
21:05:49.0446 5332 WIMMount - ok
21:05:49.0476 5332 WinDefend - ok
21:05:49.0511 5332 WinHttpAutoProxySvc - ok
21:05:49.0572 5332 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
21:05:49.0598 5332 Winmgmt - ok
21:05:49.0684 5332 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
21:05:49.0778 5332 WinRM - ok
21:05:49.0857 5332 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUSB.sys
21:05:49.0874 5332 WinUsb - ok
21:05:49.0977 5332 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
21:05:50.0052 5332 Wlansvc - ok
21:05:50.0092 5332 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
21:05:50.0111 5332 WmiAcpi - ok
21:05:50.0160 5332 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
21:05:50.0165 5332 wmiApSrv - ok
21:05:50.0191 5332 WMPNetworkSvc - ok
21:05:50.0211 5332 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
21:05:50.0228 5332 WPCSvc - ok
21:05:50.0256 5332 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
21:05:50.0291 5332 WPDBusEnum - ok
21:05:50.0310 5332 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
21:05:50.0331 5332 ws2ifsl - ok
21:05:50.0365 5332 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
21:05:50.0397 5332 wscsvc - ok
21:05:50.0414 5332 WSearch - ok
21:05:50.0523 5332 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\windows\system32\wuaueng.dll
21:05:50.0590 5332 wuauserv - ok
21:05:50.0613 5332 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
21:05:50.0631 5332 WudfPf - ok
21:05:50.0660 5332 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
21:05:50.0679 5332 WUDFRd - ok
21:05:50.0699 5332 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
21:05:50.0719 5332 wudfsvc - ok
21:05:50.0742 5332 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
21:05:50.0767 5332 WwanSvc - ok
21:05:50.0844 5332 ================ Scan global ===============================
21:05:50.0872 5332 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
21:05:50.0918 5332 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
21:05:50.0953 5332 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
21:05:50.0975 5332 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
21:05:51.0025 5332 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
21:05:51.0033 5332 [Global] - ok
21:05:51.0034 5332 ================ Scan MBR ==================================
21:05:51.0046 5332 [ C9BF916068238D16F510107A5AD6B482 ] \Device\Harddisk0\DR0
21:05:51.0434 5332 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:05:51.0434 5332 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:05:51.0435 5332 ================ Scan VBR ==================================
21:05:51.0441 5332 [ 757D59FA81774C12A51FD3ED5269EB03 ] \Device\Harddisk0\DR0\Partition1
21:05:51.0444 5332 \Device\Harddisk0\DR0\Partition1 - ok
21:05:51.0480 5332 [ E840B1C408A855CED61FF59987916E70 ] \Device\Harddisk0\DR0\Partition2
21:05:51.0485 5332 \Device\Harddisk0\DR0\Partition2 - ok
21:05:51.0489 5332 ============================================================
21:05:51.0489 5332 Scan finished
21:05:51.0489 5332 ============================================================
21:05:51.0509 4224 Detected object count: 1
21:05:51.0509 4224 Actual detected object count: 1
21:07:37.0383 4224 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:07:37.0405 4224 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:07:38.0377 4224 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:07:38.0409 4224 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:07:38.0435 4224 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:07:38.0508 4224 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:07:38.0546 4224 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:07:38.0555 4224 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:07:38.0566 4224 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:07:38.0580 4224 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:07:38.0602 4224 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:07:38.0622 4224 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:07:38.0634 4224 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:07:38.0646 4224 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:07:38.0677 4224 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:07:38.0695 4224 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine

#4 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 09 September 2012 - 08:39 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 21:15:11
-----------------------------
21:15:11.755 OS Version: Windows x64 6.1.7601 Service Pack 1
21:15:11.755 Number of processors: 4 586 0x2A07
21:15:11.757 ComputerName: AITLUS0625 UserName:
21:15:15.439 Initialize success
21:16:44.700 AVAST engine defs: 12090901
21:17:35.181 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:17:35.185 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 8
21:17:35.191 Disk 0 MBR read successfully
21:17:35.197 Disk 0 MBR scan
21:17:35.216 Disk 0 unknown MBR code
21:17:35.223 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 610 MB offset 2048
21:17:35.254 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476325 MB offset 1253070
21:17:35.304 Disk 0 scanning C:\windows\system32\drivers
21:17:54.272 Service scanning
21:18:37.803 Modules scanning
21:18:37.823 Disk 0 trace - called modules:
21:18:37.848 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
21:18:37.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006642060]
21:18:37.874 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80064eccb0]
21:18:37.886 5 stdcfltn.sys[fffff88001b6ad12] -> nt!IofCallDriver -> [0xfffffa80047453d0]
21:18:37.901 7 ACPI.sys[fffff88000f477a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004746050]
21:18:40.907 AVAST engine scan C:\windows
21:18:47.543 AVAST engine scan C:\windows\system32
21:26:00.005 AVAST engine scan C:\windows\system32\drivers
21:26:50.236 AVAST engine scan C:\Users\AITTCalandra
21:33:27.994 AVAST engine scan C:\ProgramData
21:35:54.088 Scan finished successfully
21:36:15.507 Disk 0 MBR has been saved successfully to "C:\Users\AITTCalandra\Desktop\MBR.dat"
21:36:15.522 The log file has been saved successfully to "C:\Users\AITTCalandra\Desktop\aswMBR.txt"

#5 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 09 September 2012 - 10:42 PM

I ran the ESET scanner, but for whatever reason I can't find the .txt file. All it found were 4 items in the TDSS quarantine and 3 items in the recycle bin.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 AM

Posted 10 September 2012 - 01:58 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 10 September 2012 - 08:16 AM

Heres where I have to be careful. This is a work computer for me, and I need to make sure I don't delete or reset anything that will prevent me from being able to get on our network. If one of these progras starts resetting some of my settings, I'm concerned I could run into more problems.

#8 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 10 September 2012 - 04:42 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by AITTCalandra (administrator) on 10-09-2012 at 17:39:50
Microsoft Windows 7 Enterprise Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6205 = Wireless Network Connection (Connected)
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AITLUS0625
Primary Dns Suffix . . . . . . . : nasa.group.atlascopco.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nasa.group.atlascopco.com
emea.group.atlascopco.com
apac.group.atlascopco.com
group.atlascopco.com

Ethernet adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : nasa.group.atlascopco.com
Description . . . . . . . . . . . : Check Point Virtual Network Adapter For Endpoint VPN Client
Physical Address. . . . . . . . . : 54-25-5C-4C-CA-10
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.nh.comcast.net.
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6205
Physical Address. . . . . . . . . : 8C-70-5A-6B-85-94
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a4af:1e15:4dec:9b68%23(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.109(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, September 10, 2012 4:34:18 PM
Lease Expires . . . . . . . . . . : Monday, September 17, 2012 5:40:24 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 646738010
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A7-47-F1-00-0C-29-94-F7-66
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : nasa.group.atlascopco.com
Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : D4-BE-D9-0B-10-E2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.nh.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.nh.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:18ed:3ee3:3f57:ff92(Preferred)
Link-local IPv6 Address . . . . . : fe80::18ed:3ee3:3f57:ff92%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:4006:802::1005
74.125.226.206
74.125.226.196
74.125.226.197
74.125.226.195
74.125.226.201
74.125.226.194
74.125.226.200
74.125.226.198
74.125.226.193
74.125.226.192
74.125.226.199


Pinging google.com [74.125.226.198] with 32 bytes of data:
Reply from 74.125.226.198: bytes=32 time=91ms TTL=54
Reply from 74.125.226.198: bytes=32 time=42ms TTL=54

Ping statistics for 74.125.226.198:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 91ms, Average = 66ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=68ms TTL=51
Reply from 98.138.253.109: bytes=32 time=63ms TTL=51

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 63ms, Maximum = 68ms, Average = 65ms
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
===========================================================================
Interface List
16...54 25 5c 4c ca 10 ......Check Point Virtual Network Adapter For Endpoint VPN Client
23...8c 70 5a 6b 85 94 ......Intel® Centrino® Advanced-N 6205
15...d4 be d9 0b 10 e2 ......Intel® 82579LM Gigabit Network Connection
1...........................Software Loopback Interface 1
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.109 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.109 281
192.168.0.109 255.255.255.255 On-link 192.168.0.109 281
192.168.0.255 255.255.255.255 On-link 192.168.0.109 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.109 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.109 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:6ab8:18ed:3ee3:3f57:ff92/128
On-link
23 281 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::18ed:3ee3:3f57:ff92/128
On-link
23 281 fe80::a4af:1e15:4dec:9b68/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
23 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/10/2012 04:35:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 04:34:59 PM) (Source: AutoEnrollment) (User: )
Description: NASA\AITTCalandra0x8007003aThe specified server cannot perform the requested operation.

Error: (09/10/2012 07:15:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 07:14:33 AM) (Source: AutoEnrollment) (User: )
Description: NASA\AITTCalandra0x8007003aThe specified server cannot perform the requested operation.

Error: (09/09/2012 11:40:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2012 11:40:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2012 11:39:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2012 10:48:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2012 09:40:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/09/2012 09:11:52 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Trojan.Gen in File: C:\TDSSKiller_Quarantine\09.09.2012_21.04.34\tdlfs0000\tsk0002.dta by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.


System errors:
=============
Error: (09/10/2012 04:35:02 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NASA)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/10/2012 04:34:17 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/10/2012 04:34:16 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain NASA due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (09/10/2012 00:00:16 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain NASA due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (09/10/2012 10:26:26 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NASA)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/10/2012 10:18:28 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/10/2012 07:14:24 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NASA)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/10/2012 07:14:10 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/10/2012 07:14:08 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain NASA due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (09/09/2012 10:00:10 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain NASA due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.


Microsoft Office Sessions:
=========================
Error: (09/10/2012 04:35:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 04:34:59 PM) (Source: AutoEnrollment)(User: )
Description: NASA\AITTCalandra0x8007003aThe specified server cannot perform the requested operation.

Error: (09/10/2012 07:15:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 07:14:33 AM) (Source: AutoEnrollment)(User: )
Description: NASA\AITTCalandra0x8007003aThe specified server cannot perform the requested operation.

Error: (09/09/2012 11:40:52 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\AITTCalandra\Downloads\esetsmartinstaller_enu.exe

Error: (09/09/2012 11:40:47 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\AITTCalandra\Downloads\esetsmartinstaller_enu.exe

Error: (09/09/2012 11:39:18 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/09/2012 10:48:40 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\AITTCalandra\Downloads\esetsmartinstaller_enu.exe

Error: (09/09/2012 09:40:28 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\AITTCalandra\Downloads\esetsmartinstaller_enu.exe

Error: (09/09/2012 09:11:52 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Trojan.Gen in File: C:\TDSSKiller_Quarantine\09.09.2012_21.04.34\tdlfs0000\tsk0002.dta by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ABBYY FineReader for ScanSnap ™ 4.1 (Version: 8.02.650.72520)
AccelerometerP11 (Version: 2.00.10.33)
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.10.620)
Altiris Application Metering Agent (Version: 6.1.55)
Altiris Client Task Agent (Version: 6.0.1524)
Altiris Deployment Agent (Version: 1.0.0)
Altiris Software Delivery Solution Agent (Version: 6.1.1016.0)
Altiris Task Synchronization Agent (Version: 6.1.1030.0)
Atlas Copco Tools AB - Licensing (Version: 1.27.00.11)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.32)
CardMinder (Version: V4.1L40)
CardMinder V4.1 (Version: 4.1.40.1)
Check Point VPN (Version: 75.10.0000)
Definition update for Microsoft Office 2010 (KB982726)
Dell Touchpad (Version: 7.1208.101.125)
DWG TrueView 2012 (Version: 18.2.51.0)
ESET Online Scanner v3
IBM System i Access for Windows V6R1M0 (Version: 06.01.0800)
IDT Audio (Version: 1.0.6324.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Processor Graphics (Version: 8.15.10.2418)
Internet Explorer (Version: 9)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 24 (Version: 6.0.240)
K-Lite Codec Pack (Version: 4.6)
K-Lite Codec Pack 7.1.0 (Version: 7.1.0)
LiveReg (Symantec Corporation) (Version: 2.4.2.2295)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Lotus Notes 8.5 (Version: 8.50.8345)
Lotus Notes 8.5.1 (Version: 8.51.9271)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MULTIPROG 5.35 Build 218 (Version: 5.35.0.218)
MWSnap 3 (Version: 3.0.0.74)
NVIDIA Control Panel 296.70 (Version: 296.70)
NVIDIA Graphics Driver 296.70 (Version: 296.70)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.27 (Version: 136.27)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
ScanSnap (Version: 5.1.30.19)
ScanSnap Manager (Version: V5.1L30)
ScanSnap Organizer (Version: 4.1.30.16)
ScanSnap Organizer (Version: V4.1L30)
SolidWorks viewer (Version: 19.30.7)
Symantec Endpoint Protection (Version: 11.0.6100.645)
Symantec pcAnywhere (Version: 12.5.0)
Symantec Workspace Virtualization Agent (Version: 6.4.1266)
Tools Talk Power Focus
ToolsTalk DS/DL
ToolsTalk MT 4.42.02 (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
X7Magic Setup (Version: 7.1.5)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 3976.9 MB
Available physical RAM: 2108.75 MB
Total Pagefile: 7951.99 MB
Available Pagefile: 5939.81 MB
Total Virtual: 4095.88 MB
Available Virtual: 3980.74 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.16 GB) (Free:411.04 GB) NTFS

========================= Users: ========================================

User accounts for \\AITLUS0625

Asap Help Custodian Guest


**** End of log ****

#9 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 10 September 2012 - 04:44 PM

Farbar Service Scanner Version: 06-08-2012
Ran by AITTCalandra (administrator) on 10-09-2012 at 17:43:56
Running from "C:\Users\AITTCalandra\Downloads"
Microsoft Windows 7 Enterprise Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#10 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 10 September 2012 - 04:53 PM

AdwCleaner v2.001 - Logfile created 09/10/2012 at 17:46:48
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : AITTCalandra - AITLUS0625
# Boot Mode : Normal
# Running from : C:\Users\AITTCalandra\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\AITTCalandra\AppData\Roaming\Mozilla\Firefox\Profiles\wtvx6l8r.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1162 octets] - [10/09/2012 17:46:48]

########## EOF - C:\AdwCleaner[S1].txt - [1222 octets] ##########

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 AM

Posted 10 September 2012 - 09:17 PM

Malwarebytes log?

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Any current issues?

#12 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 10 September 2012 - 09:25 PM

Sorry - MalwareBytes didn't find anything on a full scan so I didnt post the log. RKill log below. The computer does seem to be running well now.


http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/10/2012 10:21:02 PM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PID: 4116) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Manual

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/10/2012 10:21:38 PM
Execution time: 0 hours(s), 0 minute(s), and 35 seconds(s)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 AM

Posted 10 September 2012 - 09:28 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 10 September 2012 - 10:56 PM

All set. Thank you very much for all of your time and help.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 AM

Posted 10 September 2012 - 11:00 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users