Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows popping up, FBI virus?


  • This topic is locked This topic is locked
37 replies to this topic

#1 Joydrop1270

Joydrop1270

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 02 March 2013 - 06:22 PM

Windows 7, might be the FBI virus. Windows are popping up randomly.



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:55 AM

Posted 02 March 2013 - 06:25 PM

Give us more details.

 

Can you access your desktop?

 

Can you boot into safemode?

 

Can you run scans?



#3 Joydrop1270

Joydrop1270
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 March 2013 - 08:51 AM

I'm trying to fix my a laptop, my uncle's laptop. So I'm typing you from a desktop, my computer.

 

I have his laptop right next to me, now.

 

 

What happen is when he hit the yes button on the up date some program. Which he normally doesn't do.

 

He tried stopping it with the cancel button. And when he hit it, that when he says a virus took over.

 

So now when I look at the laptop:

 

I can't see the bottom tool bar. 

 

I can't see the minimize, maximize  or close box in the top right corner. ( I have moved the pointer that way to see if it was hiding, no luck)

 

The screen is stuck  on an internet page, which I can't see the tool bar or URL spot.

 

When I try to get to the task manager, it will go to the page to select the task manager to pop up, but it does't pop up.

 

I can't get to the desktop.

 

The screen page it is stuck on is the FBI Cyber crime Division.  And its asking for money

 

What other information do you need?

 

What else do you me to do?

 

I will try to get it to safe mode later today, I posted the above in the wrong place, new to using this forum. I'll let you know later today.

 



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:55 AM

Posted 03 March 2013 - 08:55 AM

You posted in right place.

 

Please let us know if you can boot into either safemode or safemode with command prompt



#5 Joydrop1270

Joydrop1270
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 March 2013 - 03:06 PM

I was able to get safemode with command prompt to work.

 

what is the next step you would like me to take?



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:55 AM

Posted 03 March 2013 - 03:34 PM

Great.Please run these commands

 

Restart the PC and boot into temp account and let me know


Edited by narenxp, 03 March 2013 - 03:51 PM.


#7 Joydrop1270

Joydrop1270
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 March 2013 - 03:44 PM

ok I entered commands and I'm in he temp account



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:55 AM

Posted 03 March 2013 - 03:51 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#9 Joydrop1270

Joydrop1270
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 March 2013 - 04:15 PM

I downloaded TDSSKiller and changed the parameters.  I did have to hit the reboot now button. 

 

After I checked the parameters after the reboot, they are showing up as I saw them the first time before changing them.

 

So 1) Do I the same parameters and don't hit the "reboot now" button?  or 2) do I just hit the "scan now" button?



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:55 AM

Posted 03 March 2013 - 04:19 PM

Click on SCAN NOW



#11 Joydrop1270

Joydrop1270
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 March 2013 - 04:20 PM

k



#12 Joydrop1270

Joydrop1270
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 March 2013 - 04:25 PM

Here is the TDSSkiler log:

 

16:08:02.0252 4648  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:08:04.0265 4648  ============================================================
16:08:04.0265 4648  Current date / time: 2013/03/03 16:08:04.0265
16:08:04.0265 4648  SystemInfo:
16:08:04.0265 4648 
16:08:04.0265 4648  OS Version: 6.1.7601 ServicePack: 1.0
16:08:04.0265 4648  Product type: Workstation
16:08:04.0265 4648  ComputerName: S-PC
16:08:04.0265 4648  UserName: Steven
16:08:04.0265 4648  Windows directory: C:\windows
16:08:04.0265 4648  System windows directory: C:\windows
16:08:04.0265 4648  Processor architecture: Intel x86
16:08:04.0265 4648  Number of processors: 1
16:08:04.0265 4648  Page size: 0x1000
16:08:04.0265 4648  Boot type: Normal boot
16:08:04.0265 4648  ============================================================
16:08:05.0232 4648  BG loaded
16:08:05.0669 4648  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:08:05.0669 4648  ============================================================
16:08:05.0669 4648  \Device\Harddisk0\DR0:
16:08:05.0669 4648  MBR partitions:
16:08:05.0669 4648  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BE8C800
16:08:05.0669 4648  ============================================================
16:08:05.0700 4648  C: <-> \Device\Harddisk0\DR0\Partition1
16:08:05.0700 4648  ============================================================
16:08:05.0700 4648  Initialize success
16:08:05.0700 4648  ============================================================
16:20:40.0525 5168  ============================================================
16:20:40.0525 5168  Scan started
16:20:40.0525 5168  Mode: Manual;
16:20:40.0525 5168  ============================================================
16:20:40.0993 5168  ================ Scan system memory ========================
16:20:40.0993 5168  System memory - ok
16:20:40.0993 5168  ================ Scan services =============================
16:20:41.0196 5168  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:20:41.0196 5168  1394ohci - ok
16:20:41.0289 5168  [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:20:41.0289 5168  ACDaemon - ok
16:20:41.0336 5168  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:20:41.0336 5168  ACPI - ok
16:20:41.0398 5168  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:20:41.0414 5168  AcpiPmi - ok
16:20:41.0461 5168  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
16:20:41.0476 5168  adp94xx - ok
16:20:41.0492 5168  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
16:20:41.0508 5168  adpahci - ok
16:20:41.0554 5168  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
16:20:41.0570 5168  adpu320 - ok
16:20:41.0648 5168  [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
16:20:41.0648 5168  AdvancedSystemCareService5 - ok
16:20:41.0695 5168  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:20:41.0695 5168  AeLookupSvc - ok
16:20:41.0742 5168  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
16:20:41.0742 5168  AFD - ok
16:20:41.0820 5168  [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem  C:\windows\system32\DRIVERS\AGRSM.sys
16:20:41.0835 5168  AgereSoftModem - ok
16:20:41.0882 5168  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
16:20:41.0898 5168  agp440 - ok
16:20:41.0929 5168  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
16:20:41.0929 5168  aic78xx - ok
16:20:41.0960 5168  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
16:20:41.0976 5168  ALG - ok
16:20:41.0991 5168  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
16:20:42.0007 5168  aliide - ok
16:20:42.0022 5168  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
16:20:42.0038 5168  amdagp - ok
16:20:42.0100 5168  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
16:20:42.0100 5168  amdide - ok
16:20:42.0132 5168  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
16:20:42.0147 5168  AmdK8 - ok
16:20:42.0178 5168  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
16:20:42.0194 5168  AmdPPM - ok
16:20:42.0210 5168  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:20:42.0225 5168  amdsata - ok
16:20:42.0256 5168  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
16:20:42.0272 5168  amdsbs - ok
16:20:42.0303 5168  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:20:42.0303 5168  amdxata - ok
16:20:42.0350 5168  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
16:20:42.0350 5168  AppID - ok
16:20:42.0381 5168  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:20:42.0397 5168  AppIDSvc - ok
16:20:42.0444 5168  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
16:20:42.0444 5168  Appinfo - ok
16:20:42.0475 5168  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
16:20:42.0490 5168  arc - ok
16:20:42.0506 5168  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
16:20:42.0568 5168  arcsas - ok
16:20:42.0615 5168  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:20:42.0615 5168  AsyncMac - ok
16:20:42.0662 5168  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
16:20:42.0662 5168  atapi - ok
16:20:42.0724 5168  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:20:42.0724 5168  AudioEndpointBuilder - ok
16:20:42.0740 5168  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
16:20:42.0756 5168  Audiosrv - ok
16:20:42.0802 5168  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:20:42.0818 5168  AxInstSV - ok
16:20:42.0865 5168  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
16:20:42.0880 5168  b06bdrv - ok
16:20:42.0912 5168  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
16:20:42.0927 5168  b57nd60x - ok
16:20:42.0958 5168  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
16:20:42.0974 5168  BDESVC - ok
16:20:42.0990 5168  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
16:20:42.0990 5168  Beep - ok
16:20:43.0052 5168  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
16:20:43.0052 5168  BITS - ok
16:20:43.0068 5168  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
16:20:43.0068 5168  blbdrive - ok
16:20:43.0114 5168  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:20:43.0114 5168  bowser - ok
16:20:43.0146 5168  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
16:20:43.0146 5168  BrFiltLo - ok
16:20:43.0177 5168  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
16:20:43.0177 5168  BrFiltUp - ok
16:20:43.0239 5168  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
16:20:43.0239 5168  Browser - ok
16:20:43.0270 5168  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\system32\DRIVERS\BrSerId.sys
16:20:43.0286 5168  Brserid - ok
16:20:43.0302 5168  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:20:43.0302 5168  BrSerWdm - ok
16:20:43.0348 5168  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:20:43.0348 5168  BrUsbMdm - ok
16:20:43.0364 5168  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\system32\DRIVERS\BrUsbSer.sys
16:20:43.0380 5168  BrUsbSer - ok
16:20:43.0395 5168  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
16:20:43.0411 5168  BTHMODEM - ok
16:20:43.0442 5168  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
16:20:43.0458 5168  bthserv - ok
16:20:43.0504 5168  [ 260A069F403DA226D18C058AD14FD3A3 ] ccEvtMgr        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:20:43.0504 5168  ccEvtMgr - ok
16:20:43.0520 5168  [ 260A069F403DA226D18C058AD14FD3A3 ] ccSetMgr        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:20:43.0520 5168  ccSetMgr - ok
16:20:43.0551 5168  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:20:43.0551 5168  cdfs - ok
16:20:43.0598 5168  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
16:20:43.0598 5168  cdrom - ok
16:20:43.0660 5168  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
16:20:43.0660 5168  CertPropSvc - ok
16:20:43.0738 5168  [ 1F8A319D29394F9CE1B7AE020DF2EBBF ] cfWiMAXService  C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
16:20:43.0738 5168  cfWiMAXService - ok
16:20:43.0770 5168  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
16:20:43.0785 5168  circlass - ok
16:20:43.0848 5168  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
16:20:43.0848 5168  CLFS - ok
16:20:43.0910 5168  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:20:43.0941 5168  clr_optimization_v2.0.50727_32 - ok
16:20:43.0988 5168  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:20:44.0004 5168  clr_optimization_v4.0.30319_32 - ok
16:20:44.0035 5168  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
16:20:44.0035 5168  CmBatt - ok
16:20:44.0097 5168  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:20:44.0097 5168  cmdide - ok
16:20:44.0144 5168  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\windows\system32\Drivers\cng.sys
16:20:44.0160 5168  CNG - ok
16:20:44.0191 5168  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
16:20:44.0191 5168  Compbatt - ok
16:20:44.0222 5168  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
16:20:44.0222 5168  CompositeBus - ok
16:20:44.0238 5168  COMSysApp - ok
16:20:44.0269 5168  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
16:20:44.0269 5168  ConfigFree Service - ok
16:20:44.0300 5168  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
16:20:44.0300 5168  crcdisk - ok
16:20:44.0347 5168  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:20:44.0347 5168  CryptSvc - ok
16:20:44.0425 5168  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
16:20:44.0425 5168  DcomLaunch - ok
16:20:44.0472 5168  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
16:20:44.0487 5168  defragsvc - ok
16:20:44.0534 5168  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:20:44.0534 5168  DfsC - ok
16:20:44.0550 5168  DgiVecp - ok
16:20:44.0581 5168  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
16:20:44.0581 5168  Dhcp - ok
16:20:44.0612 5168  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
16:20:44.0612 5168  discache - ok
16:20:44.0628 5168  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
16:20:44.0628 5168  Disk - ok
16:20:44.0690 5168  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:20:44.0690 5168  Dnscache - ok
16:20:44.0752 5168  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
16:20:44.0768 5168  dot3svc - ok
16:20:44.0815 5168  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
16:20:44.0815 5168  DPS - ok
16:20:44.0846 5168  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:20:44.0862 5168  drmkaud - ok
16:20:44.0908 5168  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:20:44.0924 5168  DXGKrnl - ok
16:20:44.0940 5168  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
16:20:44.0940 5168  EapHost - ok
16:20:45.0049 5168  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
16:20:45.0189 5168  ebdrv - ok
16:20:45.0220 5168  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:20:45.0236 5168  eeCtrl - ok
16:20:45.0283 5168  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
16:20:45.0283 5168  EFS - ok
16:20:45.0361 5168  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:20:45.0423 5168  ehRecvr - ok
16:20:45.0454 5168  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
16:20:45.0486 5168  ehSched - ok
16:20:45.0532 5168  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
16:20:45.0564 5168  elxstor - ok
16:20:45.0673 5168  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:20:45.0673 5168  EraserUtilRebootDrv - ok
16:20:45.0688 5168  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:20:45.0704 5168  ErrDev - ok
16:20:45.0766 5168  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
16:20:45.0766 5168  EventSystem - ok
16:20:45.0798 5168  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
16:20:45.0813 5168  exfat - ok
16:20:45.0829 5168  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:20:45.0844 5168  fastfat - ok
16:20:45.0907 5168  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
16:20:45.0907 5168  Fax - ok
16:20:45.0938 5168  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
16:20:45.0938 5168  fdc - ok
16:20:45.0969 5168  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
16:20:45.0969 5168  fdPHost - ok
16:20:45.0985 5168  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
16:20:45.0985 5168  FDResPub - ok
16:20:46.0000 5168  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:20:46.0016 5168  FileInfo - ok
16:20:46.0032 5168  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:20:46.0047 5168  Filetrace - ok
16:20:46.0078 5168  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
16:20:46.0078 5168  flpydisk - ok
16:20:46.0110 5168  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:20:46.0110 5168  FltMgr - ok
16:20:46.0172 5168  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\windows\system32\FntCache.dll
16:20:46.0172 5168  FontCache - ok
16:20:46.0234 5168  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:20:46.0234 5168  FontCache3.0.0.0 - ok
16:20:46.0266 5168  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:20:46.0266 5168  FsDepends - ok
16:20:46.0312 5168  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:20:46.0328 5168  Fs_Rec - ok
16:20:46.0375 5168  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:20:46.0375 5168  fvevol - ok
16:20:46.0390 5168  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
16:20:46.0406 5168  gagp30kx - ok
16:20:46.0437 5168  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:20:46.0437 5168  GEARAspiWDM - ok
16:20:46.0468 5168  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
16:20:46.0484 5168  gpsvc - ok
16:20:46.0578 5168  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:20:46.0578 5168  gupdate - ok
16:20:46.0593 5168  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:20:46.0593 5168  gupdatem - ok
16:20:46.0624 5168  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:20:46.0624 5168  hcw85cir - ok
16:20:46.0671 5168  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:20:46.0687 5168  HdAudAddService - ok
16:20:46.0718 5168  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
16:20:46.0734 5168  HDAudBus - ok
16:20:46.0749 5168  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
16:20:46.0749 5168  HidBatt - ok
16:20:46.0780 5168  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
16:20:46.0780 5168  HidBth - ok
16:20:46.0812 5168  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
16:20:46.0812 5168  HidIr - ok
16:20:46.0843 5168  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\system32\hidserv.dll
16:20:46.0843 5168  hidserv - ok
16:20:46.0890 5168  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
16:20:46.0905 5168  HidUsb - ok
16:20:46.0952 5168  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:20:46.0952 5168  hkmsvc - ok
16:20:46.0999 5168  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:20:46.0999 5168  HomeGroupListener - ok
16:20:47.0061 5168  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:20:47.0061 5168  HomeGroupProvider - ok
16:20:47.0108 5168  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:20:47.0124 5168  HpSAMD - ok
16:20:47.0186 5168  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:20:47.0186 5168  HTTP - ok
16:20:47.0217 5168  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:20:47.0217 5168  hwpolicy - ok
16:20:47.0264 5168  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
16:20:47.0264 5168  i8042prt - ok
16:20:47.0295 5168  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
16:20:47.0295 5168  iaStor - ok
16:20:47.0342 5168  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:20:47.0467 5168  iaStorV - ok
16:20:47.0498 5168  [ 60B044A221CF76CC6077B0C3E9136CFF ] ICDUSB2         C:\windows\system32\Drivers\ICDUSB2.sys
16:20:47.0514 5168  ICDUSB2 - ok
16:20:47.0560 5168  [ 4B9F5768F6DA1FD247198D91A07328D9 ] ICDUSB3         C:\windows\system32\Drivers\ICDUSB3.sys
16:20:47.0560 5168  ICDUSB3 - ok
16:20:47.0654 5168  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:20:47.0701 5168  idsvc - ok
16:20:47.0872 5168  [ 315AAAA2BC9BC778ADC0454B3CA8DCCE ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
16:20:47.0904 5168  igfx - ok
16:20:47.0935 5168  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
16:20:47.0950 5168  iirsp - ok
16:20:47.0997 5168  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
16:20:48.0013 5168  IKEEXT - ok
16:20:48.0106 5168  [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
16:20:48.0122 5168  IntcAzAudAddService - ok
16:20:48.0169 5168  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
16:20:48.0184 5168  intelide - ok
16:20:48.0216 5168  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
16:20:48.0216 5168  intelppm - ok
16:20:48.0247 5168  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:20:48.0372 5168  IPBusEnum - ok
16:20:48.0387 5168  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:20:48.0403 5168  IpFilterDriver - ok
16:20:48.0465 5168  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:20:48.0465 5168  IPMIDRV - ok
16:20:48.0512 5168  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:20:48.0512 5168  IPNAT - ok
16:20:48.0528 5168  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:20:48.0543 5168  IRENUM - ok
16:20:48.0559 5168  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:20:48.0574 5168  isapnp - ok
16:20:48.0606 5168  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:20:48.0621 5168  iScsiPrt - ok
16:20:48.0637 5168  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
16:20:48.0637 5168  kbdclass - ok
16:20:48.0668 5168  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
16:20:48.0699 5168  kbdhid - ok
16:20:48.0715 5168  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
16:20:48.0715 5168  KeyIso - ok
16:20:48.0777 5168  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:20:48.0777 5168  KSecDD - ok
16:20:48.0793 5168  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:20:48.0793 5168  KSecPkg - ok
16:20:48.0840 5168  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
16:20:48.0871 5168  KtmRm - ok
16:20:48.0886 5168  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
16:20:48.0886 5168  LanmanServer - ok
16:20:48.0918 5168  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:20:48.0918 5168  LanmanWorkstation - ok
16:20:49.0027 5168  [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
16:20:49.0058 5168  LiveUpdate - ok
16:20:49.0074 5168  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:20:49.0074 5168  lltdio - ok
16:20:49.0120 5168  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:20:49.0120 5168  lltdsvc - ok
16:20:49.0152 5168  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
16:20:49.0152 5168  lmhosts - ok
16:20:49.0167 5168  [ 6E3D3816749E107883EEC5734CE44493 ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
16:20:49.0183 5168  LPCFilter - ok
16:20:49.0198 5168  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
16:20:49.0276 5168  LSI_FC - ok
16:20:49.0339 5168  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
16:20:49.0464 5168  LSI_SAS - ok
16:20:49.0495 5168  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
16:20:49.0510 5168  LSI_SAS2 - ok
16:20:49.0557 5168  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
16:20:49.0557 5168  LSI_SCSI - ok
16:20:49.0588 5168  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
16:20:49.0588 5168  luafv - ok
16:20:49.0635 5168  [ 836E0E09CA9869BE7EB39EF2CF3602C7 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
16:20:49.0635 5168  MBAMProtector - ok
16:20:49.0666 5168  [ 246AF5A08B0339231BDD7437AB6FF6B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:20:49.0666 5168  MBAMService - ok
16:20:49.0713 5168  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:20:49.0729 5168  Mcx2Svc - ok
16:20:49.0776 5168  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
16:20:49.0776 5168  megasas - ok
16:20:49.0822 5168  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
16:20:49.0916 5168  MegaSR - ok
16:20:49.0963 5168  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
16:20:49.0963 5168  MMCSS - ok
16:20:49.0978 5168  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
16:20:49.0994 5168  Modem - ok
16:20:50.0041 5168  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:20:50.0041 5168  monitor - ok
16:20:50.0088 5168  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\drivers\mouclass.sys
16:20:50.0088 5168  mouclass - ok
16:20:50.0119 5168  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:20:50.0134 5168  mouhid - ok
16:20:50.0197 5168  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:20:50.0197 5168  mountmgr - ok
16:20:50.0290 5168  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:20:50.0306 5168  MozillaMaintenance - ok
16:20:50.0337 5168  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
16:20:50.0353 5168  mpio - ok
16:20:50.0368 5168  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:20:50.0384 5168  mpsdrv - ok
16:20:50.0431 5168  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:20:50.0431 5168  MRxDAV - ok
16:20:50.0478 5168  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:20:50.0478 5168  mrxsmb - ok
16:20:50.0540 5168  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:20:50.0540 5168  mrxsmb10 - ok
16:20:50.0556 5168  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:20:50.0556 5168  mrxsmb20 - ok
16:20:50.0602 5168  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
16:20:50.0602 5168  msahci - ok
16:20:50.0665 5168  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:20:50.0665 5168  msdsm - ok
16:20:50.0696 5168  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
16:20:50.0727 5168  MSDTC - ok
16:20:50.0774 5168  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:20:50.0774 5168  Msfs - ok
16:20:50.0790 5168  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:20:50.0790 5168  mshidkmdf - ok
16:20:50.0805 5168  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:20:50.0805 5168  msisadrv - ok
16:20:50.0836 5168  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:20:50.0852 5168  MSiSCSI - ok
16:20:50.0868 5168  msiserver - ok
16:20:50.0883 5168  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:20:50.0883 5168  MSKSSRV - ok
16:20:50.0899 5168  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:20:50.0914 5168  MSPCLOCK - ok
16:20:50.0930 5168  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:20:50.0961 5168  MSPQM - ok
16:20:50.0977 5168  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:20:50.0977 5168  MsRPC - ok
16:20:51.0039 5168  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
16:20:51.0039 5168  mssmbios - ok
16:20:51.0055 5168  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:20:51.0055 5168  MSTEE - ok
16:20:51.0086 5168  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
16:20:51.0086 5168  MTConfig - ok
16:20:51.0102 5168  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
16:20:51.0117 5168  Mup - ok
16:20:51.0164 5168  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
16:20:51.0164 5168  napagent - ok
16:20:51.0211 5168  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:20:51.0211 5168  NativeWifiP - ok
16:20:51.0351 5168  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130228.024\NAVENG.SYS
16:20:51.0351 5168  NAVENG - ok
16:20:51.0414 5168  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130228.024\NAVEX15.SYS
16:20:51.0414 5168  NAVEX15 - ok
16:20:51.0460 5168  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
16:20:51.0476 5168  NDIS - ok
16:20:51.0507 5168  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:20:51.0507 5168  NdisCap - ok
16:20:51.0538 5168  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:20:51.0554 5168  NdisTapi - ok
16:20:51.0585 5168  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:20:51.0585 5168  Ndisuio - ok
16:20:51.0632 5168  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:20:51.0632 5168  NdisWan - ok
16:20:51.0663 5168  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:20:51.0663 5168  NDProxy - ok
16:20:51.0679 5168  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:20:51.0679 5168  NetBIOS - ok
16:20:51.0726 5168  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:20:51.0726 5168  NetBT - ok
16:20:51.0757 5168  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
16:20:51.0757 5168  Netlogon - ok
16:20:51.0788 5168  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
16:20:51.0788 5168  Netman - ok
16:20:51.0819 5168  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
16:20:51.0819 5168  netprofm - ok
16:20:51.0850 5168  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:20:51.0850 5168  NetTcpPortSharing - ok
16:20:51.0882 5168  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
16:20:51.0897 5168  nfrd960 - ok
16:20:51.0944 5168  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\windows\System32\nlasvc.dll
16:20:51.0944 5168  NlaSvc - ok
16:20:51.0960 5168  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:20:51.0960 5168  Npfs - ok
16:20:52.0006 5168  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
16:20:52.0006 5168  nsi - ok
16:20:52.0022 5168  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:20:52.0022 5168  nsiproxy - ok
16:20:52.0116 5168  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:20:52.0131 5168  Ntfs - ok
16:20:52.0162 5168  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
16:20:52.0162 5168  Null - ok
16:20:52.0209 5168  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:20:52.0209 5168  nvraid - ok
16:20:52.0240 5168  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:20:52.0256 5168  nvstor - ok
16:20:52.0303 5168  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:20:52.0303 5168  nv_agp - ok
16:20:52.0365 5168  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:20:52.0365 5168  ohci1394 - ok
16:20:52.0428 5168  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:20:52.0459 5168  ose - ok
16:20:52.0630 5168  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:20:52.0786 5168  osppsvc - ok
16:20:52.0818 5168  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:20:52.0833 5168  p2pimsvc - ok
16:20:52.0849 5168  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
16:20:52.0864 5168  p2psvc - ok
16:20:52.0896 5168  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
16:20:52.0896 5168  Parport - ok
16:20:52.0942 5168  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:20:52.0942 5168  partmgr - ok
16:20:52.0974 5168  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
16:20:52.0974 5168  Parvdm - ok
16:20:53.0005 5168  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
16:20:53.0005 5168  PcaSvc - ok
16:20:53.0052 5168  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
16:20:53.0052 5168  pci - ok
16:20:53.0098 5168  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
16:20:53.0098 5168  pciide - ok
16:20:53.0130 5168  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
16:20:53.0145 5168  pcmcia - ok
16:20:53.0161 5168  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
16:20:53.0161 5168  pcw - ok
16:20:53.0208 5168  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:20:53.0208 5168  PEAUTH - ok
16:20:53.0317 5168  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
16:20:53.0348 5168  pla - ok
16:20:53.0410 5168  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:20:53.0410 5168  PlugPlay - ok
16:20:53.0442 5168  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:20:53.0457 5168  PNRPAutoReg - ok
16:20:53.0473 5168  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:20:53.0488 5168  PNRPsvc - ok
16:20:53.0535 5168  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:20:53.0551 5168  PolicyAgent - ok
16:20:53.0598 5168  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
16:20:53.0613 5168  Power - ok
16:20:53.0644 5168  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:20:53.0644 5168  PptpMiniport - ok
16:20:53.0676 5168  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
16:20:53.0676 5168  Processor - ok
16:20:53.0722 5168  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
16:20:53.0738 5168  ProfSvc - ok
16:20:53.0754 5168  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
16:20:53.0754 5168  ProtectedStorage - ok
16:20:53.0769 5168  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:20:53.0769 5168  Psched - ok
16:20:53.0800 5168  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
16:20:53.0816 5168  PxHelp20 - ok
16:20:53.0894 5168  [ 2631FC0676CC310B2E85FDE46B1560D9 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:20:53.0894 5168  QBCFMonitorService - ok
16:20:53.0956 5168  [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:20:53.0972 5168  QBFCService - ok
16:20:54.0034 5168  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
16:20:54.0066 5168  ql2300 - ok
16:20:54.0112 5168  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
16:20:54.0175 5168  ql40xx - ok
16:20:54.0222 5168  QuickBooksDB20 - ok
16:20:54.0268 5168  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
16:20:54.0284 5168  QWAVE - ok
16:20:54.0300 5168  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:20:54.0315 5168  QWAVEdrv - ok
16:20:54.0331 5168  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:20:54.0346 5168  RasAcd - ok
16:20:54.0378 5168  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:20:54.0378 5168  RasAgileVpn - ok
16:20:54.0393 5168  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
16:20:54.0409 5168  RasAuto - ok
16:20:54.0440 5168  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:20:54.0440 5168  Rasl2tp - ok
16:20:54.0502 5168  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
16:20:54.0518 5168  RasMan - ok
16:20:54.0534 5168  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:20:54.0534 5168  RasPppoe - ok
16:20:54.0549 5168  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:20:54.0549 5168  RasSstp - ok
16:20:54.0580 5168  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:20:54.0580 5168  rdbss - ok
16:20:54.0612 5168  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
16:20:54.0627 5168  rdpbus - ok
16:20:54.0674 5168  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:20:54.0674 5168  RDPCDD - ok
16:20:54.0690 5168  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:20:54.0690 5168  RDPENCDD - ok
16:20:54.0705 5168  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:20:54.0705 5168  RDPREFMP - ok
16:20:54.0783 5168  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
16:20:54.0799 5168  RdpVideoMiniport - ok
16:20:54.0846 5168  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:20:54.0861 5168  RDPWD - ok
16:20:54.0908 5168  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:20:54.0924 5168  rdyboost - ok
16:20:54.0955 5168  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
16:20:54.0970 5168  RemoteAccess - ok
16:20:55.0002 5168  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:20:55.0017 5168  RemoteRegistry - ok
16:20:55.0033 5168  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:20:55.0048 5168  RpcEptMapper - ok
16:20:55.0080 5168  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
16:20:55.0080 5168  RpcLocator - ok
16:20:55.0111 5168  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
16:20:55.0111 5168  RpcSs - ok
16:20:55.0158 5168  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:20:55.0158 5168  rspndr - ok
16:20:55.0189 5168  [ 07F66CA7DB9608806CA2EF1970DABA58 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
16:20:55.0204 5168  RSUSBSTOR - ok
16:20:55.0251 5168  [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
16:20:55.0251 5168  RTL8167 - ok
16:20:55.0314 5168  [ 949F74CB383A1D5DA67AEA9CCD4A8B87 ] RTL8187B        C:\windows\system32\DRIVERS\RTL8187B.sys
16:20:55.0314 5168  RTL8187B - ok
16:20:55.0314 5168  RtsUIR - ok
16:20:55.0345 5168  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
16:20:55.0345 5168  SamSs - ok
16:20:55.0376 5168  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:20:55.0392 5168  sbp2port - ok
16:20:55.0423 5168  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:20:55.0438 5168  SCardSvr - ok
16:20:55.0454 5168  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:20:55.0454 5168  scfilter - ok
16:20:55.0516 5168  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
16:20:55.0532 5168  Schedule - ok
16:20:55.0579 5168  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
16:20:55.0579 5168  SCPolicySvc - ok
16:20:55.0594 5168  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:20:55.0610 5168  SDRSVC - ok
16:20:55.0657 5168  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:20:55.0657 5168  secdrv - ok
16:20:55.0688 5168  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
16:20:55.0688 5168  seclogon - ok
16:20:55.0719 5168  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
16:20:55.0719 5168  SENS - ok
16:20:55.0735 5168  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:20:55.0750 5168  SensrSvc - ok
16:20:55.0766 5168  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
16:20:55.0782 5168  Serenum - ok
16:20:55.0813 5168  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
16:20:55.0813 5168  Serial - ok
16:20:55.0828 5168  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
16:20:55.0844 5168  sermouse - ok
16:20:55.0906 5168  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
16:20:55.0922 5168  SessionEnv - ok
16:20:55.0953 5168  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:20:55.0969 5168  sffdisk - ok
16:20:55.0984 5168  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:20:55.0984 5168  sffp_mmc - ok
16:20:56.0016 5168  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:20:56.0016 5168  sffp_sd - ok
16:20:56.0047 5168  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
16:20:56.0062 5168  sfloppy - ok
16:20:56.0140 5168  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
16:20:56.0156 5168  SharedAccess - ok
16:20:56.0203 5168  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:20:56.0218 5168  ShellHWDetection - ok
16:20:56.0265 5168  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
16:20:56.0281 5168  sisagp - ok
16:20:56.0328 5168  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
16:20:56.0328 5168  SiSRaid2 - ok
16:20:56.0359 5168  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
16:20:56.0437 5168  SiSRaid4 - ok
16:20:56.0468 5168  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:20:56.0468 5168  Smb - ok
16:20:56.0562 5168  [ 0DC94380BE7D36AE241029C72807692E ] SmcService      C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
16:20:56.0577 5168  SmcService - ok
16:20:56.0624 5168  [ 65E1EBF379856B677979802C8D5BCD87 ] SNAC            C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
16:20:56.0671 5168  SNAC - ok
16:20:56.0702 5168  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:20:56.0718 5168  SNMPTRAP - ok
16:20:56.0780 5168  [ E87CF104F12C92401C4D33C50A3D5DC8 ] SPBBCDrv        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
16:20:56.0780 5168  SPBBCDrv - ok
16:20:56.0811 5168  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
16:20:56.0811 5168  spldr - ok
16:20:56.0874 5168  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
16:20:56.0874 5168  Spooler - ok
16:20:56.0998 5168  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
16:20:57.0014 5168  sppsvc - ok
16:20:57.0076 5168  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:20:57.0092 5168  sppuinotify - ok
16:20:57.0139 5168  [ 5A293729E1F9FCE3A2106D1F5DC5E98A ] SRTSP           C:\windows\system32\Drivers\SRTSP.SYS
16:20:57.0139 5168  SRTSP - ok
16:20:57.0170 5168  [ 0DDB7FBA32BE09D8057063C0CEE24137 ] SRTSPL          C:\windows\system32\Drivers\SRTSPL.SYS
16:20:57.0201 5168  SRTSPL - ok
16:20:57.0217 5168  [ A99719DFB61B61AA5026341BBB733C0A ] SRTSPX          C:\windows\system32\Drivers\SRTSPX.SYS
16:20:57.0217 5168  SRTSPX - ok
16:20:57.0264 5168  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
16:20:57.0264 5168  srv - ok
16:20:57.0326 5168  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:20:57.0326 5168  srv2 - ok
16:20:57.0342 5168  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:20:57.0342 5168  srvnet - ok
16:20:57.0388 5168  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:20:57.0404 5168  SSDPSRV - ok
16:20:57.0420 5168  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\windows\system32\Drivers\SSPORT.sys
16:20:57.0420 5168  SSPORT - ok
16:20:57.0451 5168  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:20:57.0466 5168  SstpSvc - ok
16:20:57.0482 5168  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
16:20:57.0498 5168  stexstor - ok
16:20:57.0560 5168  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
16:20:57.0560 5168  StiSvc - ok
16:20:57.0607 5168  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
16:20:57.0607 5168  swenum - ok
16:20:57.0638 5168  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
16:20:57.0669 5168  swprv - ok
16:20:57.0732 5168  [ F3A4EAD0B3946E439F0397F7A4D09952 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
16:20:57.0747 5168  Symantec AntiVirus - ok
16:20:57.0794 5168  [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent        C:\windows\system32\Drivers\SYMEVENT.SYS
16:20:57.0810 5168  SymEvent - ok
16:20:57.0841 5168  [ 394B2368212114D538316812AF60FDDD ] SYMREDRV        C:\windows\System32\Drivers\SYMREDRV.SYS
16:20:57.0841 5168  SYMREDRV - ok
16:20:57.0872 5168  [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI          C:\windows\System32\Drivers\SYMTDI.SYS
16:20:57.0872 5168  SYMTDI - ok
16:20:57.0903 5168  [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
16:20:57.0903 5168  SynTP - ok
16:20:57.0997 5168  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
16:20:57.0997 5168  SysMain - ok
16:20:58.0028 5168  [ 5DCC2C7ACC29DFBA5BA82ED47D99C7E5 ] SysPlant        C:\windows\SYSTEM32\Drivers\SysPlant.sys
16:20:58.0028 5168  SysPlant - ok
16:20:58.0075 5168  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
16:20:58.0153 5168  TabletInputService - ok
16:20:58.0184 5168  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
16:20:58.0200 5168  TapiSrv - ok
16:20:58.0231 5168  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
16:20:58.0231 5168  TBS - ok
16:20:58.0309 5168  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:20:58.0324 5168  Tcpip - ok
16:20:58.0371 5168  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:20:58.0371 5168  TCPIP6 - ok
16:20:58.0418 5168  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:20:58.0418 5168  tcpipreg - ok
16:20:58.0465 5168  [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
16:20:58.0465 5168  tdcmdpst - ok
16:20:58.0512 5168  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:20:58.0527 5168  TDPIPE - ok
16:20:58.0574 5168  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:20:58.0574 5168  TDTCP - ok
16:20:58.0621 5168  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:20:58.0621 5168  tdx - ok
16:20:58.0668 5168  [ E02719342D161231805633126BD269DC ] TeamViewer5     C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
16:20:58.0668 5168  TeamViewer5 - ok
16:20:58.0699 5168  [ 1D3C046A9106DE97DDC8276958700BF4 ] Teefer2         C:\windows\system32\DRIVERS\teefer2.sys
16:20:58.0699 5168  Teefer2 - ok
16:20:58.0761 5168  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
16:20:58.0761 5168  TermDD - ok
16:20:58.0824 5168  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
16:20:58.0824 5168  TermService - ok
16:20:58.0855 5168  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
16:20:58.0855 5168  Themes - ok
16:20:58.0870 5168  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
16:20:58.0870 5168  THREADORDER - ok
16:20:58.0933 5168  [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:20:58.0948 5168  TMachInfo - ok
16:20:58.0964 5168  [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
16:20:58.0964 5168  TODDSrv - ok
16:20:59.0026 5168  [ 451B09BA1A0D019BA0B5A27229559D55 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:20:59.0026 5168  TosCoSrv - ok
16:20:59.0042 5168  [ 94ECABE1BA3559214FE6C3CE6C9677EB ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:20:59.0058 5168  TOSHIBA HDD SSD Alert Service - ok
16:20:59.0089 5168  [ 969377943FE7284609BABBAB4E06B93C ] tos_sps32       C:\windows\system32\DRIVERS\tos_sps32.sys
16:20:59.0089 5168  tos_sps32 - ok
16:20:59.0151 5168  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
16:20:59.0151 5168  TrkWks - ok
16:20:59.0214 5168  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:20:59.0214 5168  TrustedInstaller - ok
16:20:59.0245 5168  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:20:59.0245 5168  tssecsrv - ok
16:20:59.0307 5168  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:20:59.0307 5168  TsUsbFlt - ok
16:20:59.0354 5168  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:20:59.0354 5168  tunnel - ok
16:20:59.0385 5168  [ FC24015B4052600C324C43E3A79C0664 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:20:59.0385 5168  TVALZ - ok
16:20:59.0416 5168  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
16:20:59.0432 5168  uagp35 - ok
16:20:59.0494 5168  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:20:59.0510 5168  udfs - ok
16:20:59.0557 5168  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:20:59.0572 5168  UI0Detect - ok
16:20:59.0619 5168  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:20:59.0635 5168  uliagpkx - ok
16:20:59.0682 5168  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\drivers\umbus.sys
16:20:59.0682 5168  umbus - ok
16:20:59.0713 5168  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
16:20:59.0713 5168  UmPass - ok
16:20:59.0744 5168  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
16:20:59.0760 5168  upnphost - ok
16:20:59.0806 5168  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
16:20:59.0806 5168  usbaudio - ok
16:20:59.0869 5168  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
16:20:59.0869 5168  usbccgp - ok
16:20:59.0884 5168  USBCCID - ok
16:20:59.0916 5168  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:20:59.0931 5168  usbcir - ok
16:20:59.0978 5168  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
16:20:59.0978 5168  usbehci - ok
16:21:00.0025 5168  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:21:00.0025 5168  usbhub - ok
16:21:00.0056 5168  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
16:21:00.0056 5168  usbohci - ok
16:21:00.0072 5168  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
16:21:00.0087 5168  usbprint - ok
16:21:00.0118 5168  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
16:21:00.0134 5168  usbscan - ok
16:21:00.0165 5168  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:21:00.0165 5168  USBSTOR - ok
16:21:00.0212 5168  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
16:21:00.0212 5168  usbuhci - ok
16:21:00.0243 5168  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
16:21:00.0243 5168  UxSms - ok
16:21:00.0259 5168  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
16:21:00.0259 5168  VaultSvc - ok
16:21:00.0306 5168  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:21:00.0306 5168  vdrvroot - ok
16:21:00.0352 5168  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
16:21:00.0399 5168  vds - ok
16:21:00.0430 5168  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:21:00.0446 5168  vga - ok
16:21:00.0462 5168  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
16:21:00.0462 5168  VgaSave - ok
16:21:00.0508 5168  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:21:00.0524 5168  vhdmp - ok
16:21:00.0571 5168  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
16:21:00.0586 5168  viaagp - ok
16:21:00.0602 5168  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
16:21:00.0618 5168  ViaC7 - ok
16:21:00.0633 5168  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
16:21:00.0649 5168  viaide - ok
16:21:00.0696 5168  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:21:00.0696 5168  volmgr - ok
16:21:00.0742 5168  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:21:00.0742 5168  volmgrx - ok
16:21:00.0758 5168  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:21:00.0774 5168  volsnap - ok
16:21:00.0789 5168  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
16:21:00.0805 5168  vsmraid - ok
16:21:00.0883 5168  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
16:21:00.0898 5168  VSS - ok
16:21:00.0914 5168  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\System32\drivers\vwifibus.sys
16:21:00.0914 5168  vwifibus - ok
16:21:00.0945 5168  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
16:21:00.0945 5168  vwififlt - ok
16:21:00.0976 5168  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
16:21:00.0976 5168  vwifimp - ok
16:21:01.0023 5168  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
16:21:01.0023 5168  W32Time - ok
16:21:01.0054 5168  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
16:21:01.0054 5168  WacomPen - ok
16:21:01.0101 5168  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:21:01.0101 5168  WANARP - ok
16:21:01.0117 5168  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:21:01.0117 5168  Wanarpv6 - ok
16:21:01.0179 5168  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
16:21:01.0210 5168  WatAdminSvc - ok
16:21:01.0288 5168  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
16:21:01.0351 5168  wbengine - ok
16:21:01.0382 5168  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:21:01.0398 5168  WbioSrvc - ok
16:21:01.0460 5168  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:21:01.0460 5168  wcncsvc - ok
16:21:01.0476 5168  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:21:01.0538 5168  WcsPlugInService - ok
16:21:01.0585 5168  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
16:21:01.0600 5168  Wd - ok
16:21:01.0663 5168  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:21:01.0663 5168  Wdf01000 - ok
16:21:01.0710 5168  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:21:01.0710 5168  WdiServiceHost - ok
16:21:01.0710 5168  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:21:01.0725 5168  WdiSystemHost - ok
16:21:01.0772 5168  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
16:21:01.0788 5168  WebClient - ok
16:21:01.0819 5168  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:21:01.0834 5168  Wecsvc - ok
16:21:01.0850 5168  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:21:01.0850 5168  wercplsupport - ok
16:21:01.0866 5168  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
16:21:01.0866 5168  WerSvc - ok
16:21:01.0897 5168  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:21:01.0897 5168  WfpLwf - ok
16:21:01.0912 5168  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:21:01.0928 5168  WIMMount - ok
16:21:01.0944 5168  WinHttpAutoProxySvc - ok
16:21:01.0990 5168  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:21:02.0006 5168  Winmgmt - ok
16:21:02.0068 5168  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
16:21:02.0084 5168  WinRM - ok
16:21:02.0146 5168  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
16:21:02.0146 5168  WinUsb - ok
16:21:02.0209 5168  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
16:21:02.0224 5168  Wlansvc - ok
16:21:02.0349 5168  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:21:02.0365 5168  wlidsvc - ok
16:21:02.0412 5168  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
16:21:02.0412 5168  WmiAcpi - ok
16:21:02.0474 5168  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:21:02.0505 5168  wmiApSrv - ok
16:21:02.0583 5168  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:21:02.0599 5168  WMPNetworkSvc - ok
16:21:02.0630 5168  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:21:02.0630 5168  WPCSvc - ok
16:21:02.0692 5168  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:21:02.0692 5168  WPDBusEnum - ok
16:21:02.0724 5168  [ E8E745B8EEE63C7CF7D34833D3B8CA7F ] WPS             C:\windows\system32\drivers\wpsdrvnt.sys
16:21:02.0724 5168  WPS - ok
16:21:02.0755 5168  [ C306D2037EC147C7C663994F12B87F1E ] WpsHelper       C:\windows\system32\drivers\WpsHelper.sys
16:21:02.0755 5168  WpsHelper - ok
16:21:02.0802 5168  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:21:02.0802 5168  ws2ifsl - ok
16:21:02.0817 5168  WSearch - ok
16:21:02.0911 5168  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
16:21:02.0926 5168  wuauserv - ok
16:21:02.0973 5168  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:21:02.0973 5168  WudfPf - ok
16:21:03.0004 5168  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:21:03.0020 5168  WUDFRd - ok
16:21:03.0067 5168  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:21:03.0082 5168  wudfsvc - ok
16:21:03.0114 5168  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
16:21:03.0129 5168  WwanSvc - ok
16:21:03.0160 5168  ================ Scan global ===============================
16:21:03.0192 5168  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
16:21:03.0254 5168  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
16:21:03.0270 5168  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
16:21:03.0301 5168  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
16:21:03.0332 5168  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
16:21:03.0332 5168  [Global] - ok
16:21:03.0332 5168  ================ Scan MBR ==================================
16:21:03.0348 5168  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
16:21:03.0582 5168  \Device\Harddisk0\DR0 - ok
16:21:03.0582 5168  ================ Scan VBR ==================================
16:21:03.0597 5168  [ CCCF7B1DA0D32030E1F47F2B02234DAA ] \Device\Harddisk0\DR0\Partition1
16:21:03.0597 5168  \Device\Harddisk0\DR0\Partition1 - ok
16:21:03.0597 5168  ============================================================
16:21:03.0597 5168  Scan finished
16:21:03.0597 5168  ============================================================
16:21:03.0613 5596  Detected object count: 0
16:21:03.0613 5596  Actual detected object count: 0
 



#13 Joydrop1270

Joydrop1270
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 March 2013 - 04:38 PM

Here is teh aswMer log:

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-03 16:27:40
-----------------------------
16:27:40.967    OS Version: Windows 6.1.7601 Service Pack 1
16:27:40.967    Number of processors: 1 586 0x170A
16:27:40.983    ComputerName: S-PC  UserName:
16:28:19.328    Initialize success
16:33:09.096    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:33:09.096    Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
16:33:09.112    Disk 0 MBR read successfully
16:33:09.112    Disk 0 MBR scan
16:33:09.112    Disk 0 Windows VISTA default MBR code
16:33:09.143    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
16:33:09.159    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       228633 MB offset 3074048
16:33:09.174    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         8341 MB offset 471314432
16:33:09.190    Disk 0 scanning sectors +488396800
16:33:09.237    Disk 0 scanning C:\windows\system32\drivers
16:33:18.924    Service scanning
16:33:35.944    Service SysPlant C:\windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
16:33:36.958    Service Teefer2 C:\windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
16:33:41.388    Service WPS C:\windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
16:33:41.435    Service WpsHelper C:\windows\system32\drivers\WpsHelper.sys **LOCKED** 32
16:33:42.402    Modules scanning
16:34:06.255    Disk 0 trace - called modules:
16:34:06.286    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:34:06.286    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851c71a8]
16:34:06.286    3 CLASSPNP.SYS[88e0459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85a98028]
16:34:06.302    Scan finished successfully
16:34:42.852    Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
16:34:42.915    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-03 16:27:40
-----------------------------
16:27:40.967    OS Version: Windows 6.1.7601 Service Pack 1
16:27:40.967    Number of processors: 1 586 0x170A
16:27:40.983    ComputerName: S-PC  UserName:
16:28:19.328    Initialize success
16:33:09.096    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:33:09.096    Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
16:33:09.112    Disk 0 MBR read successfully
16:33:09.112    Disk 0 MBR scan
16:33:09.112    Disk 0 Windows VISTA default MBR code
16:33:09.143    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
16:33:09.159    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       228633 MB offset 3074048
16:33:09.174    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS         8341 MB offset 471314432
16:33:09.190    Disk 0 scanning sectors +488396800
16:33:09.237    Disk 0 scanning C:\windows\system32\drivers
16:33:18.924    Service scanning
16:33:35.944    Service SysPlant C:\windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
16:33:36.958    Service Teefer2 C:\windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
16:33:41.388    Service WPS C:\windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
16:33:41.435    Service WpsHelper C:\windows\system32\drivers\WpsHelper.sys **LOCKED** 32
16:33:42.402    Modules scanning
16:34:06.255    Disk 0 trace - called modules:
16:34:06.286    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:34:06.286    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851c71a8]
16:34:06.286    3 CLASSPNP.SYS[88e0459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85a98028]
16:34:06.302    Scan finished successfully
16:34:42.852    Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
16:34:42.915    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"
16:35:29.161    Disk 0 MBR has been saved successfully to "C:\Users\Steven\Desktop\MBR.dat"
16:35:29.177    The log file has been saved successfully to "C:\Users\Steven\Desktop\aswMBR.txt"


 



#14 Joydrop1270

Joydrop1270
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 March 2013 - 07:33 PM

Here is from Eset:

 

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0C3M1NM7\firstload_com[1].htm HTML/Hoax.FastDownload.C.Gen application 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EWF1ET0\firstload_com[1].htm HTML/Hoax.FastDownload.C.Gen application 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIBBOL3X\mx_mainxu[1].htm HTML/Iframe.B.Gen virus 
C:\$Recycle.Bin\S-1-5-21-698585133-3578644397-1465004164-1000\$R2KSSYY.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Program Files\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Program Files\FoxTabVideoConverter\Uninstall\Uninstall.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Steven\AppData\Local\Temp\0.6281922100310502.exe a variant of Win32/Kryptik.AVDL trojan cleaned by deleting - quarantined
C:\Users\Steven\AppData\Local\Temp\jar_cache4418655788988159581.tmp multiple threats deleted - quarantined
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7432f84b-75b2fb0d a variant of Java/Exploit.CVE-2011-3544.N trojan deleted - quarantined
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\615c98ea-396daf5e a variant of Win32/Kryptik.AVDL trojan cleaned by deleting - quarantined
C:\Users\Steven\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5b0baa7e-52e2ea50 Java/Agent.EX trojan cleaned by deleting - quarantined
C:\Users\Steven\AppData\Roaming\skype.dat a variant of Win32/Kryptik.AVDL trojan cleaned by deleting - quarantined
C:\Users\Steven\Documents\MikeHutch\Downloads for Steve\Ad vancedSystemCare\asc-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Steven\Downloads\asc-setup (1).exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Steven\Downloads\asc-setup (2).exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Steven\Downloads\asc-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Steven\Downloads\freestudio.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Steven\Downloads\registrybooster(1).exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Steven\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Windows\$NtUninstallKB10486$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0C3M1NM7\firstload_com[1].htm HTML/Hoax.FastDownload.C.Gen application cleaned by deleting - quarantined
C:\Windows\$NtUninstallKB10486$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EWF1ET0\firstload_com[1].htm HTML/Hoax.FastDownload.C.Gen application cleaned by deleting - quarantined
C:\Windows\$NtUninstallKB10486$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIBBOL3X\mx_mainxu[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
 



#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:55 AM

Posted 03 March 2013 - 07:43 PM

Boot into infected account now and run these scans

 


Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users