Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dllhost.exe memory usage keeps growing..


  • Please log in to reply
9 replies to this topic

#1 Speedo420

Speedo420

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 01 February 2014 - 03:13 AM

my wife's HP school laptop has begun running slower and slower.  I noticed that 30 plus dllhost.exe are present when I view the Task Manager.   here are logs of what I have fun the last day or so.   I was in the middle of an ESET scan when the machine rebooted.  I left it for a bit and came back so I assume it rebooted.

 

the scan had found 7 trogans after running for hours.  I remember it being about 70% completed.  the SuperAntiSpyware took hours to complete as you can see.   I'm looking and hoping you can help.......thanks!!

 

 

Farbar Service Scanner Version: 08-01-2014
Ran by martha.langdon (administrator) on 29-01-2014 at 22:01:27
Running from "E:\Babyyy"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=DWORD:0
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(9) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

 

 Results of screen317's Security Check version 0.99.79  
 Windows XP Service Pack 3 x86 (UAC is disabled!)  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Disabled!  
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
S
y
m
a
n
t
e
c
ECHO is off.
E
n
d
p
o
i
n
t
ECHO is off.
P
r
o
t
e
c
t
i
o
n
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 31  
 Java version out of Date!
 Adobe Reader 10.1.1 Adobe Reader out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by martha.langdon (administrator) on 31-01-2014 at 07:51:36
Running from "E:\Babyyy"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Broadcom 802.11a/b/g WLAN = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : NHS-STF-073219

        Primary Dns Suffix  . . . . . . . : ad.pps.k12.va.us

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : ad.pps.k12.va.us

                                            pps.k12.va.us

                                            k12.va.us

                                            va.us



Ethernet adapter Wireless Network Connection:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : Broadcom 802.11a/b/g WLAN

        Physical Address. . . . . . . . . : 00-1A-73-8F-A6-10



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet

        Physical Address. . . . . . . . . : 00-1A-4B-70-2A-B9

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.0.100

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.0.1

        DHCP Server . . . . . . . . . . . : 192.168.0.1

        DNS Servers . . . . . . . . . . . : 192.168.0.1

        Lease Obtained. . . . . . . . . . : Thursday, January 30, 2014 4:16:05 PM

        Lease Expires . . . . . . . . . . : Thursday, February 06, 2014 4:16:05 PM

Server:  UnKnown
Address:  192.168.0.1

Name:    google.com.ad.pps.k12.va.us
Address:  92.242.140.2



Pinging google.com [74.125.224.193] with 32 bytes of data:



Reply from 74.125.224.193: bytes=32 time=114ms TTL=55

Reply from 74.125.224.193: bytes=32 time=84ms TTL=55



Ping statistics for 74.125.224.193:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 84ms, Maximum = 114ms, Average = 99ms

Server:  UnKnown
Address:  192.168.0.1

Name:    yahoo.com.ad.pps.k12.va.us
Address:  92.242.140.2



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=95ms TTL=49

Reply from 206.190.36.45: bytes=32 time=131ms TTL=49



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 95ms, Maximum = 131ms, Average = 113ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a 73 8f a6 10 ...... Broadcom 802.11a/b/g WLAN - Packet Scheduler Miniport
0x3 ...00 1a 4b 70 2a b9 ...... Broadcom NetLink ™ Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.100      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.0.0    255.255.255.0    192.168.0.100   192.168.0.100      20
    192.168.0.100  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.0.255  255.255.255.255    192.168.0.100   192.168.0.100      20
        224.0.0.0        240.0.0.0    192.168.0.100   192.168.0.100      20
  255.255.255.255  255.255.255.255    192.168.0.100   192.168.0.100      1
  255.255.255.255  255.255.255.255    192.168.0.100               2      1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/31/2014 02:18:03 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (01/30/2014 06:16:46 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (01/30/2014 11:45:47 AM) (Source: Symantec AntiVirus) (User: NHS-STF-073219)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Event Info:  Open Process
ActionTaken:  Logged
Actor Process:  C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE (PID 3852)
Time:  Thursday, January 30, 2014  11:45:39 AM

Error: (01/30/2014 11:22:14 AM) (Source: Symantec AntiVirus) (User: NHS-STF-073219)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
Event Info:  Open Process
ActionTaken:  Logged
Actor Process:  C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE (PID 3852)
Time:  Thursday, January 30, 2014  11:22:08 AM

Error: (01/30/2014 11:07:33 AM) (Source: Symantec AntiVirus) (User: NHS-STF-073219)
Description: SYMANTEC TAMPER PROTECTION ALERT

Target:  C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Event Info:  Open Process
ActionTaken:  Logged
Actor Process:  C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE (PID 3852)
Time:  Thursday, January 30, 2014  11:07:22 AM

Error: (01/30/2014 10:14:25 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (01/30/2014 10:14:24 AM) (Source: UserInit) (User: )
Description: Could not execute the following script NHS Startup.bat. The system cannot find the file specified.
.

Error: (01/30/2014 10:14:24 AM) (Source: UserInit) (User: )
Description: Could not execute the following script nhs Off 2007 Install.bat. The system cannot find the file specified.
.

Error: (01/30/2014 10:14:24 AM) (Source: UserInit) (User: )
Description: Could not execute the following script Dist Wide Settings.bat. The system cannot find the file specified.
.

Error: (01/30/2014 10:14:08 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.


System errors:
=============
Error: (01/31/2014 06:14:44 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain PPS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (01/31/2014 02:14:38 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain PPS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (01/31/2014 02:07:29 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 959 minutes.
NtpClient has no source of accurate time.

Error: (01/30/2014 10:14:29 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain PPS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (01/30/2014 06:14:23 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain PPS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (01/30/2014 06:03:06 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 479 minutes.
NtpClient has no source of accurate time.

Error: (01/30/2014 02:14:17 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain PPS due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (01/30/2014 02:00:41 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.

Error: (01/30/2014 11:59:49 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Error: (01/30/2014 10:59:29 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.169)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Agere Systems HDA Modem
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ATI Display Driver (Version: 8.45-071218a-058696C-HP)
Big City Adventure: Paris
Big City Adventure: Tokyo
Big Fish: Game Manager (Version: 3.2.0.6)
Christmas Wonderland 3
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
DirectX 9 Runtime (Version: 1.00.0000)
Ignite! Over Network (Version: 4.3.2.1)
Inspiration 9 (Version: 1.0)
InterVideo WinDVD 8 (Version: 8.5.10.54)
Java™ 6 Update 31 (Version: 6.0.310)
kidspiration3 (Version: 1.0)
Mahjong Holidays 2006
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6425.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Moraff's Maximum MahJongg 1.0
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Photo Story 3 for Windows (Version: 3.0.1115.11)
QuickTime (Version: 7.73.80.64)
ReadOutLoud 6 (Version: 6.03.1000)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
RealUpgrade 1.1 (Version: 1.1.0)
RLPrintPlugin (Version: 1.3.14)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.8.0)
Roxio Creator Business (Version: 10.3.56.24)
Roxio Creator Business v10 (Version: 3.8.0)
Roxio Creator Copy (Version: 3.8.0)
Roxio Creator Data (Version: 3.8.0)
Roxio Creator Tools (Version: 3.8.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio MyDVD (Version: 10.1.349)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SUPERAntiSpyware (Version: 5.7.1018)
Symantec Endpoint Protection (Version: 12.1.671.4971)
Synaptics Pointing Device Driver (Version: 10.2.4.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2264107) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2813347-v2) (Version: 2)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 94%
Total physical RAM: 895.23 MB
Available physical RAM: 52.36 MB
Total Pagefile: 2162.72 MB
Available Pagefile: 737.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.09 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:51.76 GB) NTFS
3 Drive e: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.49 GB) FAT

========================= Users: ========================================

User accounts for \\NHS-STF-073219

Administrator            Guest                    HelpAssistant            
martha.langdon           SUPPORT_388945a0         Tim                      


**** End of log ****
 

 

 

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/31/2014 at 05:17 AM

Application Version : 5.7.1018

Core Rules Database Version : 11010
Trace Rules Database Version: 8822

Scan type       : Complete Scan
Total Scan Time : 18:59:20

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 488
Memory threats detected   : 0
Registry items scanned    : 37527
Registry threats detected : 0
File items scanned        : 32180
File threats detected     : 56

Adware.Tracking Cookie
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\BJA246BF.txt [ /pro-market.net ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\LVZ93TB8.txt [ /ads.allscreenhq.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\AMOO8750.txt [ /ads.pubmatic.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\VJXSXFRS.txt [ /serving-sys.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\ML14J1LK.txt [ /media6degrees.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\K0S4WECI.txt [ /saymedia.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\RS2H9LSX.txt [ /realmedia.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\5M4ZCQP2.txt [ /intermundomedia.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\A34HPZOK.txt [ /insightexpressai.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\N26DP4GJ.txt [ /adtech.de ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\HK5XH50S.txt [ /legolas-media.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\K4DSIB3X.txt [ /lucidmedia.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\ZBMQJ81L.txt [ /ads.undertone.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\5X2UGKW1.txt [ /interclick.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\I7JSS4A3.txt [ /questionmarket.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\07SFB0H1.txt [ /advertising.copacet.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\PRL57QWB.txt [ /clicksor.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\RK6Z48JJ.txt [ /247realmedia.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\HK88YN2Q.txt [ /clickshieldfilter.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\FQAYX58W.txt [ /a1.interclick.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\VRQWHAN7.txt [ /network.realmedia.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\2B9OIDDX.txt [ /burstnet.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\KN8G7NN1.txt [ /casalemedia.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\9I6ECJ6O.txt [ /advertising.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\P7KFXPUI.txt [ /www.burstnet.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\6SNX6T61.txt [ /recipesfinder.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\YMN729N5.txt [ /ox-d.cloud9-media.net ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\UWE8SGVM.txt [ /tracking.picadmedia.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\PBPHEK77.txt [ /specificclick.net ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\VB1YHBKW.txt [ /citygridmedia.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\RGSSJIJO.txt [ /adtechus.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\K2NCIMFM.txt [ /doubleclick.net ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\881U7ALN.txt [ /ads.yahoo.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\5721ZB2A.txt [ /toppagefinder.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\1GN08TX3.txt [ /delivery.sradserver.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\5ZZS5ZMN.txt [ /invitemedia.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\3FPJ19U5.txt [ /atdmt.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\158MVD9P.txt [ /delivery.roimediadigital.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\RNDQWF0Z.txt [ /c1.adform.net ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\M7UTDG7Z.txt [ /at.atwola.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\W8T6YX0X.txt [ /ad.360yield.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\6BL3P3C1.txt [ /advertising.copacet.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\XNNL7T2V.txt [ /wtrack.co ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\5DGQ6615.txt [ /imrworldwide.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\7K0QWOEG.txt [ /ads.creative-serving.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\4NQFSAVL.txt [ /ru4.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\KDCZ4YMK.txt [ /lostrabbitmedia.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\G6VW6W27.txt [ /ad.mlnadvertising.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\GDFTLXHP.txt [ /ads.p161.net ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\6IEDQBA5.txt [ /smartadserver.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\2EP00781.txt [ /mediaplex.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\I7SA9482.txt [ /bs.serving-sys.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\HVGTSFK4.txt [ /myroitracking.com ]
    C:\Documents and Settings\martha.langdon.NHS-STF-073219\Cookies\3Z5GT46A.txt [ /creafi-online-media.com ]
    core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\MARTHA.LANGDON.NHS-STF-073219\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NHMWCDPT ]
    static.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MARTHA.LANGDON.NHS-STF-073219\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NHMWCDPT ]
 

 

 

 



BC AdBot (Login to Remove)

 


#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:42 AM

Posted 02 February 2014 - 11:37 AM

Hi Speedo

 

 

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.

Click on the Scan button.

  • AdwCleaner will begin...be patient as the scan may take some time to complete.

After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

After reviewing the log, click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.

Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.

  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.
If you do not know how to do this you can find out >here< or >here<
 
3. Double-click on
 JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.

  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.

  • Copy and paste the contents of JRT.txt in your next reply.
  •  

  • 4. As a final step, update and rescan again with Malwarebytes Anti-Malware.


Edited by DASOS, 02 February 2014 - 11:42 AM.


#3 Speedo420

Speedo420
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 03 February 2014 - 05:33 PM

hi and thanks for your help.  here are the logs......

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/02/2014 11:43:12 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Documents and Settings\martha.langdon.NHS-STF-073219\Application Data\Macromedia\WIN41.exe (PID: 3612) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * System Restore Disabled

   [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
   "DisableSR" = dword:00000001

 * System Restore Disabled

   [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   "DisableSR" = dword:00000001

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
   "EnableFirewall" = dword:00000000

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

 * System Restore Service (srservice) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled

 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Disabled

 * System Restore Filter Driver (sr) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * C:\WINDOWS\System32\sfcfiles.dll : 1,614,848 : 02/13/2013 01:58 PM : 362bc5af8eaf712832c58cc13ae05750 [NoSig]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 02/02/2014 11:55:36 PM
Execution time: 0 hours(s), 12 minute(s), and 24 seconds(s)
 

 

# AdwCleaner v3.018 - Report created 03/02/2014 at 00:08:14
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : martha.langdon - NHS-STF-073219
# Running from : E:\Babyyy\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
Folder Found C:\Documents and Settings\martha.langdon.NHS-STF-073219\Application Data\ValueApps

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [1034 octets] - [03/02/2014 00:08:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1094 octets] ##########
 

 

# AdwCleaner v3.018 - Report created 03/02/2014 at 01:08:10
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : martha.langdon - NHS-STF-073219
# Running from : E:\Babyyy\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\martha.langdon.NHS-STF-073219\Application Data\ValueApps
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [1174 octets] - [03/02/2014 00:08:15]
AdwCleaner[S0].txt - [1113 octets] - [03/02/2014 01:08:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1173 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by martha.langdon on Mon 02/03/2014 at  9:02:10.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish"
Successfully deleted: [Folder] "C:\Documents and Settings\martha.langdon.NHS-STF-073219\Local Settings\Application Data\big fish"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/03/2014 at 12:36:37.20
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

then I tried to run Malwarebytes Anti-Malware, it updated but when I ran the scan I got this message.....

 

"enumerating registry objects prior to scan" and it seems to freeze up



#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:42 AM

Posted 04 February 2014 - 07:02 AM

Hi Speedo
 

"enumerating registry objects prior to scan" and it seems to freeze up

 

Disable Norton!!!
====

 

 

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

====

 

 

I'd like us to scan your machine with ESET OnlineScan

Note:You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Edited by DASOS, 04 February 2014 - 07:29 AM.


#5 Speedo420

Speedo420
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 04 February 2014 - 02:36 PM

Hi, and thanks again.  I'm doing the best I can to disable Norton, the version of Norton on her laptop isn't listed on the link you provided so this is what I tried and did.   Symantec Endpoint Protection is what is on her laptop, These are the steps I took........

 

Select Start => Programs => Symantec Endpoint Protection => Symantec Endpoint Protection.  Then there is a box that says "Enable File System  Auto Protect"  which it seems I should be able to uncheck, but it is greyed out.........so the IT Dept of the School where my wife works must have control of that.   With some more reading I found and tried this....

 

Press Windows button on your keyboard and R at the same time to bring Run window.
    Type cmd and press Enter.
    Type cd c:\ and press Enter.
    Type net stop “symantec antivirus” and press Enter. When it says, “The Symantec Endpoint Protection service was stopped successfully.”, you do the following:
    Press Windows button on your keyboard and R at the same time to bring Run window again.
    Type smc –stop and press Enter. You have now completely closed (killed) the program

 

 

all of that worked, then I ran TDSKiller......but if you have any suggestions when it comes to disabling Norton please let me know.

 

 

 

10:28:36.0687 0x0a1c  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
10:29:00.0921 0x0a1c  ============================================================
10:29:00.0921 0x0a1c  Current date / time: 2014/02/04 10:29:00.0921
10:29:00.0921 0x0a1c  SystemInfo:
10:29:00.0921 0x0a1c  
10:29:00.0921 0x0a1c  OS Version: 5.1.2600 ServicePack: 3.0
10:29:00.0921 0x0a1c  Product type: Workstation
10:29:01.0031 0x0a1c  ComputerName: NHS-STF-073219
10:29:01.0031 0x0a1c  UserName: martha.langdon
10:29:01.0031 0x0a1c  Windows directory: C:\WINDOWS
10:29:01.0031 0x0a1c  System windows directory: C:\WINDOWS
10:29:01.0031 0x0a1c  Processor architecture: Intel x86
10:29:01.0031 0x0a1c  Number of processors: 2
10:29:01.0031 0x0a1c  Page size: 0x1000
10:29:01.0031 0x0a1c  Boot type: Normal boot
10:29:01.0031 0x0a1c  ============================================================
10:30:20.0218 0x0a1c  KLMD registered as C:\WINDOWS\system32\drivers\65699233.sys
10:32:43.0312 0x0a1c  System UUID: {F7C861B0-56B8-53B7-EBB5-55D789F2F056}
10:37:28.0687 0x0a1c  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:41:52.0031 0x0a1c  Drive \Device\Harddisk1\DR2 - Size: 0x3B980000 (0.93 Gb), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:41:52.0093 0x0a1c  ============================================================
10:41:52.0093 0x0a1c  \Device\Harddisk0\DR0:
10:42:14.0625 0x0a1c  MBR partitions:
10:42:14.0625 0x0a1c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
10:42:14.0625 0x0a1c  \Device\Harddisk1\DR2:
10:42:14.0625 0x0a1c  MBR partitions:
10:42:14.0625 0x0a1c  \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x80, BlocksNum 0x1DCB80
10:42:14.0625 0x0a1c  ============================================================
10:42:23.0968 0x0a1c  C: <-> \Device\Harddisk0\DR0\Partition1
10:42:24.0218 0x0a1c  ============================================================
10:42:24.0250 0x0a1c  Initialize success
10:42:24.0250 0x0a1c  ============================================================
10:43:25.0031 0x1d90  ============================================================
10:43:25.0078 0x1d90  Scan started
10:43:25.0078 0x1d90  Mode: Manual;
10:43:25.0078 0x1d90  ============================================================
10:43:25.0078 0x1d90  KSN ping started
10:46:08.0578 0x1d90  KSN ping finished: true
10:46:36.0531 0x1d90  ================ Scan system memory ========================
10:46:37.0765 0x1d90  System memory - ok
10:46:37.0812 0x1d90  ================ Scan services =============================
10:46:42.0781 0x1d90  [ 51F207D5A9E7B2E76BEE59C05CCC23C4, BE78957DD197777D899FAFBBE71E2FDB5DB9AC6AC4F1595A562FD362429BED6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:47:04.0187 0x1d90  !SASCORE - ok
10:54:58.0812 0x1d90  Abiosdsk - ok
10:55:03.0812 0x1d90  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:55:04.0843 0x1d90  abp480n5 - ok
10:55:09.0875 0x1d90  [ 558A0039F0EF634397E1F61055504478, 6E4FDC0FC35F8201F2F2F8E6BAA055ECE8FA0C53A63DA156FFB6CEF03B2979C1 ] Accelerometer   C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
10:55:09.0890 0x1d90  Accelerometer - ok
10:55:10.0343 0x1d90  AClient - ok
10:55:12.0890 0x1d90  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:55:13.0109 0x1d90  ACPI - ok
10:55:37.0187 0x1d90  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:55:37.0359 0x1d90  ACPIEC - ok
10:55:38.0843 0x1d90  [ 4E12C97CBFE99BE15D7680918F9899EC, A82A84BFB8671EEDE4303951254451F53F06D587626C37E03A0AA6C46194FAFE ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
10:55:39.0687 0x1d90  ADIHdAudAddService - ok
10:55:58.0734 0x1d90  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:56:00.0656 0x1d90  adpu160m - ok
10:56:05.0500 0x1d90  [ FFF87A9B1AB36EE4B7BEC98A4CB01B79, EC11E349E6236E7384E689ED8CE2876DD358AF6E820F1D99B7E269AB6998C5D3 ] AEAudio         C:\WINDOWS\system32\drivers\AEAudio.sys
10:56:06.0156 0x1d90  AEAudio - ok
10:56:20.0921 0x1d90  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:56:21.0703 0x1d90  aec - ok
10:57:05.0609 0x1d90  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:57:32.0953 0x1d90  AFD - ok
10:58:08.0453 0x1d90  [ 90456051C422E09BC36E6340DD891F0C, D3D0FFF1A91856A6532C41BB598740870DDD6B32474B8058747F7EE2BEC78E28 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
10:58:10.0062 0x1d90  AgereSoftModem - ok
10:58:15.0437 0x1d90  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
10:58:15.0640 0x1d90  agp440 - ok
10:58:17.0671 0x1d90  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:58:17.0750 0x1d90  agpCPQ - ok
10:58:18.0562 0x1d90  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:58:19.0046 0x1d90  Aha154x - ok
10:58:19.0484 0x1d90  [ A5870BD13893814B1D1B40780ACDF75B, C4AB4DF1023613AACBF112C73EFA54B34D3CB3A635FDF644690811E6ED19670F ] ahcix86         C:\WINDOWS\system32\DRIVERS\ahcix86.sys
10:58:19.0718 0x1d90  ahcix86 - ok
10:58:19.0843 0x1d90  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:58:19.0890 0x1d90  aic78u2 - ok
10:58:20.0734 0x1d90  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:58:20.0765 0x1d90  aic78xx - ok
10:58:21.0703 0x1d90  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:58:25.0296 0x1d90  Alerter - ok
10:58:26.0765 0x1d90  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
10:58:26.0828 0x1d90  ALG - ok
10:58:27.0843 0x1d90  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
10:58:27.0859 0x1d90  AliIde - ok
10:58:29.0078 0x1d90  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:58:29.0296 0x1d90  alim1541 - ok
10:58:30.0281 0x1d90  [ 06112696A1B06692939CF087D1F1C84E, 6E3CDC630F8109D2F4C723B9A3C5BF9E6B58A3C478420384E4C6B2F6615C54BD ] AlKernel        C:\WINDOWS\system32\Drivers\AlKernel.sys
10:58:30.0312 0x1d90  AlKernel - ok
10:58:30.0515 0x1d90  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:58:30.0703 0x1d90  amdagp - ok
10:58:32.0093 0x1d90  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
10:58:32.0171 0x1d90  amsint - ok
10:58:33.0484 0x1d90  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
10:58:39.0046 0x1d90  AppMgmt - ok
10:59:03.0484 0x1d90  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:59:05.0109 0x1d90  Arp1394 - ok
11:00:34.0312 0x1d90  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
11:00:39.0687 0x1d90  asc - ok
11:01:53.0390 0x1d90  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:02:01.0125 0x1d90  asc3350p - ok
11:02:23.0359 0x1d90  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:02:23.0562 0x1d90  asc3550 - ok
11:02:30.0171 0x1d90  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:02:32.0828 0x1d90  aspnet_state - ok
11:02:37.0625 0x1d90  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:02:38.0125 0x1d90  AsyncMac - ok
11:02:54.0531 0x1d90  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:02:54.0968 0x1d90  atapi - ok
11:02:55.0187 0x1d90  Atdisk - ok
11:02:58.0687 0x1d90  [ 8AFB4AFF8837254E6D14338B1B11E690, 3FD6348A204A0728DA4D3D05E8C889026351CA97EEF81349A07671B8C37C8D66 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:02:59.0281 0x1d90  Ati HotKey Poller - ok
11:03:03.0703 0x1d90  [ E14935E999AEC0FBE62844D7CBE57253, 554E8DD9BC4D2367EA4A6B28B5FE37139EB233FB6C6CF21D31A3D70598FFB544 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:03:06.0531 0x1d90  Suspicious file ( Forged ): C:\WINDOWS\system32\DRIVERS\ati2mtag.sys. Real md5: E14935E999AEC0FBE62844D7CBE57253, sha256: 554E8DD9BC4D2367EA4A6B28B5FE37139EB233FB6C6CF21D31A3D70598FFB544, fake md5: D0C00EE032994B698B47837A3561717A, fake sha256: 231372DFC34A87F84FFDD0C02219CB9E83124F0A8798E3B200524327AA6FFBAC
11:03:07.0046 0x1d90  ati2mtag - detected ForgedFile.Multi.Generic ( 1 )
11:03:09.0750 0x1d90  Detect skipped due to KSN trusted
11:03:09.0750 0x1d90  ati2mtag - ok
11:03:10.0062 0x1d90  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:03:10.0171 0x1d90  Atmarpc - ok
11:03:29.0265 0x1d90  [ 69E65A2CE11619F0C868967CA9540B80, 4A2712D0A96070AC362BFA94C69D28BB27DD5658AB90B4BFC7A112CAC8C92DEA ] ATSWPDRV        C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
11:03:29.0328 0x1d90  ATSWPDRV - ok
11:03:41.0468 0x1d90  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:03:47.0000 0x1d90  AudioSrv - ok
11:04:04.0984 0x1d90  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:04:06.0218 0x1d90  audstub - ok
11:05:16.0156 0x1d90  [ EA377A8E8E1000877210259750CBBF5F, 4516FEFB9C253E5A358466D6405772AE6A11674E243DE65438ECAB980EB223C1 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:05:19.0312 0x1d90  b57w2k - ok
11:07:26.0843 0x1d90  [ 37F385A93C620CBE0F89C17E45F697A1, A48B9B03BA482BBC80B39FEE129580F6EE5FCC977E4865A0A8E6102DD65C2867 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
11:07:49.0796 0x1d90  BCM43XX - ok
11:07:59.0765 0x1d90  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:07:59.0843 0x1d90  Beep - ok
11:08:07.0015 0x1d90  [ 6C6AC7CA8A034C15C52B35189BAD58EE, 5BD1F5DEA19150535350D394A406E2FC69CFE28CB2E5AF2862E450469D90D7A4 ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130822.011\BHDrvx86.sys
11:08:08.0250 0x1d90  BHDrvx86 - ok
11:08:11.0234 0x1d90  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:08:16.0609 0x1d90  BITS - ok
11:08:16.0890 0x1d90  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
11:08:20.0687 0x1d90  Browser - ok
11:08:21.0000 0x1d90  [ 57E91E9925976BBC98984EEBAAF1D84C, 7AC67CE1026D589F66C31F9B30D65C4F94EE5F56FA1FE4992023AE31F6D142D2 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
11:08:21.0109 0x1d90  BTWUSB - ok
11:08:22.0109 0x1d90  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:08:22.0203 0x1d90  cbidf - ok
11:08:22.0234 0x1d90  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:08:22.0312 0x1d90  cbidf2k - ok
11:08:22.0875 0x1d90  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:08:22.0937 0x1d90  cd20xrnt - ok
11:08:23.0171 0x1d90  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:08:27.0484 0x1d90  Cdaudio - ok
11:09:34.0343 0x1d90  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:09:35.0953 0x1d90  Cdfs - ok
11:11:12.0203 0x1d90  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:11:14.0609 0x1d90  Cdrom - ok
11:11:20.0328 0x1d90  Changer - ok
11:11:38.0312 0x1d90  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:11:42.0859 0x1d90  CiSvc - ok
11:11:43.0437 0x1d90  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:11:47.0390 0x1d90  ClipSrv - ok
11:11:53.0906 0x1d90  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:12:01.0578 0x1d90  clr_optimization_v2.0.50727_32 - ok
11:13:24.0781 0x1d90  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:13:40.0093 0x1d90  clr_optimization_v4.0.30319_32 - ok
11:14:12.0609 0x1d90  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:14:14.0250 0x1d90  CmBatt - ok
11:14:51.0531 0x1d90  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:14:52.0281 0x1d90  CmdIde - ok
11:16:07.0734 0x1d90  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:16:13.0234 0x1d90  Compbatt - ok
11:16:25.0906 0x1d90  COMSysApp - ok
11:16:40.0906 0x1d90  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:16:41.0312 0x1d90  Cpqarray - ok
11:16:43.0750 0x1d90  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:16:48.0093 0x1d90  CryptSvc - ok
11:16:56.0031 0x1d90  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:16:56.0656 0x1d90  dac2w2k - ok
11:16:59.0093 0x1d90  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:16:59.0171 0x1d90  dac960nt - ok
11:17:07.0171 0x1d90  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:17:07.0578 0x1d90  DcomLaunch - ok
11:17:08.0718 0x1d90  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:17:08.0765 0x1d90  Dhcp - ok
11:17:10.0156 0x1d90  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:17:10.0281 0x1d90  Disk - ok
11:17:10.0312 0x1d90  dmadmin - ok
11:17:14.0609 0x1d90  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:17:15.0343 0x1d90  dmboot - ok
11:17:16.0000 0x1d90  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:17:16.0203 0x1d90  dmio - ok
11:17:16.0593 0x1d90  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:17:16.0828 0x1d90  dmload - ok
11:17:17.0218 0x1d90  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:17:28.0140 0x1d90  dmserver - ok
11:17:42.0234 0x1d90  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:17:42.0640 0x1d90  DMusic - ok
11:17:47.0953 0x1d90  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:17:55.0421 0x1d90  Dnscache - ok
11:18:13.0343 0x1d90  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:18:17.0140 0x1d90  Dot3svc - ok
11:18:19.0859 0x1d90  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:18:20.0078 0x1d90  dpti2o - ok
11:18:20.0781 0x1d90  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:18:20.0843 0x1d90  drmkaud - ok
11:18:21.0593 0x1d90  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:18:23.0390 0x1d90  EapHost - ok
11:18:36.0812 0x1d90  [ 08EE8892FD19A6A951F40254E97F6EF3, 76F19B49DDC7B1CD7839BF0DF6A417F2DD756C924931F39291BC1D25A3C6077D ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:18:37.0593 0x1d90  eeCtrl - ok
11:18:44.0031 0x1d90  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:18:53.0953 0x1d90  ERSvc - ok
11:20:06.0250 0x1d90  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
11:20:10.0812 0x1d90  Eventlog - ok
11:20:31.0625 0x1d90  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
11:20:32.0203 0x1d90  EventSystem - ok
11:20:35.0046 0x1d90  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:20:36.0078 0x1d90  Fastfat - ok
11:20:46.0734 0x1d90  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:20:46.0968 0x1d90  FastUserSwitchingCompatibility - ok
11:20:49.0250 0x1d90  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:20:49.0406 0x1d90  Fdc - ok
11:20:57.0437 0x1d90  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:20:57.0531 0x1d90  Fips - ok
11:21:09.0859 0x1d90  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:21:09.0921 0x1d90  Flpydisk - ok
11:21:10.0937 0x1d90  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:21:11.0046 0x1d90  FltMgr - ok
11:21:13.0093 0x1d90  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:21:20.0609 0x1d90  FontCache3.0.0.0 - ok
11:21:21.0843 0x1d90  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:21:22.0687 0x1d90  Fs_Rec - ok
11:21:40.0343 0x1d90  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:21:40.0781 0x1d90  Ftdisk - ok
11:21:46.0171 0x1d90  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:21:46.0546 0x1d90  Gpc - ok
11:21:48.0828 0x1d90  [ FC657B7751729EFE54E2FF24F50E5BAB, 188EA03EE0E787E4820FE21E1143047E65D2B875081AD33829731FD929B9C599 ] HBtnKey         C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
11:21:49.0140 0x1d90  HBtnKey - ok
11:22:54.0265 0x1d90  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:22:56.0359 0x1d90  HDAudBus - ok
11:23:14.0781 0x1d90  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:23:22.0500 0x1d90  helpsvc - ok
11:23:22.0531 0x1d90  HidServ - ok
11:23:23.0750 0x1d90  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:23:23.0968 0x1d90  hidusb - ok
11:23:26.0109 0x1d90  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:23:28.0937 0x1d90  hkmsvc - ok
11:23:31.0359 0x1d90  [ 5953C0952E4DD2B25B9ADEF05AB0285C, 27ACB32EDF5AEF787A3FF453A2B66B7206BAD1A178FAD6AEFFCA7D3952AA446D ] hpdskflt        C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
11:23:31.0750 0x1d90  hpdskflt - ok
11:24:14.0531 0x1d90  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
11:24:15.0156 0x1d90  hpn - ok
11:24:26.0375 0x1d90  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:24:26.0671 0x1d90  HTTP - ok
11:24:26.0953 0x1d90  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:24:30.0156 0x1d90  HTTPFilter - ok
11:24:31.0984 0x1d90  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
11:24:32.0062 0x1d90  i2omgmt - ok
11:24:32.0687 0x1d90  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:24:32.0812 0x1d90  i2omp - ok
11:25:20.0031 0x1d90  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:25:23.0515 0x1d90  i8042prt - ok
11:25:32.0515 0x1d90  [ 287FD6BE9A9938F103789CE0267B7980, 868EE22F52F1939FAA4BAECDBF9CF10D792B5F4E2FC53F45C67E7598D074C7BD ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:25:33.0312 0x1d90  iaStor - ok
11:26:25.0984 0x1d90  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:26:53.0343 0x1d90  idsvc - ok
11:27:25.0937 0x1d90  [ 91C5E9F49F32110CED27E2F902FAD607, 9B5F1B0996FA7E92DF02214470C77046BF35F13E21CA4AEFC2019B1191248A5E ] IFXTPM          C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
11:27:28.0203 0x1d90  IFXTPM - ok
11:27:30.0437 0x1d90  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:27:31.0359 0x1d90  Imapi - ok
11:27:32.0328 0x1d90  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:27:36.0328 0x1d90  ImapiService - ok
11:27:38.0218 0x1d90  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:27:38.0546 0x1d90  ini910u - ok
11:27:39.0343 0x1d90  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:27:39.0515 0x1d90  IntelIde - ok
11:27:39.0921 0x1d90  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:27:40.0250 0x1d90  Ip6Fw - ok
11:27:45.0296 0x1d90  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:27:45.0578 0x1d90  IpFilterDriver - ok
11:27:48.0609 0x1d90  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:27:48.0734 0x1d90  IpInIp - ok
11:27:48.0890 0x1d90  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:27:48.0937 0x1d90  IpNat - ok
11:27:49.0015 0x1d90  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:27:49.0078 0x1d90  IPSec - ok
11:27:49.0171 0x1d90  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:27:49.0281 0x1d90  IRENUM - ok
11:27:50.0265 0x1d90  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:27:50.0375 0x1d90  isapnp - ok
11:27:51.0703 0x1d90  [ 4AC11B2250106774F694DF2DB4FFED61, 99D0FF40CE5B6BCB46966770B0BC1C9FED9FF23D2635B2C9B1B148BE83B395AA ] Iviaspi         C:\WINDOWS\system32\drivers\iviaspi.sys
11:27:51.0906 0x1d90  Iviaspi - ok
11:27:57.0015 0x1d90  [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
11:28:14.0921 0x1d90  IviRegMgr - ok
11:28:30.0531 0x1d90  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:28:35.0578 0x1d90  Kbdclass - ok
11:29:11.0781 0x1d90  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:29:12.0531 0x1d90  kbdhid - ok
11:29:16.0968 0x1d90  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:29:17.0171 0x1d90  kmixer - ok
11:29:22.0531 0x1d90  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:29:23.0437 0x1d90  KSecDD - ok
11:29:35.0937 0x1d90  [ 6EFBC82722D0F7B35283993189ECE9D0, C992072A3248C35C5C46E0CCD463C60C6376E7E17AA67BAFF8260C200DC47900 ] KSS             C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
11:29:37.0546 0x1d90  KSS - ok
11:29:46.0796 0x1d90  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
11:29:54.0609 0x1d90  LanmanServer - ok
11:29:58.0359 0x1d90  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:29:59.0906 0x1d90  lanmanworkstation - ok
11:29:59.0906 0x1d90  lbrtfdc - ok
11:30:12.0718 0x1d90  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:30:16.0828 0x1d90  LmHosts - ok
11:31:11.0578 0x1d90  [ 0DB7527DB188C7D967A37BB51BBF3963, 3812E26626EC49BE61B0B8DA5FE6E838C0FEF8A08363C239F64E6CCA0BA949D5 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
11:31:18.0312 0x1d90  MBAMSwissArmy - ok
11:31:51.0734 0x1d90  [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
11:31:58.0359 0x1d90  MDM - ok
11:31:58.0656 0x1d90  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:32:03.0578 0x1d90  Messenger - ok
11:32:15.0562 0x1d90  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:32:15.0953 0x1d90  mnmdd - ok
11:32:29.0906 0x1d90  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:32:40.0546 0x1d90  mnmsrvc - ok
11:32:44.0000 0x1d90  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:32:44.0500 0x1d90  Modem - ok
11:32:44.0734 0x1d90  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:32:44.0906 0x1d90  Mouclass - ok
11:32:45.0187 0x1d90  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:32:45.0343 0x1d90  mouhid - ok
11:32:45.0562 0x1d90  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:32:45.0843 0x1d90  MountMgr - ok
11:32:46.0031 0x1d90  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:32:46.0562 0x1d90  mraid35x - ok
11:32:46.0765 0x1d90  [ E3F17E1EA5256709D4E97EF0DA04B3C9, B66A393D2D7DAFB67A8FEE21D3D6F7BA6FDFEE9FB1A8191F226A7FA4844B5880 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:32:47.0437 0x1d90  MRxDAV - ok
11:32:49.0281 0x1d90  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:32:50.0171 0x1d90  MRxSmb - ok
11:32:50.0687 0x1d90  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:32:51.0250 0x1d90  MSDTC - ok
11:32:52.0078 0x1d90  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:32:52.0218 0x1d90  Msfs - ok
11:32:52.0296 0x1d90  MSIServer - ok
11:32:55.0250 0x1d90  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:32:55.0421 0x1d90  MSKSSRV - ok
11:32:55.0671 0x1d90  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:32:56.0140 0x1d90  MSPCLOCK - ok
11:32:57.0937 0x1d90  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:32:58.0062 0x1d90  MSPQM - ok
11:32:58.0343 0x1d90  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:32:58.0421 0x1d90  mssmbios - ok
11:32:59.0187 0x1d90  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:32:59.0500 0x1d90  Mup - ok
11:33:00.0140 0x1d90  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:33:03.0437 0x1d90  napagent - ok
11:33:09.0718 0x1d90  [ 81E928EE3751FAF725C87CC17726C05D, 8AB84270DCB35F239B00FA4B9AC90E9520967B8188085D897F28E994CBF911FB ] NAVENG          C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20140201.002\NAVENG.SYS
11:33:09.0828 0x1d90  NAVENG - ok
11:33:12.0421 0x1d90  [ E0C39FA6C76AE8ED53ABF043F35ECDFF, CD2F87D3CB64F3362508D1855B24F40F1C44CF4132E3626971CCF4E7C49E61D6 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20140201.002\NAVEX15.SYS
11:33:14.0093 0x1d90  NAVEX15 - ok
11:33:14.0375 0x1d90  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:33:14.0843 0x1d90  NDIS - ok
11:33:34.0515 0x1d90  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:33:34.0921 0x1d90  NdisTapi - ok
11:33:58.0484 0x1d90  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:33:58.0609 0x1d90  Ndisuio - ok
11:34:02.0187 0x1d90  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:34:02.0781 0x1d90  NdisWan - ok
11:34:03.0046 0x1d90  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:34:04.0250 0x1d90  NDProxy - ok
11:34:04.0906 0x1d90  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:34:05.0562 0x1d90  NetBIOS - ok
11:34:05.0953 0x1d90  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:34:06.0093 0x1d90  NetBT - ok
11:34:15.0937 0x1d90  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:34:29.0359 0x1d90  NetDDE - ok
11:34:39.0562 0x1d90  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:34:39.0578 0x1d90  NetDDEdsdm - ok
11:34:42.0421 0x1d90  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:34:42.0656 0x1d90  Netlogon - ok
11:34:47.0609 0x1d90  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
11:34:47.0953 0x1d90  Netman - ok
11:34:57.0625 0x1d90  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:35:02.0921 0x1d90  NetTcpPortSharing - ok
11:35:49.0156 0x1d90  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:35:52.0953 0x1d90  NIC1394 - ok
11:36:12.0093 0x1d90  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:36:22.0625 0x1d90  Nla - ok
11:36:31.0515 0x1d90  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:36:32.0734 0x1d90  Npfs - ok
11:37:12.0171 0x1d90  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:37:13.0109 0x1d90  Ntfs - ok
11:37:13.0328 0x1d90  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:37:14.0281 0x1d90  NtLmSsp - ok
11:37:19.0312 0x1d90  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:37:26.0531 0x1d90  NtmsSvc - ok
11:37:28.0062 0x1d90  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:37:28.0437 0x1d90  Null - ok
11:37:47.0781 0x1d90  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:37:48.0968 0x1d90  NwlnkFlt - ok
11:38:34.0484 0x1d90  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:39:06.0312 0x1d90  NwlnkFwd - ok
11:40:05.0515 0x1d90  [ 1F0E05DFF4F5A833168E49BE1256F002, A858267572033C185293B0FD15B2BFDA679D0771A14C0ADF24461B529DBAD8DF ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:40:20.0031 0x1d90  odserv - ok
11:40:25.0468 0x1d90  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:40:25.0812 0x1d90  ohci1394 - ok
11:40:27.0484 0x1d90  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:40:34.0765 0x1d90  ose - ok
11:40:54.0156 0x1d90  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:40:54.0390 0x1d90  Parport - ok
11:40:57.0875 0x1d90  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:40:57.0890 0x1d90  PartMgr - ok
11:40:58.0765 0x1d90  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:41:00.0687 0x1d90  ParVdm - ok
11:41:01.0375 0x1d90  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:41:01.0546 0x1d90  PCI - ok
11:41:01.0718 0x1d90  PCIDump - ok
11:41:01.0859 0x1d90  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:41:02.0046 0x1d90  PCIIde - ok
11:41:06.0421 0x1d90  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:41:07.0062 0x1d90  Pcmcia - ok
11:41:07.0234 0x1d90  PDCOMP - ok
11:41:07.0234 0x1d90  PDFRAME - ok
11:41:07.0250 0x1d90  PDRELI - ok
11:41:07.0250 0x1d90  PDRFRAME - ok
11:42:31.0187 0x1d90  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
11:42:34.0750 0x1d90  perc2 - ok
11:42:55.0140 0x1d90  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:42:55.0265 0x1d90  perc2hib - ok
11:43:03.0046 0x1d90  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:43:03.0406 0x1d90  PlugPlay - ok
11:43:05.0109 0x1d90  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:43:05.0171 0x1d90  PolicyAgent - ok
11:43:17.0671 0x1d90  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:43:18.0265 0x1d90  PptpMiniport - ok
11:43:20.0046 0x1d90  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
11:43:20.0125 0x1d90  Processor - ok
11:43:20.0218 0x1d90  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:43:20.0265 0x1d90  ProtectedStorage - ok
11:43:30.0125 0x1d90  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:43:30.0453 0x1d90  PSched - ok
11:43:35.0187 0x1d90  [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2       C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
11:43:44.0515 0x1d90  PSI_SVC_2 - ok
11:44:02.0406 0x1d90  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:44:02.0515 0x1d90  Ptilink - ok
11:44:02.0640 0x1d90  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:44:02.0718 0x1d90  PxHelp20 - ok
11:44:02.0843 0x1d90  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:44:03.0046 0x1d90  ql1080 - ok
11:44:03.0250 0x1d90  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:44:03.0312 0x1d90  Ql10wnt - ok
11:44:03.0406 0x1d90  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:44:03.0421 0x1d90  ql12160 - ok
11:44:03.0500 0x1d90  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:44:03.0531 0x1d90  ql1240 - ok
11:44:03.0625 0x1d90  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:44:03.0671 0x1d90  ql1280 - ok
11:44:03.0796 0x1d90  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:44:03.0828 0x1d90  RasAcd - ok
11:44:03.0906 0x1d90  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:44:04.0593 0x1d90  RasAuto - ok
11:44:04.0921 0x1d90  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:44:04.0968 0x1d90  Rasl2tp - ok
11:44:05.0734 0x1d90  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:44:06.0140 0x1d90  RasMan - ok
11:44:06.0312 0x1d90  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:44:06.0328 0x1d90  RasPppoe - ok
11:44:06.0359 0x1d90  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:44:06.0406 0x1d90  Raspti - ok
11:44:06.0468 0x1d90  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:44:06.0562 0x1d90  Rdbss - ok
11:44:06.0593 0x1d90  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:44:06.0609 0x1d90  RDPCDD - ok
11:44:06.0671 0x1d90  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:44:06.0734 0x1d90  rdpdr - ok
11:44:06.0875 0x1d90  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:44:07.0531 0x1d90  RDPWD - ok
11:44:07.0640 0x1d90  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:44:09.0703 0x1d90  RDSessMgr - ok
11:44:10.0203 0x1d90  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
11:44:13.0062 0x1d90  RealNetworks Downloader Resolver Service - ok
11:44:20.0062 0x1d90  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:44:20.0484 0x1d90  redbook - ok
11:44:22.0000 0x1d90  [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi            C:\WINDOWS\system32\drivers\regi.sys
11:44:22.0281 0x1d90  regi - ok
11:44:24.0453 0x1d90  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:44:25.0437 0x1d90  RemoteAccess - ok
11:44:25.0687 0x1d90  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:44:27.0125 0x1d90  RemoteRegistry - ok
11:44:47.0468 0x1d90  [ D2D4D149AB1F6EE7EB0A7AFCE47A66E0, 4EB6B80F6D795E7D268CB36AD33BBBD8436B6D0AD8DB35BB60B10205292DF0BF ] RoxMediaDB10    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
11:45:18.0750 0x1d90  RoxMediaDB10 - ok
11:46:32.0906 0x1d90  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:46:46.0796 0x1d90  RpcLocator - ok
11:46:58.0468 0x1d90  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:46:58.0812 0x1d90  RpcSs - ok
11:47:08.0125 0x1d90  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:47:44.0125 0x1d90  RSVP - ok
11:48:13.0953 0x1d90  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:48:16.0875 0x1d90  SamSs - ok
11:48:54.0640 0x1d90  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:49:19.0062 0x1d90  SASDIFSV - ok
11:49:48.0781 0x1d90  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:49:50.0296 0x1d90  SASKUTIL - ok
11:49:54.0890 0x1d90  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:50:43.0906 0x1d90  SCardSvr - ok
11:52:06.0437 0x1d90  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:52:28.0468 0x1d90  Schedule - ok
11:52:47.0250 0x1d90  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:52:48.0625 0x1d90  Secdrv - ok
11:53:07.0781 0x1d90  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:53:11.0937 0x1d90  seclogon - ok
11:53:17.0671 0x1d90  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
11:53:17.0718 0x1d90  SENS - ok
11:53:28.0171 0x1d90  [ 7E2C360B6CC0D87B8EF38439B53DFC71, 7DE9BC8A76AFCF30B079C8198A237DED48CD0EED72C2E85B14294C317B3CE0A6 ] SepMasterService C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
11:53:28.0343 0x1d90  SepMasterService - ok
11:53:28.0406 0x1d90  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:53:28.0671 0x1d90  serenum - ok
11:53:28.0750 0x1d90  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:53:28.0781 0x1d90  Serial - ok
11:53:29.0484 0x1d90  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:53:32.0484 0x1d90  Sfloppy - ok
11:53:32.0828 0x1d90  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:53:35.0906 0x1d90  SharedAccess - ok
11:53:37.0234 0x1d90  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:53:37.0562 0x1d90  ShellHWDetection - ok
11:53:37.0578 0x1d90  Simbad - ok
11:53:37.0734 0x1d90  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:53:37.0859 0x1d90  sisagp - ok
11:54:35.0656 0x1d90  [ 9FFFEA13A6181F1A92EDBF023CDB6EFD, D8C7067DF834330DA87B2BCBB64EE811C7F8A90F20437FE52DD2EA5998D3F4C5 ] SmcService      C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
11:54:41.0359 0x1d90  SmcService - ok
11:54:50.0750 0x1d90  [ C83D26A2F51D8887B99ACF86B7299716, D7DDFB232D1CBC0A7A44A5283F2979F4FC6D50D6497FFFBE3EFAE53545C56243 ] SNAC            C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe
11:55:00.0828 0x1d90  SNAC - ok
11:55:04.0421 0x1d90  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:55:05.0453 0x1d90  Sparrow - ok
11:55:10.0703 0x1d90  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:55:11.0156 0x1d90  splitter - ok
11:55:14.0984 0x1d90  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:55:19.0281 0x1d90  Spooler - ok
11:56:10.0234 0x1d90  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:56:14.0078 0x1d90  sr - ok
11:56:50.0484 0x1d90  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:56:56.0390 0x1d90  srservice - ok
11:58:22.0046 0x1d90  [ D1646B3DB1E401A7FCE2F82547D0CE32, B18BD583CDC0F6C78C1F35F5A30FE4D11E7DE36549C3DDCE43B11064E5069CCE ] SRTSP           C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS
11:58:25.0734 0x1d90  SRTSP - ok
11:59:08.0421 0x1d90  [ AB26657D755CC81F073892D833DE426B, 0BA6E8C7B7B3F827917692BE78BB65375B421C753177B35DC9654F80EC079EF3 ] SRTSPX          C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS
11:59:14.0171 0x1d90  SRTSPX - ok
11:59:23.0968 0x1d90  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:59:51.0500 0x1d90  Srv - ok
12:00:21.0062 0x1d90  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:00:39.0312 0x1d90  SSDPSRV - ok
12:02:01.0437 0x1d90  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:02:11.0546 0x1d90  stisvc - ok
12:02:17.0093 0x1d90  [ AD989072596AB313D7FA13BCF69573F7, 99EC6744DF8571F52C931C743A48E0275EF155AA825CA083A84BE369CBF00622 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:02:18.0484 0x1d90  stllssvr - ok
12:02:21.0000 0x1d90  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:02:21.0515 0x1d90  swenum - ok
12:02:22.0125 0x1d90  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:02:22.0234 0x1d90  swmidi - ok
12:02:22.0343 0x1d90  SwPrv - ok
12:02:24.0187 0x1d90  [ 10349D3C68E7FF0527FDB1A55975999D, 4DCF30872B25356079C120B288C8D29B7781805028623598635FDF2EF4C75CBC ] SyDvCtrl        C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys
12:02:25.0687 0x1d90  SyDvCtrl - ok
12:02:33.0921 0x1d90  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
12:02:34.0109 0x1d90  symc810 - ok
12:02:35.0656 0x1d90  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:02:35.0890 0x1d90  symc8xx - ok
12:02:37.0921 0x1d90  [ 4F52D56310FEF75249914F352DDE7D13, CA2744F37867E1D436C25A349C096384FCD6E67D773AA900058468B48C5EF91C ] SymDS           C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS
12:02:38.0343 0x1d90  SymDS - ok
12:02:39.0609 0x1d90  [ 6C30D676B806ED0324124C85146B46BC, 33AADEB74E2CB3195FF4B4BA61C92013325D19E0B8ED477E04E18594EA5ACFC6 ] SymEFA          C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS
12:02:40.0046 0x1d90  SymEFA - ok
12:02:40.0218 0x1d90  [ 98D28D08E68145FB550EE7670B43BAF2, 57FF6A6A280F4F468346927C3E4FC54C513A6E2705A4BFE83E4FA8042A1575A1 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:02:40.0375 0x1d90  SymEvent - ok
12:03:26.0703 0x1d90  [ 057AC299D7A61BAB2A1BDC483280AE57, 66987F5111082201BBAE163FD81C8DF886EC37A42883819D5CDE91D84C0EA0C7 ] SymIRON         C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS
12:03:29.0343 0x1d90  SymIRON - ok
12:03:42.0296 0x1d90  [ 336CACE58F0359D5CBB1AE6B8A2FB205, 219B021EBFBE02E6B56D406C10AEB76CC9812860CBAE9334948A89399068207E ] SYMTDI          C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDI.SYS
12:03:43.0234 0x1d90  SYMTDI - ok
12:03:43.0984 0x1d90  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:03:44.0328 0x1d90  sym_hi - ok
12:03:47.0296 0x1d90  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:03:47.0609 0x1d90  sym_u3 - ok
12:05:32.0671 0x1d90  [ 13E0D1974CE03E88C265A68325CB16DE, 010A15C35AC7966AEC8CD684F508D441454B375608E663A9813D5598E691D767 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:05:36.0937 0x1d90  SynTP - ok
12:05:55.0640 0x1d90  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:05:55.0890 0x1d90  sysaudio - ok
12:05:59.0765 0x1d90  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:06:13.0796 0x1d90  SysmonLog - ok
12:06:23.0406 0x1d90  [ 853E08AB8078B2D36EC157ACB9BB0D55, 917EF00305B9F0664483F6F2120BA354CB43F59A5412BA225A110C643D1EE935 ] SysPlant        C:\WINDOWS\system32\Drivers\SysPlant.sys
12:06:37.0406 0x1d90  SysPlant - ok
12:08:19.0937 0x1d90  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:08:45.0703 0x1d90  TapiSrv - ok
12:09:08.0796 0x1d90  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:09:10.0015 0x1d90  Tcpip - ok
12:09:10.0593 0x1d90  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:09:15.0140 0x1d90  TDPIPE - ok
12:09:17.0531 0x1d90  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:09:18.0234 0x1d90  TDTCP - ok
12:09:18.0421 0x1d90  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:09:18.0656 0x1d90  TermDD - ok
12:09:19.0531 0x1d90  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
12:09:58.0796 0x1d90  TermService - ok
12:10:26.0593 0x1d90  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:10:35.0828 0x1d90  Themes - ok
12:11:45.0125 0x1d90  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
12:11:59.0765 0x1d90  TlntSvr - ok
12:12:20.0406 0x1d90  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
12:12:22.0015 0x1d90  TosIde - ok
12:12:33.0156 0x1d90  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:12:37.0171 0x1d90  TrkWks - ok
12:12:51.0781 0x1d90  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:12:57.0468 0x1d90  Udfs - ok
12:12:59.0718 0x1d90  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
12:13:00.0171 0x1d90  ultra - ok
12:14:43.0046 0x1d90  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:14:45.0421 0x1d90  Update - ok
12:15:00.0343 0x1d90  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:15:06.0765 0x1d90  upnphost - ok
12:15:07.0984 0x1d90  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
12:15:15.0796 0x1d90  UPS - ok
12:15:41.0562 0x1d90  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:15:43.0296 0x1d90  usbehci - ok
12:15:52.0906 0x1d90  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:15:53.0125 0x1d90  usbhub - ok
12:15:54.0250 0x1d90  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:15:55.0062 0x1d90  usbohci - ok
12:15:55.0250 0x1d90  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:15:55.0421 0x1d90  USBSTOR - ok
12:15:58.0984 0x1d90  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:15:59.0812 0x1d90  VgaSave - ok
12:16:00.0515 0x1d90  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:16:00.0921 0x1d90  viaagp - ok
12:16:03.0062 0x1d90  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
12:16:03.0218 0x1d90  ViaIde - ok
12:16:05.0687 0x1d90  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:16:05.0953 0x1d90  VolSnap - ok
12:16:08.0125 0x1d90  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
12:16:19.0515 0x1d90  VSS - ok
12:16:20.0187 0x1d90  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
12:16:21.0859 0x1d90  W32Time - ok
12:16:24.0062 0x1d90  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:16:24.0109 0x1d90  Wanarp - ok
12:16:24.0171 0x1d90  WDICA - ok
12:16:24.0609 0x1d90  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:16:24.0984 0x1d90  wdmaud - ok
12:16:25.0093 0x1d90  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:16:44.0484 0x1d90  WebClient - ok
12:16:58.0109 0x1d90  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:17:02.0625 0x1d90  winmgmt - ok
12:17:59.0984 0x1d90  [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
12:18:25.0421 0x1d90  WinRM - ok
12:19:06.0343 0x1d90  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:19:20.0453 0x1d90  WmdmPmSN - ok
12:19:29.0734 0x1d90  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
12:19:30.0562 0x1d90  Wmi - ok
12:19:37.0156 0x1d90  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:19:38.0281 0x1d90  WmiAcpi - ok
12:19:39.0703 0x1d90  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:19:44.0906 0x1d90  WmiApSrv - ok
12:19:47.0718 0x1d90  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:19:49.0750 0x1d90  WMPNetworkSvc - ok
12:20:43.0156 0x1d90  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:20:54.0203 0x1d90  WPFFontCache_v0400 - ok
12:21:39.0718 0x1d90  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:21:57.0265 0x1d90  wscsvc - ok
12:23:57.0218 0x1d90  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:24:12.0796 0x1d90  wuauserv - ok
12:24:48.0125 0x1d90  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:24:52.0218 0x1d90  WudfPf - ok
12:25:03.0359 0x1d90  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:25:03.0828 0x1d90  WudfRd - ok
12:25:16.0765 0x1d90  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:25:20.0187 0x1d90  WudfSvc - ok
12:26:48.0734 0x1d90  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:26:57.0968 0x1d90  WZCSVC - ok
12:27:04.0640 0x1d90  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:27:39.0390 0x1d90  xmlprov - ok
12:27:39.0640 0x1d90  ================ Scan global ===============================
12:28:13.0609 0x1d90  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
12:28:20.0453 0x1d90  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:28:20.0828 0x1d90  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:28:21.0000 0x1d90  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
12:28:21.0078 0x1d90  [ Global ] - ok
12:28:21.0078 0x1d90  ================ Scan MBR ==================================
12:28:21.0296 0x1d90  [ C9BF916068238D16F510107A5AD6B482 ] \Device\Harddisk0\DR0
12:38:02.0500 0x1d90  \Device\Harddisk0\DR0 - ok
12:38:04.0562 0x1d90  [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk1\DR2
12:38:08.0703 0x1d90  \Device\Harddisk1\DR2 - ok
12:38:08.0828 0x1d90  ================ Scan VBR ==================================
12:38:53.0406 0x1d90  [ 60F43909A6DDFE987710A0256AFC6D02 ] \Device\Harddisk0\DR0\Partition1
12:38:58.0390 0x1d90  \Device\Harddisk0\DR0\Partition1 - ok
12:38:58.0500 0x1d90  [ CD110223B2B2B68666D9590D716B78A9 ] \Device\Harddisk1\DR2\Partition1
12:38:58.0500 0x1d90  \Device\Harddisk1\DR2\Partition1 - ok
12:39:21.0734 0x1d90  AV detected via SS1: Symantec Endpoint Protection, 12.1.671.4971, enabled, updated
12:39:23.0250 0x1d90  Win FW state via NFM: enabled
12:39:50.0968 0x1d90  ============================================================
12:39:50.0968 0x1d90  Scan finished
12:39:50.0968 0x1d90  ============================================================
12:39:55.0765 0x1130  Detected object count: 0
12:39:55.0765 0x1130  Actual detected object count: 0
 

 

I followed your directions for ESET OnlineScan, it got about 50% of downloading the updates when I got this message,

 

Unexpected error 101



#6 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:42 AM

Posted 04 February 2014 - 05:00 PM

You’re welcome!

 

Please try ESET again.

 

Some AV's affect ESET, change step 8
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

====

 

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit). 64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u51-windows-i586.exe (or jre-7u51-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.



-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
    

====

 

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date! 

 

please post the eset log, and how is your comp running.

 

Stelios 



#7 Speedo420

Speedo420
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 04 February 2014 - 07:10 PM

sorry I can't get the eset to run, the computer is so so slow.  there is still 30 or so copies of dllhost.exe running in the processes when I use the task manager to try and see why it is so slow..  it takes over 30 to 40 minutes for IE to load.  I will keep trying.....


Edited by Speedo420, 05 February 2014 - 02:14 AM.


#8 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:42 AM

Posted 05 February 2014 - 02:31 AM

Hi

Please reboot your computer in SafeMode by doing the following:
  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
  • Select the first option, to run Windows in Safe Mode with network.
  • If you have trouble getting into Safe mode go http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
  • <--link to tutorial
====
now try to update and rescan again with Malwarebytes Anti-Malware
also try ESET.

#9 Speedo420

Speedo420
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 05 February 2014 - 11:25 AM

grrrrrr..........F8 didn't seem to work, it took me through the steps but but wouldn't go into Safe Mode cuz in order to use the laptop you must sign into the network even at home.  I hope that makes sense.  

 

so I followed the directions and used msconfig, hoping that would be away around it.   so much for that, it now has me in constant loop.......with the laptop wanting to boot into the Safe Mode but the network not letting it,  it keeps booting over an over.....so I'm having my wife take it back to school and let them re-image it.  

 

thanks again for you help!!



#10 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:42 AM

Posted 05 February 2014 - 11:43 AM

You welcome!

 

Sorry for that, and good luck! :thumbup2:  

 

 

Stelios






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users