Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe appearing in C:\Windows\Temp\


  • Please log in to reply
13 replies to this topic

#1 dantal33

dantal33

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 13 November 2014 - 07:54 AM

Every time I boot up I see over 10 svchost.exe processes in Task Manager. After searching on the web I checked each one of them and all are running in C:\Windows\System32 except one which is running in C:\Windows\Temp\. I believe this means that it is a virus/malware. 

 

Each time my laptop boots up the process in the temp directory starts up. I've tried killing it and deleting from the directory (has to be done very quickly), but it just keeps coming back.

 

I have both Malwarebytes Anti-Malware and Avast. MBAM once in a while finds the process and also a registry entry, but for both when I select quarantine they just come back next time and MBAM finds them again. Avast sometimes finds the process on startup (multiple times) and alerts that it has deleted the first time and then ignores.

 

Can anyone help with confirming if this is in fact and issue and, if so, getting rid of it once and for all?


Edited by dantal33, 13 November 2014 - 10:38 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:53 PM

Posted 13 November 2014 - 11:52 AM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"



p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 13 November 2014 - 09:52 PM

Hi,

 

Thanks for your help. Here is the log from Security Check

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Symantec Endpoint Protection   
avast! Antivirus               
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 24  
 Java 7 Update 21  
 Java™ SE Development Kit 6 Update 24 
 Java SE Development Kit 7 Update 21 
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 


#4 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 13 November 2014 - 09:54 PM

Here is the log from Farbar Service Scanner:

 

Farbar Service Scanner Version: 21-07-2014
Ran by DANIELTA (administrator) on 14-11-2014 at 04:53:39
Running from "C:\Users\Danielta\Desktop"
Microsoft Windows 7 Enterprise  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=DWORD:1
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#5 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 13 November 2014 - 09:56 PM

Here are the results from MiniToolBox:

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by DANIELTA (administrator) on 14-11-2014 at 04:55:28
Running from "C:\Users\Danielta\Desktop"
Microsoft Windows 7 Enterprise  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
ProxyServer: genproxy:8080
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
#127.0.0.1 activation.cloud.techsmith.com
#127.0.0.1 activation.cloud.techsmith.com
 
========================= IP Configuration: ================================
 
Intel® Centrino® Advanced-N 6205 = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Hardware not present)
Cisco Systems VPN Adapter for 64-bit Windows = Local Area Connection 2 (Hardware not present)
Array Networks SSL VPN Adapter = Local Area Connection 4 (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Hardware not present)
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Bluetooth Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 4" forwarding=disabled advertise=disabled mtu=1430 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Local Area Connection* 24-Symantec Endpoint Protection Firewall-0000" address=192.168.17.1 mask=255.255.255.0
add address name="Local Area Connection* 24-QoS Packet Scheduler-0000" address=192.168.137.1 mask=255.255.255.0
add address name="Local Area Connection 2" address=10.232.81.177 mask=255.255.255.0
add address name="Local Area Connection 4" address=10.17.115.21 mask=255.255.255.192
add address name="Local Area Connection 4" address=10.232.46.75 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.137.1 mask=255.255.255.0
add address name="Local Area Connection 4" address=10.233.160.151 mask=255.255.252.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DANIELTA01
   Primary Dns Suffix  . . . . . . . : corp.amdocs.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : corp.amdocs.com
                                       amdocs.com
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 60-67-20-F7-51-F1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : corp.amdocs.com
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6205
   Physical Address. . . . . . . . . : 60-67-20-F7-51-F0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::185e:97e2:1174:e33%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.139(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, November 14, 2014 04:44:57
   Lease Expires . . . . . . . . . . : Friday, November 14, 2014 05:45:20
   Default Gateway . . . . . . . . . : 10.0.0.138
   DHCP Server . . . . . . . . . . . : 10.0.0.138
   DHCPv6 IAID . . . . . . . . . . . : 224421664
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-86-4D-DB-3C-97-0E-61-2C-F8
   DNS Servers . . . . . . . . . . . : 10.0.0.138
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : corp.amdocs.com
   Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection
   Physical Address. . . . . . . . . : 3C-97-0E-61-2C-F8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.corp.amdocs.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : corp.amdocs.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{A2E57792-7390-4237-B62A-95C18E3C826E}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 42:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:c77:3ba0:f5ff:ff74(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::c77:3ba0:f5ff:ff74%56(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  Broadcom.Home
Address:  10.0.0.138
 
Name:    google.com
Addresses:  2a00:1450:4017:800::100e
 212.179.180.101
 212.179.180.110
 212.179.180.123
 212.179.180.102
 212.179.180.112
 212.179.180.95
 212.179.180.91
 212.179.180.84
 212.179.180.90
 212.179.180.80
 212.179.180.113
 212.179.180.117
 212.179.180.106
 212.179.180.88
 212.179.180.99
 212.179.180.121
 
 
Pinging google.com [212.179.180.101] with 32 bytes of data:
Reply from 212.179.180.101: bytes=32 time=23ms TTL=59
Reply from 212.179.180.101: bytes=32 time=116ms TTL=59
 
Ping statistics for 212.179.180.101:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 116ms, Average = 69ms
Server:  Broadcom.Home
Address:  10.0.0.138
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=223ms TTL=51
Reply from 98.139.183.24: bytes=32 time=246ms TTL=51
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 223ms, Maximum = 246ms, Average = 234ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 21...60 67 20 f7 51 f1 ......Microsoft Virtual WiFi Miniport Adapter
 12...60 67 20 f7 51 f0 ......Intel® Centrino® Advanced-N 6205
 11...3c 97 0e 61 2c f8 ......Intel® 82579LM Gigabit Network Connection
  1...........................Software Loopback Interface 1
 51...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 58...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 56...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.0.0.138       10.0.0.139     25
         10.0.0.0    255.255.255.0         On-link        10.0.0.139    281
       10.0.0.139  255.255.255.255         On-link        10.0.0.139    281
       10.0.0.255  255.255.255.255         On-link        10.0.0.139    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link        10.0.0.139    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link        10.0.0.139    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 56     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 56     58 2001::/32                On-link
 56    306 2001:0:9d38:6ab8:c77:3ba0:f5ff:ff74/128
                                    On-link
 12    281 fe80::/64                On-link
 56    306 fe80::/64                On-link
 56    306 fe80::c77:3ba0:f5ff:ff74/128
                                    On-link
 12    281 fe80::185e:97e2:1174:e33/128
                                    On-link
  1    306 ff00::/8                 On-link
 56    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346776] (VMware, Inc.)
Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346776] (VMware, Inc.)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446616] (VMware, Inc.)
x64-Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446616] (VMware, Inc.)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/14/2014 04:46:27 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=88, authorId=0, vendorId=0, vendorType=0
 
Error: (11/14/2014 04:46:27 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0
 
Error: (11/14/2014 04:46:27 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0
 
Error: (11/14/2014 04:46:27 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (11/14/2014 04:46:27 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (11/14/2014 04:46:27 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (11/14/2014 04:46:27 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/14/2014 04:46:27 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/14/2014 04:46:27 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
Error: (11/14/2014 04:46:27 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=2526, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (11/14/2014 04:47:44 AM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
 
Error: (11/14/2014 04:47:34 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/14/2014 04:45:57 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NTNET)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/14/2014 04:45:07 AM) (Source: Service Control Manager) (User: )
Description: The secsvccatDriver13893 service failed to start due to the following error: 
%%-536805375
 
Error: (11/14/2014 04:45:04 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
iastor
secsvccatDriver13893
 
Error: (11/14/2014 04:44:51 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (11/14/2014 04:44:50 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain NTNET due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (11/14/2014 04:32:50 AM) (Source: ipnathlp) (User: )
Description: 0
 
Error: (11/14/2014 03:51:34 AM) (Source: Service Control Manager) (User: )
Description: The A180WD service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/14/2014 03:07:39 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain NTNET due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-13 16:40:34.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 14:02:01.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 13:19:34.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 12:57:00.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-13 08:15:53.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-12 13:16:09.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-11 18:03:17.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-11 18:02:49.128
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-11 18:00:32.692
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-11 18:00:32.464
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
 
=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
ACM Lite (HKLM-x32\...\{0B8BB33B-7A03-4329-B63B-ADB334BA1755}) (Version: 1.0.0 - Amdocs)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amdocs Outlook Add-In (HKLM-x32\...\{A6F473CC-044F-4620-9EFD-812E4FF2FAC8}) (Version: 1.14.0.0 - Amdocs Ltd.)
Amdocs PC Maintenance Pack - May 2013 (HKLM-x32\...\PCMP) (Version:  - Amdocs)
Amdocs Screen Saver 2012 (x32 Version: 1.0.0 - Amdocs) Hidden
Amdocs Software Catalog (HKLM-x32\...\{45B24212-C887-4CB2-8605-7FFC4655EEE3}) (Version: 3.9.5.0 - Amdocs)
APM Monitor 8.3.0.pb00_hf04 (HKCU\...\APM Monitor 8.3.0.pb00_hf04) (Version:  - Amdocs Ltd.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Array Networks SSL VPN Client 8,4,6,67 (Array Networks) (HKLM-x32\...\Array SSL VPN8,4,6,67) (Version: 8,4,6,67 - Array Networks)
Array SSL VPN (HKLM\...\SSL VPN Client) (Version: 9.3.0.0 - Array Networks)
AT&T Conferencing Outlook Add-in v10.5.15 (HKLM-x32\...\{B13278C5-66E9-4BE6-97A5-C025CDC2F6BA}) (Version: 10.5.15 - AT&T Inc.)
AT&T Connect Participant Application v9.5.51 (HKLM-x32\...\{E42E8753-9A8E-48E9-9829-B3571D91A945}) (Version: 9.5.51 - AT&T Inc.)
AT&T Connect Recording Converter Utility v1.0.51 (HKLM-x32\...\{71F8B03E-D6B6-416F-8BD3-A93ED8770F31}) (Version: 1.0.51 - AT&T Inc.)
Aternity Agent (x32 Version: 7.15.157 - Aternity Information Systems Ltd.) Hidden
Aternity Assistant (x32 Version: 1.65.92 - Aternity Information Systems Ltd.) Hidden
Aternity Bundle (x32 Version: 7.1.5.74 - Aternity Information Systems Ltd.) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Babylon-Enterprise Client (HKLM-x32\...\{19D9F11A-F5B9-4F5D-BE2D-A3EC80A8BF8E}) (Version: 9.00.0355 - Babylon Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (HKLM\...\{340AFA68-3178-47C8-9AB2-AF8D589927BB}) (Version: 4.0.5641.0 - Box, Inc.)
BrowserTraySwitch 2.05.01 (HKLM-x32\...\BrowserTraySwitch_is1) (Version:  - )
Camtasia Studio 8 (HKLM-x32\...\{50542AEE-76BD-4BCD-A890-E2FF4D4E051A}) (Version: 8.0.1.903 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Citrix XenApp Plugin for Hosted Apps (HKLM-x32\...\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 1.6.17 - Dropbox, Inc.)
DST 2014 Chile (x32 Version: 1.0 - Amdocs) Hidden
ECAT Agent (Version: 3.5.0.0 - EMC Corporation) Hidden
Enterprise Architect 9.2 (HKLM-x32\...\{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}) (Version: 9.2.920.108 - Sparx Systems)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 7.0.3.1963 (HKCU\...\GoToMeeting) (Version: 7.0.3.1963 - CitrixOnline)
HP DDM Inventory Agent (x86) 7.61.000.9328 (x32 Version: 7.61.000.9328 - Hewlett-Packard Development Company, L.P.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
iPass Open Mobile (HKLM-x32\...\{341DEA27-2A38-4FC5-A1B0-20FF3B8E73D4}) (Version:  - iPass)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 21 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Java™ SE Development Kit 6 Update 24 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160240}) (Version: 1.6.0.240 - Oracle)
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Patch Utility (HKLM-x32\...\{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}) (Version: 1.3.0.007 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{1C83CB66-D345-4D6C-95A2-63A03269ADA0}) (Version: 1.3.0.007 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MDOP MBAM (HKLM\...\{E3223BF7-23F4-4EEA-AD30-39F362FD9ED7}) (Version: 2.1.0117.0 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync 2013 (HKLM-x32\...\Office15.LYNC) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Lync 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Visio 2007 Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}) (Version:  - Microsoft)
Microsoft Office Visio 2007 Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Policy Platform (Version: 1.2.3602.0 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Project MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPRO) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Project Professional 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visio Viewer 2013 (HKLM\...\{95150000-0052-0409-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60891.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.30322 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nortel PC Client (HKLM-x32\...\{FBD5079F-FC27-41BA-9D45-E02E8435CCDB}) (Version: 4.0.001 - Nortel)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.24.00 - )
Oracle WebLogic (HKLM-x32\...\Oracle WebLogic) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Proxy Switcher (HKLM-x32\...\{47EB8A2A-84C1-4CC7-B5F4-9EFC344D0D20}) (Version: 1.9.11 - OnyxBox Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6617 - Realtek Semiconductor Corp.)
Reflector (HKLM\...\{755B7570-F3BB-45DE-B6CB-20A607AB760B}) (Version: 1.2.6 - Squirrels)
RSA SecurID Software Token (HKLM-x32\...\{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}) (Version: 4.1.0 - RSA, The Security Division of EMC)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
SubWiji (HKCU\...\31e6f982f8118abc) (Version: 1.5.5.53 - SubWiji)
Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TeamPlayer (HKCU\...\174f0619f139f297) (Version: 22.0.0.1 - Amdocs IMIS)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.24 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.65.05.20 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.2 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.10 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.09 - Lenovo)
Tivoli Challenge Response (HKLM-x32\...\Tivoli Challenge Response) (Version: 1.0.0.0 - IBM)
tools-freebsd (x32 Version: 8.4.9.30422 - VMware, Inc.) Hidden
tools-linux (x32 Version: 8.4.9.30422 - VMware, Inc.) Hidden
tools-netware (x32 Version: 8.4.9.30422 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 8.4.9.30422 - VMware, Inc.) Hidden
tools-windows (x32 Version: 8.4.9.30422 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 8.4.9.30422 - VMware, Inc.) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
UltraEdit 16.20 (HKLM-x32\...\{B235AB91-08A9-4DED-9DE0-B9594A5F7DCF}) (Version: 16.20.10 - IDM Computer Solutions, Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (KB982305) (HKLM-x32\...\{BD430C50-784F-32CD-87E7-A8C47EE6107F}.KB982305) (Version: 1 - Microsoft Corporation)
Viber (HKCU\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Mirage Client (HKLM\...\{11BA1ACD-F58D-4603-B4F9-BC2F18E71BFB}) (Version: 5.1.0.11204 - VMware, Inc.)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 7.1.6.30422 - VMware, Inc)
VMware Workstation (x32 Version: 7.1.6.30422 - VMware, Inc.) Hidden
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9579 - WinZip Computing, S.L. )
Yammer Notifier (HKCU\...\8c3c8c06fefda92b) (Version: 1.0.0.498 - Microsoft Corporation)
??? ????? ?? Microsoft Office 2013 - ????? (HKLM-x32\...\{90150000-001F-040D-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
 
========================= Devices: ================================
 
Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: SugarSync
Service: SSCBFS3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: secsvccatDriver13893
Description: secsvccatDriver13893
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: secsvccatDriver13893
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Array Networks VPN Adapter
Description: Array Networks SSL VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Array Networks
Service: ATP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 46%
Total physical RAM: 7887.79 MB
Available physical RAM: 4224.33 MB
Total Pagefile: 15773.76 MB
Available Pagefile: 11439.84 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.26 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OSDisk) (Fixed) (Total:232.69 GB) (Free:95.79 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DANIELTA01
 
__vmware_user__          Administrator            Guest                    
PCManager                
 
========================= Restore Points ==================================
 
 
**** End of log ****


#6 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 13 November 2014 - 10:09 PM

Here is the log from Malwarebytes Anti-Malware:

 

FYI - after reboot the process C:\Windows\Temp\svchost.exe showed up again.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 14/11/14
Scan Time: 04:58:44
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.14.01
Rootkit Database: v2014.11.12.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DANIELTA
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410943
Time Elapsed: 4 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
Trojan.Agent.Gen, C:\Windows\Temp\svchost.exe, 6552, Delete-on-Reboot, [4663063591eb0d29ec92f069010318e8]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Agent.Gen, C:\Windows\Temp\svchost.exe, Delete-on-Reboot, [4663063591eb0d29ec92f069010318e8], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 13 November 2014 - 10:21 PM

Here are the logs after Malwarebytes Anti-Rootkit and reboot.

 

After the reboot Avast found and deleted the svchost.exe file.

 

mbar-log-2014-11-14 (05-11-06).txt:

 

Malwarebytes Anti-Rootkit BETA 1.08.1.1001
www.malwarebytes.org
 
Database version: v2014.11.14.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DANIELTA :: DANIELTA01 [administrator]
 
14/11/14 05:11:06
mbar-log-2014-11-14 (05-11-06).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 410738
Time elapsed: 4 minute(s), 8 second(s)
 
Memory Processes Detected: 1
C:\Windows\Temp\svchost.exe (Trojan.Agent.Gen) -> 7144 -> Delete on reboot. [b6f376c59ae21e18a8d668f1020215eb]
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Windows\Temp\svchost.exe (Trojan.Agent.Gen) -> Delete on reboot. [b6f376c59ae21e18a8d668f1020215eb]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
system-log.txt:
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.1.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
Java version: 1.6.0_24
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 8270946304, free: 4586209280
 
Downloaded database version: v2014.11.14.01
Downloaded database version: v2014.11.12.01
=======================================
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
Initializing...
======================
------------ Kernel report ------------
     11/14/2014 05:10:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\pjsv.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\Mirage.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS
\SystemRoot\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS
\SystemRoot\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141112.037\EX64.SYS
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20141112.037\ENG64.SYS
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\vpntdi64.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\Teefer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\Drivers\SysPlant.sys
\SystemRoot\system32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\smiifx64.sys
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20141112.013\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20141107.011\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dne64x.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\tcusb.sys
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmci.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\sims\ProcObsrv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\sysferThunk.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800702b080
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8006cf1080
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800702b080, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800702bab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800702c060, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xfffffa800702b080, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006cf1080, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
Volume is encrypted by BITLOCKER
<<<2>>>
<<<3>>>
Volume: C:
Volume is encrypted by BITLOCKER
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F126
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 409600
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 411648  Numsec = 487985520
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 250059350016 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\Windows\Temp\svchost.exe --> [Trojan.Agent.Gen]
Infected: C:\Windows\Temp\svchost.exe --> [Trojan.Agent.Gen]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 


#8 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 13 November 2014 - 10:27 PM

Here is the log from Rkill:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/14/2014 05:25:34 AM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\system32\sims\AmdocsSIMS.exe (PID: 2316) [WD-HEUR]
 * C:\Windows\temp\svchost.exe (PID: 11124) [SFI]
 
2 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Automatic Updates Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
   "NoAutoUpdate" = dword:00000001
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
   "EnableFirewall" = dword:00000000
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 11/14/2014 05:26:05 AM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:53 PM

Posted 13 November 2014 - 11:55 PM

p22002970.gif You're running two AV programs, Symantec (Norton) and Avast.

You must uninstall one of them.

If Norton use this tool: http://www.majorgeeks.com/files/details/norton_removal_tool.html

 

p22002970.gif Download TDSSKiller and save it to your desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 14 November 2014 - 03:37 AM

I uninstalled Avast and rebooted. Then downloaded and ran TDSSKiller.

 

It kept detecting a threat service "AmdocsSIMS" which I assume is a corporate service. When I did skip or quarantine options it went back to the start scan screen.



#11 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 14 November 2014 - 08:06 AM

Here is the log from the TDSSKiller run:

 

15:02:44.0765 0x15b0  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
15:02:48.0314 0x15b0  ============================================================
15:02:48.0314 0x15b0  Current date / time: 2014/11/14 15:02:48.0314
15:02:48.0314 0x15b0  SystemInfo:
15:02:48.0314 0x15b0  
15:02:48.0314 0x15b0  OS Version: 6.1.7601 ServicePack: 1.0
15:02:48.0314 0x15b0  Product type: Workstation
15:02:48.0314 0x15b0  ComputerName: DANIELTA01
15:02:48.0314 0x15b0  UserName: DANIELTA
15:02:48.0314 0x15b0  Windows directory: C:\Windows
15:02:48.0314 0x15b0  System windows directory: C:\Windows
15:02:48.0314 0x15b0  Running under WOW64
15:02:48.0314 0x15b0  Processor architecture: Intel x64
15:02:48.0314 0x15b0  Number of processors: 4
15:02:48.0314 0x15b0  Page size: 0x1000
15:02:48.0314 0x15b0  Boot type: Normal boot
15:02:48.0314 0x15b0  ============================================================
15:02:48.0563 0x15b0  KLMD registered as C:\Windows\system32\drivers\70457924.sys
15:02:48.0673 0x15b0  System UUID: {0457C4A0-E862-AA00-CE36-AE97E4275127}
15:02:49.0078 0x15b0  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:02:49.0078 0x15b0  ============================================================
15:02:49.0078 0x15b0  \Device\Harddisk0\DR0:
15:02:49.0078 0x15b0  MBR partitions:
15:02:49.0078 0x15b0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
15:02:49.0078 0x15b0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1D161170
15:02:49.0078 0x15b0  ============================================================
15:02:49.0078 0x15b0  C: <-> \Device\Harddisk0\DR0\Partition2
15:02:49.0078 0x15b0  ============================================================
15:02:49.0078 0x15b0  Initialize success
15:02:49.0078 0x15b0  ============================================================
15:02:51.0913 0x0388  ============================================================
15:02:51.0913 0x0388  Scan started
15:02:51.0913 0x0388  Mode: Manual; 
15:02:51.0913 0x0388  ============================================================
15:02:51.0913 0x0388  KSN ping started
15:02:54.0443 0x0388  KSN ping finished: true
15:02:54.0740 0x0388  ================ Scan system memory ========================
15:02:54.0740 0x0388  System memory - ok
15:02:54.0740 0x0388  ================ Scan services =============================
15:02:54.0740 0x0388  1394ohci - ok
15:02:54.0740 0x0388  A180AA - ok
15:02:54.0755 0x0388  A180WD - ok
15:02:54.0755 0x0388  ACPI - ok
15:02:54.0755 0x0388  AcpiPmi - ok
15:02:54.0755 0x0388  AcPrfMgrSvc - ok
15:02:54.0755 0x0388  AcSvc - ok
15:02:54.0771 0x0388  AdobeARMservice - ok
15:02:54.0771 0x0388  AdobeFlashPlayerUpdateSvc - ok
15:02:54.0771 0x0388  adp94xx - ok
15:02:54.0771 0x0388  adpahci - ok
15:02:54.0771 0x0388  adpu320 - ok
15:02:54.0771 0x0388  AeLookupSvc - ok
15:02:54.0786 0x0388  AFD - ok
15:02:54.0786 0x0388  agp440 - ok
15:02:54.0786 0x0388  ALG - ok
15:02:54.0786 0x0388  aliide - ok
15:02:54.0786 0x0388  amdide - ok
15:02:54.0786 0x0388  AmdK8 - ok
15:02:54.0802 0x0388  Suspicious service (NoAccess): AmdocsSIMS
15:02:54.0802 0x0388  AmdocsSIMS - detected LockedService.Multi.Generic ( 1 )
15:02:54.0849 0x0388  AmdocsSIMS ( LockedService.Multi.Generic ) - warning
15:02:57.0517 0x0388  AmdPPM - ok
15:02:57.0517 0x0388  amdsata - ok
15:02:57.0517 0x0388  amdsbs - ok
15:02:57.0517 0x0388  amdxata - ok
15:02:57.0517 0x0388  AppID - ok
15:02:57.0533 0x0388  AppIDSvc - ok
15:02:57.0533 0x0388  Appinfo - ok
15:02:57.0533 0x0388  Apple Mobile Device - ok
15:02:57.0533 0x0388  AppMgmt - ok
15:02:57.0533 0x0388  arc - ok
15:02:57.0533 0x0388  arcsas - ok
15:02:57.0549 0x0388  ArraySSL_VPN_Service8.4.6.67 - ok
15:02:57.0549 0x0388  Array_Utility_Service8.4.6.67 - ok
15:02:57.0549 0x0388  aspnet_state - ok
15:02:57.0549 0x0388  AsyncMac - ok
15:02:57.0564 0x0388  atapi - ok
15:02:57.0564 0x0388  ATP - ok
15:02:57.0564 0x0388  AudioEndpointBuilder - ok
15:02:57.0564 0x0388  AudioSrv - ok
15:02:57.0564 0x0388  AxInstSV - ok
15:02:57.0564 0x0388  b06bdrv - ok
15:02:57.0580 0x0388  b57nd60a - ok
15:02:57.0580 0x0388  bcbtums - ok
15:02:57.0580 0x0388  BDESVC - ok
15:02:57.0580 0x0388  Beep - ok
15:02:57.0580 0x0388  BFE - ok
15:02:57.0595 0x0388  BHDrvx64 - ok
15:02:57.0595 0x0388  BITS - ok
15:02:57.0595 0x0388  blbdrive - ok
15:02:57.0595 0x0388  Bonjour Service - ok
15:02:57.0595 0x0388  bowser - ok
15:02:57.0595 0x0388  BoxSyncUpdateService - ok
15:02:57.0611 0x0388  BrFiltLo - ok
15:02:57.0611 0x0388  BrFiltUp - ok
15:02:57.0611 0x0388  Browser - ok
15:02:57.0611 0x0388  Brserid - ok
15:02:57.0611 0x0388  BrSerWdm - ok
15:02:57.0611 0x0388  BrUsbMdm - ok
15:02:57.0627 0x0388  BrUsbSer - ok
15:02:57.0627 0x0388  BthEnum - ok
15:02:57.0627 0x0388  BTHMODEM - ok
15:02:57.0627 0x0388  BthPan - ok
15:02:57.0627 0x0388  BTHPORT - ok
15:02:57.0627 0x0388  bthserv - ok
15:02:57.0642 0x0388  BTHUSB - ok
15:02:57.0642 0x0388  btwavdt - ok
15:02:57.0642 0x0388  btwrchid - ok
15:02:57.0642 0x0388  c2cautoupdatesvc - ok
15:02:57.0642 0x0388  c2cpnrsvc - ok
15:02:57.0658 0x0388  CcmExec - ok
15:02:57.0658 0x0388  ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE} - ok
15:02:57.0658 0x0388  cdfs - ok
15:02:57.0658 0x0388  cdrom - ok
15:02:57.0658 0x0388  CertPropSvc - ok
15:02:57.0658 0x0388  circlass - ok
15:02:57.0673 0x0388  CLFS - ok
15:02:57.0673 0x0388  clr_optimization_v2.0.50727_32 - ok
15:02:57.0673 0x0388  clr_optimization_v2.0.50727_64 - ok
15:02:57.0673 0x0388  clr_optimization_v4.0.30319_32 - ok
15:02:57.0673 0x0388  clr_optimization_v4.0.30319_64 - ok
15:02:57.0673 0x0388  CmBatt - ok
15:02:57.0689 0x0388  cmdide - ok
15:02:57.0689 0x0388  CmRcService - ok
15:02:57.0689 0x0388  CNG - ok
15:02:57.0689 0x0388  Compbatt - ok
15:02:57.0689 0x0388  CompositeBus - ok
15:02:57.0689 0x0388  COMSysApp - ok
15:02:57.0705 0x0388  cphs - ok
15:02:57.0705 0x0388  crcdisk - ok
15:02:57.0705 0x0388  CryptSvc - ok
15:02:57.0705 0x0388  CSC - ok
15:02:57.0720 0x0388  CscService - ok
15:02:57.0720 0x0388  CVirtA - ok
15:02:57.0720 0x0388  CVPND - ok
15:02:57.0720 0x0388  CVPNDRVA - ok
15:02:57.0720 0x0388  DcomLaunch - ok
15:02:57.0736 0x0388  defragsvc - ok
15:02:57.0736 0x0388  DfsC - ok
15:02:57.0736 0x0388  Dhcp - ok
15:02:57.0736 0x0388  discache - ok
15:02:57.0736 0x0388  Disk - ok
15:02:57.0736 0x0388  dmvsc - ok
15:02:57.0751 0x0388  DNE - ok
15:02:57.0751 0x0388  Dnscache - ok
15:02:57.0751 0x0388  dot3svc - ok
15:02:57.0751 0x0388  DPS - ok
15:02:57.0751 0x0388  drmkaud - ok
15:02:57.0751 0x0388  DXGKrnl - ok
15:02:57.0767 0x0388  e1cexpress - ok
15:02:57.0767 0x0388  E1G60 - ok
15:02:57.0767 0x0388  EapHost - ok
15:02:57.0767 0x0388  ebdrv - ok
15:02:57.0767 0x0388  eeCtrl - ok
15:02:57.0767 0x0388  EFS - ok
15:02:57.0783 0x0388  ehRecvr - ok
15:02:57.0783 0x0388  ehSched - ok
15:02:57.0783 0x0388  elxstor - ok
15:02:57.0783 0x0388  EraserUtilRebootDrv - ok
15:02:57.0783 0x0388  ErrDev - ok
15:02:57.0798 0x0388  EventSystem - ok
15:02:57.0798 0x0388  EvtEng - ok
15:02:57.0798 0x0388  exfat - ok
15:02:57.0798 0x0388  fastfat - ok
15:02:57.0798 0x0388  Fax - ok
15:02:57.0814 0x0388  fdc - ok
15:02:57.0814 0x0388  fdPHost - ok
15:02:57.0814 0x0388  FDResPub - ok
15:02:57.0814 0x0388  FileInfo - ok
15:02:57.0814 0x0388  Filetrace - ok
15:02:57.0814 0x0388  flpydisk - ok
15:02:57.0829 0x0388  FltMgr - ok
15:02:57.0829 0x0388  FontCache - ok
15:02:57.0829 0x0388  FontCache3.0.0.0 - ok
15:02:57.0829 0x0388  FoxitCloudUpdateService - ok
15:02:57.0829 0x0388  FsDepends - ok
15:02:57.0829 0x0388  Fs_Rec - ok
15:02:57.0845 0x0388  fvevol - ok
15:02:57.0845 0x0388  gagp30kx - ok
15:02:57.0845 0x0388  GEARAspiWDM - ok
15:02:57.0845 0x0388  gpsvc - ok
15:02:57.0845 0x0388  gupdate - ok
15:02:57.0845 0x0388  gupdatem - ok
15:02:57.0861 0x0388  hcmon - ok
15:02:57.0861 0x0388  hcw85cir - ok
15:02:57.0861 0x0388  HDAudBus - ok
15:02:57.0861 0x0388  HidBatt - ok
15:02:57.0861 0x0388  HidBth - ok
15:02:57.0861 0x0388  HidIr - ok
15:02:57.0876 0x0388  hidserv - ok
15:02:57.0876 0x0388  HidUsb - ok
15:02:57.0876 0x0388  hkmsvc - ok
15:02:57.0876 0x0388  HomeGroupListener - ok
15:02:57.0876 0x0388  HomeGroupProvider - ok
15:02:57.0876 0x0388  HpSAMD - ok
15:02:57.0892 0x0388  HTTP - ok
15:02:57.0892 0x0388  hwpolicy - ok
15:02:57.0892 0x0388  i8042prt - ok
15:02:57.0892 0x0388  iastor - ok
15:02:57.0892 0x0388  iaStorV - ok
15:02:57.0892 0x0388  IBMPMDRV - ok
15:02:57.0907 0x0388  IBMPMSVC - ok
15:02:57.0907 0x0388  idsvc - ok
15:02:57.0907 0x0388  IDSVia64 - ok
15:02:57.0907 0x0388  igfx - ok
15:02:57.0907 0x0388  iirsp - ok
15:02:57.0923 0x0388  IKEEXT - ok
15:02:57.0923 0x0388  iMobilityService - ok
15:02:57.0923 0x0388  IntcAzAudAddService - ok
15:02:57.0923 0x0388  IntcDAud - ok
15:02:57.0923 0x0388  intelide - ok
15:02:57.0939 0x0388  intelppm - ok
15:02:57.0939 0x0388  IPBusEnum - ok
15:02:57.0939 0x0388  IpFilterDriver - ok
15:02:57.0939 0x0388  iphlpsvc - ok
15:02:57.0939 0x0388  iPlatformService - ok
15:02:57.0939 0x0388  IPMIDRV - ok
15:02:57.0954 0x0388  IPNAT - ok
15:02:57.0954 0x0388  iPod Service - ok
15:02:57.0954 0x0388  IRENUM - ok
15:02:57.0954 0x0388  isapnp - ok
15:02:57.0954 0x0388  iScsiPrt - ok
15:02:57.0954 0x0388  iusb3hub - ok
15:02:57.0970 0x0388  iusb3xhc - ok
15:02:57.0970 0x0388  kbdclass - ok
15:02:57.0970 0x0388  kbdhid - ok
15:02:57.0970 0x0388  KeyIso - ok
15:02:57.0970 0x0388  KSecDD - ok
15:02:57.0970 0x0388  KSecPkg - ok
15:02:57.0985 0x0388  ksthunk - ok
15:02:57.0985 0x0388  KtmRm - ok
15:02:57.0985 0x0388  LanmanServer - ok
15:02:57.0985 0x0388  LanmanWorkstation - ok
15:02:57.0985 0x0388  LENOVO.CAMMUTE - ok
15:02:58.0001 0x0388  LENOVO.MICMUTE - ok
15:02:58.0001 0x0388  lenovo.smi - ok
15:02:58.0001 0x0388  LENOVO.TPKNRSVC - ok
15:02:58.0001 0x0388  Lenovo.VIRTSCRLSVC - ok
15:02:58.0001 0x0388  lltdio - ok
15:02:58.0001 0x0388  lltdsvc - ok
15:02:58.0017 0x0388  lmhosts - ok
15:02:58.0017 0x0388  lpasvc - ok
15:02:58.0017 0x0388  lppsvc - ok
15:02:58.0017 0x0388  LSI_FC - ok
15:02:58.0017 0x0388  LSI_SAS - ok
15:02:58.0032 0x0388  LSI_SAS2 - ok
15:02:58.0032 0x0388  LSI_SCSI - ok
15:02:58.0032 0x0388  luafv - ok
15:02:58.0032 0x0388  MBAMAgent - ok
15:02:58.0032 0x0388  MBAMProtector - ok
15:02:58.0048 0x0388  MBAMScheduler - ok
15:02:58.0048 0x0388  MBAMService - ok
15:02:58.0048 0x0388  MBAMSwissArmy - ok
15:02:58.0048 0x0388  MBAMWebAccessControl - ok
15:02:58.0048 0x0388  Mcx2Svc - ok
15:02:58.0063 0x0388  megasas - ok
15:02:58.0063 0x0388  MegaSR - ok
15:02:58.0063 0x0388  MEIx64 - ok
15:02:58.0063 0x0388  Mirage - ok
15:02:58.0063 0x0388  MMCSS - ok
15:02:58.0063 0x0388  Modem - ok
15:02:58.0079 0x0388  monitor - ok
15:02:58.0079 0x0388  mouclass - ok
15:02:58.0079 0x0388  mouhid - ok
15:02:58.0079 0x0388  mountmgr - ok
15:02:58.0079 0x0388  MozillaMaintenance - ok
15:02:58.0079 0x0388  mpio - ok
15:02:58.0095 0x0388  mpsdrv - ok
15:02:58.0095 0x0388  MpsSvc - ok
15:02:58.0095 0x0388  MRxDAV - ok
15:02:58.0095 0x0388  mrxsmb - ok
15:02:58.0095 0x0388  mrxsmb10 - ok
15:02:58.0095 0x0388  mrxsmb20 - ok
15:02:58.0110 0x0388  msahci - ok
15:02:58.0110 0x0388  msdsm - ok
15:02:58.0110 0x0388  MSDTC - ok
15:02:58.0110 0x0388  Msfs - ok
15:02:58.0110 0x0388  mshidkmdf - ok
15:02:58.0126 0x0388  msisadrv - ok
15:02:58.0126 0x0388  MSiSCSI - ok
15:02:58.0126 0x0388  msiserver - ok
15:02:58.0126 0x0388  MSKSSRV - ok
15:02:58.0126 0x0388  MSPCLOCK - ok
15:02:58.0141 0x0388  MSPQM - ok
15:02:58.0141 0x0388  MsRPC - ok
15:02:58.0141 0x0388  mssmbios - ok
15:02:58.0141 0x0388  MSTEE - ok
15:02:58.0141 0x0388  MTConfig - ok
15:02:58.0141 0x0388  Mup - ok
15:02:58.0157 0x0388  napagent - ok
15:02:58.0157 0x0388  NativeWifiP - ok
15:02:58.0157 0x0388  NAVENG - ok
15:02:58.0157 0x0388  NAVEX15 - ok
15:02:58.0157 0x0388  NDIS - ok
15:02:58.0173 0x0388  NdisCap - ok
15:02:58.0173 0x0388  NdisTapi - ok
15:02:58.0173 0x0388  Ndisuio - ok
15:02:58.0173 0x0388  NdisWan - ok
15:02:58.0173 0x0388  NDProxy - ok
15:02:58.0173 0x0388  Net Driver HPZ12 - ok
15:02:58.0188 0x0388  NetBIOS - ok
15:02:58.0188 0x0388  NetBT - ok
15:02:58.0188 0x0388  Netlogon - ok
15:02:58.0188 0x0388  Netman - ok
15:02:58.0188 0x0388  NetMsmqActivator - ok
15:02:58.0188 0x0388  NetPipeActivator - ok
15:02:58.0204 0x0388  netprofm - ok
15:02:58.0204 0x0388  NetTcpActivator - ok
15:02:58.0204 0x0388  NetTcpPortSharing - ok
15:02:58.0204 0x0388  NETwNs64 - ok
15:02:58.0204 0x0388  nfrd960 - ok
15:02:58.0219 0x0388  NlaSvc - ok
15:02:58.0219 0x0388  Npfs - ok
15:02:58.0219 0x0388  nsi - ok
15:02:58.0219 0x0388  nsiproxy - ok
15:02:58.0219 0x0388  Ntfs - ok
15:02:58.0219 0x0388  Null - ok
15:02:58.0235 0x0388  nvraid - ok
15:02:58.0235 0x0388  nvstor - ok
15:02:58.0235 0x0388  nv_agp - ok
15:02:58.0235 0x0388  odserv - ok
15:02:58.0235 0x0388  ohci1394 - ok
15:02:58.0235 0x0388  Oracle WebLogic NodeManager (C_Oracle_Middleware_wlserver_10.3) - ok
15:02:58.0252 0x0388  ose - ok
15:02:58.0252 0x0388  osppsvc - ok
15:02:58.0252 0x0388  p2pimsvc - ok
15:02:58.0252 0x0388  p2psvc - ok
15:02:58.0252 0x0388  Parport - ok
15:02:58.0267 0x0388  partmgr - ok
15:02:58.0267 0x0388  PcaSvc - ok
15:02:58.0267 0x0388  pci - ok
15:02:58.0267 0x0388  pciide - ok
15:02:58.0267 0x0388  pcmcia - ok
15:02:58.0267 0x0388  pcw - ok
15:02:58.0284 0x0388  PEAUTH - ok
15:02:58.0284 0x0388  PeerDistSvc - ok
15:02:58.0284 0x0388  PerfHost - ok
15:02:58.0284 0x0388  pla - ok
15:02:58.0284 0x0388  PlugPlay - ok
15:02:58.0299 0x0388  Pml Driver HPZ12 - ok
15:02:58.0299 0x0388  PNRPAutoReg - ok
15:02:58.0299 0x0388  PNRPsvc - ok
15:02:58.0299 0x0388  PolicyAgent - ok
15:02:58.0299 0x0388  Power - ok
15:02:58.0315 0x0388  PptpMiniport - ok
15:02:58.0315 0x0388  prepdrvr - ok
15:02:58.0315 0x0388  prgnDiscAgent - ok
15:02:58.0315 0x0388  Processor - ok
15:02:58.0315 0x0388  ProcObsrv - ok
15:02:58.0315 0x0388  ProfSvc - ok
15:02:58.0331 0x0388  ProtectedStorage - ok
15:02:58.0331 0x0388  Psched - ok
15:02:58.0331 0x0388  ql2300 - ok
15:02:58.0331 0x0388  ql40xx - ok
15:02:58.0331 0x0388  QWAVE - ok
15:02:58.0346 0x0388  QWAVEdrv - ok
15:02:58.0346 0x0388  RasAcd - ok
15:02:58.0346 0x0388  RasAgileVpn - ok
15:02:58.0346 0x0388  RasAuto - ok
15:02:58.0346 0x0388  Rasl2tp - ok
15:02:58.0362 0x0388  RasMan - ok
15:02:58.0362 0x0388  RasPppoe - ok
15:02:58.0362 0x0388  RasSstp - ok
15:02:58.0362 0x0388  rdbss - ok
15:02:58.0362 0x0388  rdpbus - ok
15:02:58.0362 0x0388  RDPCDD - ok
15:02:58.0377 0x0388  RDPDR - ok
15:02:58.0377 0x0388  RDPENCDD - ok
15:02:58.0377 0x0388  RDPREFMP - ok
15:02:58.0377 0x0388  RdpVideoMiniport - ok
15:02:58.0377 0x0388  RDPWD - ok
15:02:58.0393 0x0388  rdyboost - ok
15:02:58.0393 0x0388  RegSrvc - ok
15:02:58.0393 0x0388  RemoteAccess - ok
15:02:58.0393 0x0388  RemoteRegistry - ok
15:02:58.0393 0x0388  RFCOMM - ok
15:02:58.0409 0x0388  risdxc - ok
15:02:58.0409 0x0388  RpcEptMapper - ok
15:02:58.0409 0x0388  RpcLocator - ok
15:02:58.0409 0x0388  RpcSs - ok
15:02:58.0409 0x0388  rspndr - ok
15:02:58.0409 0x0388  s3cap - ok
15:02:58.0424 0x0388  SamSs - ok
15:02:58.0424 0x0388  sbp2port - ok
15:02:58.0424 0x0388  SCardSvr - ok
15:02:58.0424 0x0388  scfilter - ok
15:02:58.0424 0x0388  Schedule - ok
15:02:58.0424 0x0388  SCPolicySvc - ok
15:02:58.0440 0x0388  SDRSVC - ok
15:02:58.0440 0x0388  secdrv - ok
15:02:58.0440 0x0388  seclogon - ok
15:02:58.0440 0x0388  secsvccat - ok
15:02:58.0440 0x0388  secsvccatDriver13893 - ok
15:02:58.0455 0x0388  SENS - ok
15:02:58.0455 0x0388  SensrSvc - ok
15:02:58.0455 0x0388  SepMasterService - ok
15:02:58.0455 0x0388  Serenum - ok
15:02:58.0455 0x0388  Serial - ok
15:02:58.0455 0x0388  sermouse - ok
15:02:58.0471 0x0388  SessionEnv - ok
15:02:58.0471 0x0388  sffdisk - ok
15:02:58.0471 0x0388  sffp_mmc - ok
15:02:58.0471 0x0388  sffp_sd - ok
15:02:58.0471 0x0388  sfloppy - ok
15:02:58.0487 0x0388  SharedAccess - ok
15:02:58.0487 0x0388  ShellHWDetection - ok
15:02:58.0487 0x0388  Shockprf - ok
15:02:58.0487 0x0388  SiSRaid2 - ok
15:02:58.0487 0x0388  SiSRaid4 - ok
15:02:58.0502 0x0388  SkypeUpdate - ok
15:02:58.0502 0x0388  Smb - ok
15:02:58.0502 0x0388  SmbDrvI - ok
15:02:58.0502 0x0388  SmcService - ok
15:02:58.0502 0x0388  smstsmgr - ok
15:02:58.0518 0x0388  SNAC - ok
15:02:58.0518 0x0388  SNMPTRAP - ok
15:02:58.0518 0x0388  spldr - ok
15:02:58.0518 0x0388  Spooler - ok
15:02:58.0518 0x0388  sppsvc - ok
15:02:58.0533 0x0388  sppuinotify - ok
15:02:58.0533 0x0388  SRTSP - ok
15:02:58.0533 0x0388  SRTSPX - ok
15:02:58.0533 0x0388  srv - ok
15:02:58.0533 0x0388  srv2 - ok
15:02:58.0549 0x0388  srvnet - ok
15:02:58.0549 0x0388  SSDPSRV - ok
15:02:58.0549 0x0388  SstpSvc - ok
15:02:58.0549 0x0388  stexstor - ok
15:02:58.0549 0x0388  stisvc - ok
15:02:58.0549 0x0388  storflt - ok
15:02:58.0549 0x0388  StorSvc - ok
15:02:58.0565 0x0388  storvsc - ok
15:02:58.0565 0x0388  swenum - ok
15:02:58.0565 0x0388  swprv - ok
15:02:58.0565 0x0388  SyDvCtrl - ok
15:02:58.0565 0x0388  SymDS - ok
15:02:58.0580 0x0388  SymEFA - ok
15:02:58.0580 0x0388  SymEvent - ok
15:02:58.0580 0x0388  SymIRON - ok
15:02:58.0580 0x0388  SYMNETS - ok
15:02:58.0580 0x0388  Synth3dVsc - ok
15:02:58.0580 0x0388  SynTP - ok
15:02:58.0596 0x0388  SysMain - ok
15:02:58.0596 0x0388  SysPlant - ok
15:02:58.0596 0x0388  TabletInputService - ok
15:02:58.0596 0x0388  TapiSrv - ok
15:02:58.0596 0x0388  TBS - ok
15:02:58.0611 0x0388  Tcpip - ok
15:02:58.0611 0x0388  TCPIP6 - ok
15:02:58.0611 0x0388  tcpipreg - ok
15:02:58.0611 0x0388  TcUsb - ok
15:02:58.0611 0x0388  TDPIPE - ok
15:02:58.0627 0x0388  TDTCP - ok
15:02:58.0627 0x0388  tdx - ok
15:02:58.0627 0x0388  Teefer2 - ok
15:02:58.0627 0x0388  TermDD - ok
15:02:58.0627 0x0388  terminpt - ok
15:02:58.0627 0x0388  TermService - ok
15:02:58.0643 0x0388  Themes - ok
15:02:58.0643 0x0388  THREADORDER - ok
15:02:58.0643 0x0388  TPDIGIMN - ok
15:02:58.0643 0x0388  TPHDEXLGSVC - ok
15:02:58.0643 0x0388  TPHKLOAD - ok
15:02:58.0658 0x0388  TPHKSVC - ok
15:02:58.0658 0x0388  TPM - ok
15:02:58.0658 0x0388  TrkWks - ok
15:02:58.0658 0x0388  TrustedInstaller - ok
15:02:58.0658 0x0388  tssecsrv - ok
15:02:58.0674 0x0388  TsUsbFlt - ok
15:02:58.0674 0x0388  TsUsbGD - ok
15:02:58.0674 0x0388  tsusbhub - ok
15:02:58.0674 0x0388  tunnel - ok
15:02:58.0674 0x0388  uagp35 - ok
15:02:58.0674 0x0388  udfs - ok
15:02:58.0689 0x0388  ufad-ws60 - ok
15:02:58.0689 0x0388  UI0Detect - ok
15:02:58.0689 0x0388  uliagpkx - ok
15:02:58.0689 0x0388  umbus - ok
15:02:58.0689 0x0388  UmPass - ok
15:02:58.0705 0x0388  UmRdpService - ok
15:02:58.0705 0x0388  UnlockerDriver5 - ok
15:02:58.0705 0x0388  upnphost - ok
15:02:58.0705 0x0388  USBAAPL64 - ok
15:02:58.0705 0x0388  usbaudio - ok
15:02:58.0721 0x0388  usbccgp - ok
15:02:58.0721 0x0388  usbcir - ok
15:02:58.0721 0x0388  usbehci - ok
15:02:58.0721 0x0388  usbhub - ok
15:02:58.0721 0x0388  usbohci - ok
15:02:58.0721 0x0388  usbprint - ok
15:02:58.0736 0x0388  usbscan - ok
15:02:58.0736 0x0388  USBSTOR - ok
15:02:58.0736 0x0388  usbuhci - ok
15:02:58.0736 0x0388  usbvideo - ok
15:02:58.0736 0x0388  usb_rndisx - ok
15:02:58.0752 0x0388  UxSms - ok
15:02:58.0752 0x0388  VaultSvc - ok
15:02:58.0752 0x0388  vdrvroot - ok
15:02:58.0752 0x0388  vds - ok
15:02:58.0752 0x0388  vga - ok
15:02:58.0752 0x0388  VgaSave - ok
15:02:58.0767 0x0388  VGPU - ok
15:02:58.0767 0x0388  vhdmp - ok
15:02:58.0767 0x0388  viaide - ok
15:02:58.0767 0x0388  VMAuthdService - ok
15:02:58.0767 0x0388  vmbus - ok
15:02:58.0767 0x0388  VMBusHID - ok
15:02:58.0783 0x0388  vmci - ok
15:02:58.0783 0x0388  vmkbd - ok
15:02:58.0783 0x0388  VMnetAdapter - ok
15:02:58.0783 0x0388  VMnetBridge - ok
15:02:58.0783 0x0388  VMnetDHCP - ok
15:02:58.0783 0x0388  VMnetuserif - ok
15:02:58.0799 0x0388  vmusb - ok
15:02:58.0799 0x0388  VMUSBArbService - ok
15:02:58.0799 0x0388  VMware NAT Service - ok
15:02:58.0799 0x0388  vmx86 - ok
15:02:58.0799 0x0388  volmgr - ok
15:02:58.0814 0x0388  volmgrx - ok
15:02:58.0814 0x0388  volsnap - ok
15:02:58.0814 0x0388  VPNInstallManager - ok
15:02:58.0814 0x0388  VPNService - ok
15:02:58.0814 0x0388  vpntdi - ok
15:02:58.0830 0x0388  vsmraid - ok
15:02:58.0830 0x0388  VSS - ok
15:02:58.0830 0x0388  vstor2-ws60 - ok
15:02:58.0830 0x0388  vwifibus - ok
15:02:58.0830 0x0388  vwififlt - ok
15:02:58.0845 0x0388  vwifimp - ok
15:02:58.0845 0x0388  W32Time - ok
15:02:58.0845 0x0388  WacomPen - ok
15:02:58.0845 0x0388  WANARP - ok
15:02:58.0845 0x0388  Wanarpv6 - ok
15:02:58.0861 0x0388  Wanova Mirage Desktop Service - ok
15:02:58.0861 0x0388  wbengine - ok
15:02:58.0861 0x0388  WbioSrvc - ok
15:02:58.0861 0x0388  wcncsvc - ok
15:02:58.0861 0x0388  WcsPlugInService - ok
15:02:58.0877 0x0388  Wd - ok
15:02:58.0877 0x0388  Wdf01000 - ok
15:02:58.0877 0x0388  WdiServiceHost - ok
15:02:58.0877 0x0388  WdiSystemHost - ok
15:02:58.0877 0x0388  WebClient - ok
15:02:58.0877 0x0388  Wecsvc - ok
15:02:58.0892 0x0388  wercplsupport - ok
15:02:58.0892 0x0388  WerSvc - ok
15:02:58.0892 0x0388  WfpLwf - ok
15:02:58.0892 0x0388  WIMMount - ok
15:02:58.0892 0x0388  WinDefend - ok
15:02:58.0908 0x0388  WinHttpAutoProxySvc - ok
15:02:58.0908 0x0388  Winmgmt - ok
15:02:58.0908 0x0388  WinRM - ok
15:02:58.0908 0x0388  WinUsb - ok
15:02:58.0908 0x0388  Wlansvc - ok
15:02:58.0923 0x0388  WmiAcpi - ok
15:02:58.0923 0x0388  wmiApSrv - ok
15:02:58.0923 0x0388  WMPNetworkSvc - ok
15:02:58.0923 0x0388  WPCSvc - ok
15:02:58.0923 0x0388  WPDBusEnum - ok
15:02:58.0923 0x0388  ws2ifsl - ok
15:02:58.0939 0x0388  wscsvc - ok
15:02:58.0939 0x0388  WSearch - ok
15:02:58.0939 0x0388  wuauserv - ok
15:02:58.0939 0x0388  WudfPf - ok
15:02:58.0939 0x0388  WUDFRd - ok
15:02:58.0955 0x0388  wudfsvc - ok
15:02:58.0955 0x0388  WwanSvc - ok
15:02:58.0970 0x0388  ================ Scan global ===============================
15:02:58.0970 0x0388  [ Global ] - ok
15:02:58.0970 0x0388  ================ Scan MBR ==================================
15:02:58.0970 0x0388  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:02:59.0033 0x0388  \Device\Harddisk0\DR0 - ok
15:02:59.0033 0x0388  ================ Scan VBR ==================================
15:02:59.0033 0x0388  [ 4AEDD9FADB2CE3AE66D4FFDECDA2F92D ] \Device\Harddisk0\DR0\Partition1
15:02:59.0033 0x0388  \Device\Harddisk0\DR0\Partition1 - ok
15:02:59.0048 0x0388  [ DCB0C4FC7C5ABCAA468248C350597584 ] \Device\Harddisk0\DR0\Partition2
15:02:59.0048 0x0388  \Device\Harddisk0\DR0\Partition2 - ok
15:02:59.0048 0x0388  ================ Scan generic autorun ======================
15:02:59.0048 0x0388  IgfxTray - ok
15:02:59.0048 0x0388  HotKeysCmds - ok
15:02:59.0048 0x0388  Persistence - ok
15:02:59.0048 0x0388  RTHDVCPL - ok
15:02:59.0048 0x0388  RtHDVBg_Dolby - ok
15:02:59.0048 0x0388  TpShocks - ok
15:02:59.0048 0x0388  LENOVO.TPKNRRES - ok
15:02:59.0048 0x0388  AcWin7Hlpr - ok
15:02:59.0048 0x0388  BoxSync - ok
15:02:59.0048 0x0388  WebVPN - ok
15:02:59.0048 0x0388  Mirage Client - ok
15:02:59.0048 0x0388  Babylon Client - ok
15:02:59.0048 0x0388  EDFcsn - ok
15:02:59.0064 0x0388  vmware-tray - ok
15:02:59.0064 0x0388  ACTray - ok
15:02:59.0064 0x0388  Adobe ARM - ok
15:02:59.0064 0x0388  iTunesHelper - ok
15:02:59.0064 0x0388  Sidebar - ok
15:02:59.0064 0x0388  mctadmin - ok
15:02:59.0064 0x0388  Sidebar - ok
15:02:59.0064 0x0388  mctadmin - ok
15:02:59.0064 0x0388  Sidebar - ok
15:02:59.0064 0x0388  mctadmin - ok
15:02:59.0064 0x0388  Sidebar - ok
15:02:59.0079 0x0388  mctadmin - ok
15:02:59.0079 0x0388  iCloudServices - ok
15:02:59.0079 0x0388  Push Client - ok
15:02:59.0111 0x0388  AV detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\WSCSavNotifier.exe ( 12.1.4013.4013 ), 0x71000 ( enabled : updated )
15:02:59.0111 0x0388  FW detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe ( 12.1.4013.4013 ), 0x41010 ( enabled )
15:03:04.0653 0x0388  ============================================================
15:03:04.0653 0x0388  Scan finished
15:03:04.0653 0x0388  ============================================================
15:03:04.0653 0x2098  Detected object count: 1
15:03:04.0653 0x2098  Actual detected object count: 1
15:03:08.0946 0x2098  AmdocsSIMS ( LockedService.Multi.Generic ) - skipped by user
15:03:08.0946 0x2098  AmdocsSIMS ( LockedService.Multi.Generic ) - User select action: Skip 
15:03:10.0304 0x2374  ============================================================
15:03:10.0304 0x2374  Scan started
15:03:10.0304 0x2374  Mode: Manual; 
15:03:10.0304 0x2374  ============================================================
15:03:10.0304 0x2374  KSN ping started
15:03:12.0957 0x2374  KSN ping finished: true
15:03:13.0175 0x2374  ================ Scan system memory ========================
15:03:13.0175 0x2374  System memory - ok
15:03:13.0175 0x2374  ================ Scan services =============================
15:03:13.0191 0x2374  1394ohci - ok
15:03:13.0191 0x2374  A180AA - ok
15:03:13.0191 0x2374  A180WD - ok
15:03:13.0191 0x2374  ACPI - ok
15:03:13.0206 0x2374  AcpiPmi - ok
15:03:13.0206 0x2374  AcPrfMgrSvc - ok
15:03:13.0206 0x2374  AcSvc - ok
15:03:13.0206 0x2374  AdobeARMservice - ok
15:03:13.0206 0x2374  AdobeFlashPlayerUpdateSvc - ok
15:03:13.0222 0x2374  adp94xx - ok
15:03:13.0222 0x2374  adpahci - ok
15:03:13.0222 0x2374  adpu320 - ok
15:03:13.0222 0x2374  AeLookupSvc - ok
15:03:13.0222 0x2374  AFD - ok
15:03:13.0222 0x2374  agp440 - ok
15:03:13.0238 0x2374  ALG - ok
15:03:13.0238 0x2374  aliide - ok
15:03:13.0238 0x2374  amdide - ok
15:03:13.0238 0x2374  AmdK8 - ok
15:03:13.0238 0x2374  Suspicious service (NoAccess): AmdocsSIMS
15:03:13.0238 0x2374  AmdocsSIMS - detected LockedService.Multi.Generic ( 1 )
15:03:13.0238 0x2374  AmdocsSIMS ( LockedService.Multi.Generic ) - warning
15:03:15.0736 0x2374  AmdPPM - ok
15:03:15.0740 0x2374  amdsata - ok
15:03:15.0743 0x2374  amdsbs - ok
15:03:15.0746 0x2374  amdxata - ok
15:03:15.0749 0x2374  AppID - ok
15:03:15.0752 0x2374  AppIDSvc - ok
15:03:15.0756 0x2374  Appinfo - ok
15:03:15.0759 0x2374  Apple Mobile Device - ok
15:03:15.0762 0x2374  AppMgmt - ok
15:03:15.0766 0x2374  arc - ok
15:03:15.0769 0x2374  arcsas - ok
15:03:15.0772 0x2374  ArraySSL_VPN_Service8.4.6.67 - ok
15:03:15.0776 0x2374  Array_Utility_Service8.4.6.67 - ok
15:03:15.0782 0x2374  aspnet_state - ok
15:03:15.0786 0x2374  AsyncMac - ok
15:03:15.0789 0x2374  atapi - ok
15:03:15.0792 0x2374  ATP - ok
15:03:15.0795 0x2374  AudioEndpointBuilder - ok
15:03:15.0799 0x2374  AudioSrv - ok
15:03:15.0802 0x2374  AxInstSV - ok
15:03:15.0806 0x2374  b06bdrv - ok
15:03:15.0809 0x2374  b57nd60a - ok
15:03:15.0814 0x2374  bcbtums - ok
15:03:15.0817 0x2374  BDESVC - ok
15:03:15.0820 0x2374  Beep - ok
15:03:15.0823 0x2374  BFE - ok
15:03:15.0826 0x2374  BHDrvx64 - ok
15:03:15.0829 0x2374  BITS - ok
15:03:15.0831 0x2374  blbdrive - ok
15:03:15.0834 0x2374  Bonjour Service - ok
15:03:15.0837 0x2374  bowser - ok
15:03:15.0841 0x2374  BoxSyncUpdateService - ok
15:03:15.0847 0x2374  BrFiltLo - ok
15:03:15.0851 0x2374  BrFiltUp - ok
15:03:15.0854 0x2374  Browser - ok
15:03:15.0856 0x2374  Brserid - ok
15:03:15.0860 0x2374  BrSerWdm - ok
15:03:15.0865 0x2374  BrUsbMdm - ok
15:03:15.0869 0x2374  BrUsbSer - ok
15:03:15.0871 0x2374  BthEnum - ok
15:03:15.0874 0x2374  BTHMODEM - ok
15:03:15.0877 0x2374  BthPan - ok
15:03:15.0881 0x2374  BTHPORT - ok
15:03:15.0884 0x2374  bthserv - ok
15:03:15.0888 0x2374  BTHUSB - ok
15:03:15.0890 0x2374  btwavdt - ok
15:03:15.0893 0x2374  btwrchid - ok
15:03:15.0896 0x2374  c2cautoupdatesvc - ok
15:03:15.0900 0x2374  c2cpnrsvc - ok
15:03:15.0903 0x2374  CcmExec - ok
15:03:15.0908 0x2374  ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE} - ok
15:03:15.0911 0x2374  cdfs - ok
15:03:15.0914 0x2374  cdrom - ok
15:03:15.0917 0x2374  CertPropSvc - ok
15:03:15.0920 0x2374  circlass - ok
15:03:15.0925 0x2374  CLFS - ok
15:03:15.0931 0x2374  clr_optimization_v2.0.50727_32 - ok
15:03:15.0933 0x2374  clr_optimization_v2.0.50727_64 - ok
15:03:15.0936 0x2374  clr_optimization_v4.0.30319_32 - ok
15:03:15.0940 0x2374  clr_optimization_v4.0.30319_64 - ok
15:03:15.0944 0x2374  CmBatt - ok
15:03:15.0948 0x2374  cmdide - ok
15:03:15.0951 0x2374  CmRcService - ok
15:03:15.0953 0x2374  CNG - ok
15:03:15.0956 0x2374  Compbatt - ok
15:03:15.0959 0x2374  CompositeBus - ok
15:03:15.0962 0x2374  COMSysApp - ok
15:03:15.0966 0x2374  cphs - ok
15:03:15.0972 0x2374  crcdisk - ok
15:03:15.0976 0x2374  CryptSvc - ok
15:03:15.0979 0x2374  CSC - ok
15:03:15.0982 0x2374  CscService - ok
15:03:15.0985 0x2374  CVirtA - ok
15:03:15.0990 0x2374  CVPND - ok
15:03:15.0994 0x2374  CVPNDRVA - ok
15:03:16.0001 0x2374  DcomLaunch - ok
15:03:16.0005 0x2374  defragsvc - ok
15:03:16.0007 0x2374  DfsC - ok
15:03:16.0010 0x2374  Dhcp - ok
15:03:16.0013 0x2374  discache - ok
15:03:16.0015 0x2374  Disk - ok
15:03:16.0018 0x2374  dmvsc - ok
15:03:16.0021 0x2374  DNE - ok
15:03:16.0024 0x2374  Dnscache - ok
15:03:16.0028 0x2374  dot3svc - ok
15:03:16.0030 0x2374  DPS - ok
15:03:16.0033 0x2374  drmkaud - ok
15:03:16.0036 0x2374  DXGKrnl - ok
15:03:16.0038 0x2374  e1cexpress - ok
15:03:16.0042 0x2374  E1G60 - ok
15:03:16.0044 0x2374  EapHost - ok
15:03:16.0048 0x2374  ebdrv - ok
15:03:16.0050 0x2374  eeCtrl - ok
15:03:16.0053 0x2374  EFS - ok
15:03:16.0056 0x2374  ehRecvr - ok
15:03:16.0058 0x2374  ehSched - ok
15:03:16.0061 0x2374  elxstor - ok
15:03:16.0064 0x2374  EraserUtilRebootDrv - ok
15:03:16.0068 0x2374  ErrDev - ok
15:03:16.0073 0x2374  EventSystem - ok
15:03:16.0076 0x2374  EvtEng - ok
15:03:16.0078 0x2374  exfat - ok
15:03:16.0081 0x2374  fastfat - ok
15:03:16.0084 0x2374  Fax - ok
15:03:16.0086 0x2374  fdc - ok
15:03:16.0090 0x2374  fdPHost - ok
15:03:16.0092 0x2374  FDResPub - ok
15:03:16.0095 0x2374  FileInfo - ok
15:03:16.0097 0x2374  Filetrace - ok
15:03:16.0101 0x2374  flpydisk - ok
15:03:16.0104 0x2374  FltMgr - ok
15:03:16.0107 0x2374  FontCache - ok
15:03:16.0110 0x2374  FontCache3.0.0.0 - ok
15:03:16.0113 0x2374  FoxitCloudUpdateService - ok
15:03:16.0116 0x2374  FsDepends - ok
15:03:16.0119 0x2374  Fs_Rec - ok
15:03:16.0123 0x2374  fvevol - ok
15:03:16.0127 0x2374  gagp30kx - ok
15:03:16.0130 0x2374  GEARAspiWDM - ok
15:03:16.0133 0x2374  gpsvc - ok
15:03:16.0135 0x2374  gupdate - ok
15:03:16.0138 0x2374  gupdatem - ok
15:03:16.0142 0x2374  hcmon - ok
15:03:16.0144 0x2374  hcw85cir - ok
15:03:16.0148 0x2374  HDAudBus - ok
15:03:16.0151 0x2374  HidBatt - ok
15:03:16.0153 0x2374  HidBth - ok
15:03:16.0156 0x2374  HidIr - ok
15:03:16.0159 0x2374  hidserv - ok
15:03:16.0162 0x2374  HidUsb - ok
15:03:16.0164 0x2374  hkmsvc - ok
15:03:16.0168 0x2374  HomeGroupListener - ok
15:03:16.0171 0x2374  HomeGroupProvider - ok
15:03:16.0174 0x2374  HpSAMD - ok
15:03:16.0177 0x2374  HTTP - ok
15:03:16.0180 0x2374  hwpolicy - ok
15:03:16.0185 0x2374  i8042prt - ok
15:03:16.0190 0x2374  iastor - ok
15:03:16.0194 0x2374  iaStorV - ok
15:03:16.0197 0x2374  IBMPMDRV - ok
15:03:16.0200 0x2374  IBMPMSVC - ok
15:03:16.0204 0x2374  idsvc - ok
15:03:16.0210 0x2374  IDSVia64 - ok
15:03:16.0215 0x2374  igfx - ok
15:03:16.0218 0x2374  iirsp - ok
15:03:16.0222 0x2374  IKEEXT - ok
15:03:16.0226 0x2374  iMobilityService - ok
15:03:16.0232 0x2374  IntcAzAudAddService - ok
15:03:16.0235 0x2374  IntcDAud - ok
15:03:16.0239 0x2374  intelide - ok
15:03:16.0242 0x2374  intelppm - ok
15:03:16.0245 0x2374  IPBusEnum - ok
15:03:16.0249 0x2374  IpFilterDriver - ok
15:03:16.0252 0x2374  iphlpsvc - ok
15:03:16.0255 0x2374  iPlatformService - ok
15:03:16.0258 0x2374  IPMIDRV - ok
15:03:16.0263 0x2374  IPNAT - ok
15:03:16.0267 0x2374  iPod Service - ok
15:03:16.0269 0x2374  IRENUM - ok
15:03:16.0272 0x2374  isapnp - ok
15:03:16.0275 0x2374  iScsiPrt - ok
15:03:16.0278 0x2374  iusb3hub - ok
15:03:16.0281 0x2374  iusb3xhc - ok
15:03:16.0285 0x2374  kbdclass - ok
15:03:16.0290 0x2374  kbdhid - ok
15:03:16.0293 0x2374  KeyIso - ok
15:03:16.0295 0x2374  KSecDD - ok
15:03:16.0298 0x2374  KSecPkg - ok
15:03:16.0300 0x2374  ksthunk - ok
15:03:16.0303 0x2374  KtmRm - ok
15:03:16.0306 0x2374  LanmanServer - ok
15:03:16.0309 0x2374  LanmanWorkstation - ok
15:03:16.0313 0x2374  LENOVO.CAMMUTE - ok
15:03:16.0316 0x2374  LENOVO.MICMUTE - ok
15:03:16.0321 0x2374  lenovo.smi - ok
15:03:16.0324 0x2374  LENOVO.TPKNRSVC - ok
15:03:16.0327 0x2374  Lenovo.VIRTSCRLSVC - ok
15:03:16.0330 0x2374  lltdio - ok
15:03:16.0332 0x2374  lltdsvc - ok
15:03:16.0335 0x2374  lmhosts - ok
15:03:16.0337 0x2374  lpasvc - ok
15:03:16.0340 0x2374  lppsvc - ok
15:03:16.0344 0x2374  LSI_FC - ok
15:03:16.0347 0x2374  LSI_SAS - ok
15:03:16.0349 0x2374  LSI_SAS2 - ok
15:03:16.0352 0x2374  LSI_SCSI - ok
15:03:16.0355 0x2374  luafv - ok
15:03:16.0357 0x2374  MBAMAgent - ok
15:03:16.0360 0x2374  MBAMProtector - ok
15:03:16.0363 0x2374  MBAMScheduler - ok
15:03:16.0365 0x2374  MBAMService - ok
15:03:16.0369 0x2374  MBAMSwissArmy - ok
15:03:16.0372 0x2374  MBAMWebAccessControl - ok
15:03:16.0374 0x2374  Mcx2Svc - ok
15:03:16.0377 0x2374  megasas - ok
15:03:16.0381 0x2374  MegaSR - ok
15:03:16.0383 0x2374  MEIx64 - ok
15:03:16.0386 0x2374  Mirage - ok
15:03:16.0389 0x2374  MMCSS - ok
15:03:16.0392 0x2374  Modem - ok
15:03:16.0394 0x2374  monitor - ok
15:03:16.0397 0x2374  mouclass - ok
15:03:16.0399 0x2374  mouhid - ok
15:03:16.0402 0x2374  mountmgr - ok
15:03:16.0405 0x2374  MozillaMaintenance - ok
15:03:16.0408 0x2374  mpio - ok
15:03:16.0411 0x2374  mpsdrv - ok
15:03:16.0414 0x2374  MpsSvc - ok
15:03:16.0417 0x2374  MRxDAV - ok
15:03:16.0419 0x2374  mrxsmb - ok
15:03:16.0422 0x2374  mrxsmb10 - ok
15:03:16.0425 0x2374  mrxsmb20 - ok
15:03:16.0427 0x2374  msahci - ok
15:03:16.0430 0x2374  msdsm - ok
15:03:16.0433 0x2374  MSDTC - ok
15:03:16.0439 0x2374  Msfs - ok
15:03:16.0442 0x2374  mshidkmdf - ok
15:03:16.0445 0x2374  msisadrv - ok
15:03:16.0448 0x2374  MSiSCSI - ok
15:03:16.0451 0x2374  msiserver - ok
15:03:16.0453 0x2374  MSKSSRV - ok
15:03:16.0457 0x2374  MSPCLOCK - ok
15:03:16.0460 0x2374  MSPQM - ok
15:03:16.0462 0x2374  MsRPC - ok
15:03:16.0466 0x2374  mssmbios - ok
15:03:16.0469 0x2374  MSTEE - ok
15:03:16.0471 0x2374  MTConfig - ok
15:03:16.0474 0x2374  Mup - ok
15:03:16.0477 0x2374  napagent - ok
15:03:16.0479 0x2374  NativeWifiP - ok
15:03:16.0482 0x2374  NAVENG - ok
15:03:16.0485 0x2374  NAVEX15 - ok
15:03:16.0489 0x2374  NDIS - ok
15:03:16.0491 0x2374  NdisCap - ok
15:03:16.0494 0x2374  NdisTapi - ok
15:03:16.0497 0x2374  Ndisuio - ok
15:03:16.0500 0x2374  NdisWan - ok
15:03:16.0503 0x2374  NDProxy - ok
15:03:16.0506 0x2374  Net Driver HPZ12 - ok
15:03:16.0509 0x2374  NetBIOS - ok
15:03:16.0511 0x2374  NetBT - ok
15:03:16.0514 0x2374  Netlogon - ok
15:03:16.0517 0x2374  Netman - ok
15:03:16.0520 0x2374  NetMsmqActivator - ok
15:03:16.0523 0x2374  NetPipeActivator - ok
15:03:16.0525 0x2374  netprofm - ok
15:03:16.0528 0x2374  NetTcpActivator - ok
15:03:16.0531 0x2374  NetTcpPortSharing - ok
15:03:16.0534 0x2374  NETwNs64 - ok
15:03:16.0536 0x2374  nfrd960 - ok
15:03:16.0539 0x2374  NlaSvc - ok
15:03:16.0542 0x2374  Npfs - ok
15:03:16.0544 0x2374  nsi - ok
15:03:16.0547 0x2374  nsiproxy - ok
15:03:16.0552 0x2374  Ntfs - ok
15:03:16.0554 0x2374  Null - ok
15:03:16.0557 0x2374  nvraid - ok
15:03:16.0560 0x2374  nvstor - ok
15:03:16.0563 0x2374  nv_agp - ok
15:03:16.0565 0x2374  odserv - ok
15:03:16.0569 0x2374  ohci1394 - ok
15:03:16.0572 0x2374  Oracle WebLogic NodeManager (C_Oracle_Middleware_wlserver_10.3) - ok
15:03:16.0575 0x2374  ose - ok
15:03:16.0578 0x2374  osppsvc - ok
15:03:16.0582 0x2374  p2pimsvc - ok
15:03:16.0585 0x2374  p2psvc - ok
15:03:16.0587 0x2374  Parport - ok
15:03:16.0590 0x2374  partmgr - ok
15:03:16.0593 0x2374  PcaSvc - ok
15:03:16.0595 0x2374  pci - ok
15:03:16.0598 0x2374  pciide - ok
15:03:16.0601 0x2374  pcmcia - ok
15:03:16.0603 0x2374  pcw - ok
15:03:16.0606 0x2374  PEAUTH - ok
15:03:16.0609 0x2374  PeerDistSvc - ok
15:03:16.0613 0x2374  PerfHost - ok
15:03:16.0620 0x2374  pla - ok
15:03:16.0622 0x2374  PlugPlay - ok
15:03:16.0625 0x2374  Pml Driver HPZ12 - ok
15:03:16.0628 0x2374  PNRPAutoReg - ok
15:03:16.0630 0x2374  PNRPsvc - ok
15:03:16.0635 0x2374  PolicyAgent - ok
15:03:16.0639 0x2374  Power - ok
15:03:16.0642 0x2374  PptpMiniport - ok
15:03:16.0645 0x2374  prepdrvr - ok
15:03:16.0651 0x2374  prgnDiscAgent - ok
15:03:16.0655 0x2374  Processor - ok
15:03:16.0659 0x2374  ProcObsrv - ok
15:03:16.0662 0x2374  ProfSvc - ok
15:03:16.0664 0x2374  ProtectedStorage - ok
15:03:16.0667 0x2374  Psched - ok
15:03:16.0670 0x2374  ql2300 - ok
15:03:16.0672 0x2374  ql40xx - ok
15:03:16.0677 0x2374  QWAVE - ok
15:03:16.0680 0x2374  QWAVEdrv - ok
15:03:16.0682 0x2374  RasAcd - ok
15:03:16.0685 0x2374  RasAgileVpn - ok
15:03:16.0688 0x2374  RasAuto - ok
15:03:16.0691 0x2374  Rasl2tp - ok
15:03:16.0694 0x2374  RasMan - ok
15:03:16.0696 0x2374  RasPppoe - ok
15:03:16.0699 0x2374  RasSstp - ok
15:03:16.0702 0x2374  rdbss - ok
15:03:16.0704 0x2374  rdpbus - ok
15:03:16.0707 0x2374  RDPCDD - ok
15:03:16.0711 0x2374  RDPDR - ok
15:03:16.0714 0x2374  RDPENCDD - ok
15:03:16.0718 0x2374  RDPREFMP - ok
15:03:16.0722 0x2374  RdpVideoMiniport - ok
15:03:16.0725 0x2374  RDPWD - ok
15:03:16.0728 0x2374  rdyboost - ok
15:03:16.0731 0x2374  RegSrvc - ok
15:03:16.0734 0x2374  RemoteAccess - ok
15:03:16.0736 0x2374  RemoteRegistry - ok
15:03:16.0739 0x2374  RFCOMM - ok
15:03:16.0742 0x2374  risdxc - ok
15:03:16.0744 0x2374  RpcEptMapper - ok
15:03:16.0747 0x2374  RpcLocator - ok
15:03:16.0750 0x2374  RpcSs - ok
15:03:16.0753 0x2374  rspndr - ok
15:03:16.0756 0x2374  s3cap - ok
15:03:16.0759 0x2374  SamSs - ok
15:03:16.0762 0x2374  sbp2port - ok
15:03:16.0764 0x2374  SCardSvr - ok
15:03:16.0767 0x2374  scfilter - ok
15:03:16.0771 0x2374  Schedule - ok
15:03:16.0773 0x2374  SCPolicySvc - ok
15:03:16.0776 0x2374  SDRSVC - ok
15:03:16.0779 0x2374  secdrv - ok
15:03:16.0781 0x2374  seclogon - ok
15:03:16.0784 0x2374  secsvccat - ok
15:03:16.0787 0x2374  secsvccatDriver13893 - ok
15:03:16.0790 0x2374  SENS - ok
15:03:16.0793 0x2374  SensrSvc - ok
15:03:16.0796 0x2374  SepMasterService - ok
15:03:16.0799 0x2374  Serenum - ok
15:03:16.0801 0x2374  Serial - ok
15:03:16.0805 0x2374  sermouse - ok
15:03:16.0812 0x2374  SessionEnv - ok
15:03:16.0815 0x2374  sffdisk - ok
15:03:16.0817 0x2374  sffp_mmc - ok
15:03:16.0820 0x2374  sffp_sd - ok
15:03:16.0823 0x2374  sfloppy - ok
15:03:16.0826 0x2374  SharedAccess - ok
15:03:16.0829 0x2374  ShellHWDetection - ok
15:03:16.0832 0x2374  Shockprf - ok
15:03:16.0834 0x2374  SiSRaid2 - ok
15:03:16.0837 0x2374  SiSRaid4 - ok
15:03:16.0840 0x2374  SkypeUpdate - ok
15:03:16.0843 0x2374  Smb - ok
15:03:16.0846 0x2374  SmbDrvI - ok
15:03:16.0849 0x2374  SmcService - ok
15:03:16.0852 0x2374  smstsmgr - ok
15:03:16.0858 0x2374  SNAC - ok
15:03:16.0862 0x2374  SNMPTRAP - ok
15:03:16.0867 0x2374  spldr - ok
15:03:16.0870 0x2374  Spooler - ok
15:03:16.0872 0x2374  sppsvc - ok
15:03:16.0875 0x2374  sppuinotify - ok
15:03:16.0878 0x2374  SRTSP - ok
15:03:16.0881 0x2374  SRTSPX - ok
15:03:16.0884 0x2374  srv - ok
15:03:16.0887 0x2374  srv2 - ok
15:03:16.0890 0x2374  srvnet - ok
15:03:16.0893 0x2374  SSDPSRV - ok
15:03:16.0896 0x2374  SstpSvc - ok
15:03:16.0899 0x2374  stexstor - ok
15:03:16.0901 0x2374  stisvc - ok
15:03:16.0904 0x2374  storflt - ok
15:03:16.0907 0x2374  StorSvc - ok
15:03:16.0910 0x2374  storvsc - ok
15:03:16.0913 0x2374  swenum - ok
15:03:16.0916 0x2374  swprv - ok
15:03:16.0918 0x2374  SyDvCtrl - ok
15:03:16.0922 0x2374  SymDS - ok
15:03:16.0925 0x2374  SymEFA - ok
15:03:16.0928 0x2374  SymEvent - ok
15:03:16.0932 0x2374  SymIRON - ok
15:03:16.0934 0x2374  SYMNETS - ok
15:03:16.0937 0x2374  Synth3dVsc - ok
15:03:16.0940 0x2374  SynTP - ok
15:03:16.0943 0x2374  SysMain - ok
15:03:16.0945 0x2374  SysPlant - ok
15:03:16.0948 0x2374  TabletInputService - ok
15:03:16.0951 0x2374  TapiSrv - ok
15:03:16.0954 0x2374  TBS - ok
15:03:16.0956 0x2374  Tcpip - ok
15:03:16.0959 0x2374  TCPIP6 - ok
15:03:16.0964 0x2374  tcpipreg - ok
15:03:16.0968 0x2374  TcUsb - ok
15:03:16.0971 0x2374  TDPIPE - ok
15:03:16.0974 0x2374  TDTCP - ok
15:03:16.0977 0x2374  tdx - ok
15:03:16.0980 0x2374  Teefer2 - ok
15:03:16.0982 0x2374  TermDD - ok
15:03:16.0985 0x2374  terminpt - ok
15:03:16.0988 0x2374  TermService - ok
15:03:16.0991 0x2374  Themes - ok
15:03:16.0994 0x2374  THREADORDER - ok
15:03:17.0000 0x2374  TPDIGIMN - ok
15:03:17.0002 0x2374  TPHDEXLGSVC - ok
15:03:17.0005 0x2374  TPHKLOAD - ok
15:03:17.0008 0x2374  TPHKSVC - ok
15:03:17.0011 0x2374  TPM - ok
15:03:17.0014 0x2374  TrkWks - ok
15:03:17.0016 0x2374  TrustedInstaller - ok
15:03:17.0020 0x2374  tssecsrv - ok
15:03:17.0023 0x2374  TsUsbFlt - ok
15:03:17.0025 0x2374  TsUsbGD - ok
15:03:17.0029 0x2374  tsusbhub - ok
15:03:17.0032 0x2374  tunnel - ok
15:03:17.0034 0x2374  uagp35 - ok
15:03:17.0037 0x2374  udfs - ok
15:03:17.0040 0x2374  ufad-ws60 - ok
15:03:17.0046 0x2374  UI0Detect - ok
15:03:17.0049 0x2374  uliagpkx - ok
15:03:17.0052 0x2374  umbus - ok
15:03:17.0054 0x2374  UmPass - ok
15:03:17.0057 0x2374  UmRdpService - ok
15:03:17.0060 0x2374  UnlockerDriver5 - ok
15:03:17.0063 0x2374  upnphost - ok
15:03:17.0065 0x2374  USBAAPL64 - ok
15:03:17.0068 0x2374  usbaudio - ok
15:03:17.0071 0x2374  usbccgp - ok
15:03:17.0073 0x2374  usbcir - ok
15:03:17.0076 0x2374  usbehci - ok
15:03:17.0079 0x2374  usbhub - ok
15:03:17.0081 0x2374  usbohci - ok
15:03:17.0084 0x2374  usbprint - ok
15:03:17.0087 0x2374  usbscan - ok
15:03:17.0090 0x2374  USBSTOR - ok
15:03:17.0095 0x2374  usbuhci - ok
15:03:17.0097 0x2374  usbvideo - ok
15:03:17.0100 0x2374  usb_rndisx - ok
15:03:17.0103 0x2374  UxSms - ok
15:03:17.0106 0x2374  VaultSvc - ok
15:03:17.0108 0x2374  vdrvroot - ok
15:03:17.0111 0x2374  vds - ok
15:03:17.0114 0x2374  vga - ok
15:03:17.0117 0x2374  VgaSave - ok
15:03:17.0119 0x2374  VGPU - ok
15:03:17.0122 0x2374  vhdmp - ok
15:03:17.0125 0x2374  viaide - ok
15:03:17.0127 0x2374  VMAuthdService - ok
15:03:17.0130 0x2374  vmbus - ok
15:03:17.0133 0x2374  VMBusHID - ok
15:03:17.0136 0x2374  vmci - ok
15:03:17.0138 0x2374  vmkbd - ok
15:03:17.0141 0x2374  VMnetAdapter - ok
15:03:17.0144 0x2374  VMnetBridge - ok
15:03:17.0146 0x2374  VMnetDHCP - ok
15:03:17.0149 0x2374  VMnetuserif - ok
15:03:17.0152 0x2374  vmusb - ok
15:03:17.0155 0x2374  VMUSBArbService - ok
15:03:17.0160 0x2374  VMware NAT Service - ok
15:03:17.0162 0x2374  vmx86 - ok
15:03:17.0165 0x2374  volmgr - ok
15:03:17.0168 0x2374  volmgrx - ok
15:03:17.0173 0x2374  volsnap - ok
15:03:17.0176 0x2374  VPNInstallManager - ok
15:03:17.0179 0x2374  VPNService - ok
15:03:17.0182 0x2374  vpntdi - ok
15:03:17.0185 0x2374  vsmraid - ok
15:03:17.0187 0x2374  VSS - ok
15:03:17.0191 0x2374  vstor2-ws60 - ok
15:03:17.0194 0x2374  vwifibus - ok
15:03:17.0196 0x2374  vwififlt - ok
15:03:17.0199 0x2374  vwifimp - ok
15:03:17.0202 0x2374  W32Time - ok
15:03:17.0205 0x2374  WacomPen - ok
15:03:17.0208 0x2374  WANARP - ok
15:03:17.0211 0x2374  Wanarpv6 - ok
15:03:17.0214 0x2374  Wanova Mirage Desktop Service - ok
15:03:17.0217 0x2374  wbengine - ok
15:03:17.0219 0x2374  WbioSrvc - ok
15:03:17.0222 0x2374  wcncsvc - ok
15:03:17.0224 0x2374  WcsPlugInService - ok
15:03:17.0227 0x2374  Wd - ok
15:03:17.0230 0x2374  Wdf01000 - ok
15:03:17.0233 0x2374  WdiServiceHost - ok
15:03:17.0235 0x2374  WdiSystemHost - ok
15:03:17.0238 0x2374  WebClient - ok
15:03:17.0240 0x2374  Wecsvc - ok
15:03:17.0243 0x2374  wercplsupport - ok
15:03:17.0245 0x2374  WerSvc - ok
15:03:17.0249 0x2374  WfpLwf - ok
15:03:17.0252 0x2374  WIMMount - ok
15:03:17.0255 0x2374  WinDefend - ok
15:03:17.0260 0x2374  WinHttpAutoProxySvc - ok
15:03:17.0263 0x2374  Winmgmt - ok
15:03:17.0266 0x2374  WinRM - ok
15:03:17.0271 0x2374  WinUsb - ok
15:03:17.0273 0x2374  Wlansvc - ok
15:03:17.0276 0x2374  WmiAcpi - ok
15:03:17.0280 0x2374  wmiApSrv - ok
15:03:17.0283 0x2374  WMPNetworkSvc - ok
15:03:17.0286 0x2374  WPCSvc - ok
15:03:17.0288 0x2374  WPDBusEnum - ok
15:03:17.0292 0x2374  ws2ifsl - ok
15:03:17.0296 0x2374  wscsvc - ok
15:03:17.0298 0x2374  WSearch - ok
15:03:17.0302 0x2374  wuauserv - ok
15:03:17.0304 0x2374  WudfPf - ok
15:03:17.0307 0x2374  WUDFRd - ok
15:03:17.0310 0x2374  wudfsvc - ok
15:03:17.0313 0x2374  WwanSvc - ok
15:03:17.0329 0x2374  ================ Scan global ===============================
15:03:17.0329 0x2374  [ Global ] - ok
15:03:17.0330 0x2374  ================ Scan MBR ==================================
15:03:17.0332 0x2374  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:03:17.0402 0x2374  \Device\Harddisk0\DR0 - ok
15:03:17.0402 0x2374  ================ Scan VBR ==================================
15:03:17.0404 0x2374  [ 4AEDD9FADB2CE3AE66D4FFDECDA2F92D ] \Device\Harddisk0\DR0\Partition1
15:03:17.0405 0x2374  \Device\Harddisk0\DR0\Partition1 - ok
15:03:17.0407 0x2374  [ DCB0C4FC7C5ABCAA468248C350597584 ] \Device\Harddisk0\DR0\Partition2
15:03:17.0408 0x2374  \Device\Harddisk0\DR0\Partition2 - ok
15:03:17.0408 0x2374  ================ Scan generic autorun ======================
15:03:17.0408 0x2374  IgfxTray - ok
15:03:17.0409 0x2374  HotKeysCmds - ok
15:03:17.0411 0x2374  Persistence - ok
15:03:17.0412 0x2374  RTHDVCPL - ok
15:03:17.0413 0x2374  RtHDVBg_Dolby - ok
15:03:17.0414 0x2374  TpShocks - ok
15:03:17.0415 0x2374  LENOVO.TPKNRRES - ok
15:03:17.0417 0x2374  AcWin7Hlpr - ok
15:03:17.0418 0x2374  BoxSync - ok
15:03:17.0419 0x2374  WebVPN - ok
15:03:17.0420 0x2374  Mirage Client - ok
15:03:17.0421 0x2374  Babylon Client - ok
15:03:17.0422 0x2374  EDFcsn - ok
15:03:17.0424 0x2374  vmware-tray - ok
15:03:17.0425 0x2374  ACTray - ok
15:03:17.0426 0x2374  Adobe ARM - ok
15:03:17.0427 0x2374  iTunesHelper - ok
15:03:17.0429 0x2374  Sidebar - ok
15:03:17.0431 0x2374  mctadmin - ok
15:03:17.0432 0x2374  Sidebar - ok
15:03:17.0434 0x2374  mctadmin - ok
15:03:17.0434 0x2374  Sidebar - ok
15:03:17.0435 0x2374  mctadmin - ok
15:03:17.0436 0x2374  Sidebar - ok
15:03:17.0438 0x2374  mctadmin - ok
15:03:17.0439 0x2374  iCloudServices - ok
15:03:17.0440 0x2374  Push Client - ok
15:03:17.0445 0x2374  AV detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\WSCSavNotifier.exe ( 12.1.4013.4013 ), 0x71000 ( enabled : updated )
15:03:17.0446 0x2374  FW detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe ( 12.1.4013.4013 ), 0x41010 ( enabled )
15:03:19.0934 0x2374  ============================================================
15:03:19.0934 0x2374  Scan finished
15:03:19.0934 0x2374  ============================================================
15:03:19.0942 0x279c  Detected object count: 1
15:03:19.0942 0x279c  Actual detected object count: 1
15:03:22.0989 0x279c  AmdocsSIMS ( LockedService.Multi.Generic ) - skipped by user
15:03:22.0989 0x279c  AmdocsSIMS ( LockedService.Multi.Generic ) - User select action: Skip 
15:03:36.0456 0x26cc  Deinitialize success


#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:53 PM

Posted 14 November 2014 - 11:13 AM

There is an infection detected by MBAR but we're not allowed to run MBAR fixes in this forum so...

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 dantal33

dantal33
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:53 AM

Posted 15 November 2014 - 02:42 PM

Here is the continued thread: http://www.bleepingcomputer.com/forums/t/556278/svchostexe-appearing-in-cwindowstemp/



#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:53 PM

Posted 15 November 2014 - 03:46 PM

p22003888.gif


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users