DPC Latency Issues

A

AwwPhooey

Member
Joined
Jul 24, 2013
Posts
19
Hello- earlier today I posted within the windows7 forum a request for help with latency issues I'm experiencing (link pasted below). satrow responded and suggested going through the "malware removal posting instructions", which I've just completed. Any assistance you'd be willing to offer is greatly appreciated.

Thanks in advance,
Phoo

https://www.sysnative.com/forums/wi...611-latency-issues-windows-7-a.html#post51443

attach.txt info:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/8/2011 11:54:28 PM
System Uptime: 7/27/2013 11:56:51 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 172A
Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz | CPU 1 | 2534/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 464 GiB total, 246.136 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 2 GiB total, 1.201 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFF}_VID&0001006F_PID&0020\8&2F2094DC&0&00149D05F414_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFF}_VID&0001006F_PID&0020\8&2F2094DC&0&00149D05F414_C00000001
Service:
.
==== System Restore Points ===================
.
RP161: 7/9/2013 7:43:10 PM - Removed HP Power Assistant
RP162: 7/21/2013 8:59:34 AM - Installed Microsoft Windows Performance Toolkit
RP163: 7/21/2013 9:00:53 AM - Installed Microsoft Windows Performance Toolkit
RP164: 7/21/2013 11:01:11 AM - Intel® PROSet/Wireless Software
RP165: 7/22/2013 12:46:12 PM - Windows Update
RP166: 7/23/2013 10:57:10 AM - Installed HP System Diagnostics UEFI
RP167: 7/23/2013 11:00:28 AM - Installed HP UEFI Support Environment
RP169: 7/23/2013 11:06:50 AM - Installed IDT Audio
RP170: 7/24/2013 7:43:45 PM - Removed ESET Smart Security
RP171: 7/24/2013 7:46:33 PM - Removed Skype Click to Call
RP172: 7/24/2013 8:02:06 PM - Removed Skype™ 5.8
.
==== Installed Programs ======================
.
Adobe Digital Editions 2.0
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Amazon MP3 Downloader 1.0.15
Amazon Unbox Video
Apple Application Support
Apple Mobile Device Support
Apple Software Update
APS SCCM Messages 1.0 EN
Assessment and Deployment Kit
Audacity 1.3.13 (Unicode)
Audible Download Manager
AudibleManager
Belarc Advisor 8.3
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
CA ArcotID OTP Desktop Client
CCleaner
CDBurnerXP
Cisco WebEx Meetings
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Configuration Manager Client
Connected Backup/PC Agent
Crystal Reports 2008 SP1
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DHTML Editing Component
Doxillion Document Converter
DWG TrueView 2012
ECL Viewer
Free YouTube to MP3 Converter version 3.11.35.1031
gConnect 7.1R4
GENCatalog version 1.02
GENViewer version 1.23
GNE Shim DB
GNE x32 Shim DB
Google Chrome
Google Earth Plug-in
Google Update Helper
HiJackThis
HP 3D DriveGuard
HP ESU for Microsoft Windows 7
HP Power Data
HP Product Detection
HP Quick Launch Buttons
HP System Default Settings
HP Web Camera
HP Webcam
HP Wireless Assistant
Hyperion-Brio
iCloud
IDT Audio
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless WiFi Software Driver
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
IrfanView (remove only)
iTunes
Java 7 Update 25
Java Auto Updater
Juniper Installer Service
Juniper Networks Network Connect 6.5.0
Juniper Networks Network Connect 7.1.0
Juniper Networks, Inc. Setup Client
Juniper Networks, Inc. Setup Client Activex Control
K-Lite Codec Pack 9.5.0 (Basic)
Kits Configuration Installer
LiveUpdate 3.3 (Symantec Corporation)
LSI HDA Modem
MANDIANT Intelligent Response Agent
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft IE JavaScript Error Fix KB175500 EN
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2010
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2010
Microsoft redistributable runtime DLLs VS2008 SP1(x86)
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Performance Toolkit
Microsoft Windows SDK for Windows 7 (7.0)
Microsoft Windows SDK for Windows 7 Common Utilities (40715)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MP3 Converter Simple
MSXML 4.0 SP2 (KB954430)
MSXML4.0 redistributable
Oracle Data Provider for .NET Help
Palm Desktop by ACCESS
Password Policy Client 6.1
QLBCASL
QuickTime
RegTweaker version 3.2.2.1
SAFE Servlet
SafeView plugin (build 4.5.501)
SAP Business Explorer
SAP GUI for Windows 7.20
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.6
Sound ID Headset Update Application
Switch Sound File Converter
Symantec Endpoint Protection
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Toolkit Documentation
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Validity Fingerprint Driver
vcredist_x86
WavePad Sound Editor
Windows SDK Intellidocs
WinPcap 4.1.2
WPT Redistributables
WPTx86
ZoneAlarm LTD Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/28/2013 12:15:51 AM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
7/28/2013 12:13:41 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
7/28/2013 12:13:34 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
7/28/2013 12:12:34 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s).
7/28/2013 12:11:34 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/28/2013 12:11:34 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/28/2013 12:08:58 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {EE1BD859-AACD-48FE-A9B6-9358DC21ADAE} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/28/2013 12:06:22 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} and APPID {B292921D-AF50-400C-9B75-0C57A7F29BA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/27/2013 9:04:43 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:4:43.0000 7/27/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/27/2013 12:41:18 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:41:18.0000 7/27/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/27/2013 11:58:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ccmsetup service to connect.
7/27/2013 11:58:27 PM, Error: Service Control Manager [7000] - The ccmsetup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/27/2013 11:57:53 PM, Error: Service Control Manager [7000] - The Portrait Displays SDK Service service failed to start due to the following error: The system cannot find the file specified.
7/27/2013 11:57:33 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
7/27/2013 11:57:26 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
7/27/2013 11:57:25 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain GNE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
7/26/2013 9:56:54 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:56:55.0000 7/26/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/26/2013 6:39:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SmcService service.
7/26/2013 5:41:08 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 0:41:8.0000 7/27/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/26/2013 5:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user GNE\steviec SID (S-1-5-21-1004336348-1659004503-839522115-3802) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/26/2013 4:29:23 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 23:29:23.0000 7/26/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/26/2013 3:17:29 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 22:17:29.0000 7/26/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/26/2013 2:02:07 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 21:2:7.0000 7/26/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/26/2013 10:12:30 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:12:30.0000 7/26/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/26/2013 1:12:14 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 20:12:15.0000 7/26/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/25/2013 3:34:11 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 22:34:11.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/25/2013 3:14:48 PM, Error: Service Control Manager [7031] - The Juniper Network Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/25/2013 2:41:54 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 21:41:54.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/25/2013 12:26:30 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:26:31.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/25/2013 11:52:51 AM, Error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).
7/25/2013 10:08:10 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
7/25/2013 1:35:14 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 20:35:14.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 9:58:24 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 4:58:24.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 9:42:17 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 4:42:17.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 9:42:09 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:42:9.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 9:21:33 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 4:21:33.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 8:53:03 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 3:53:3.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 8:41:03 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 15:41:3.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 8:36:39 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 3:36:39.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 8:12:47 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 3:12:48.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 8:00:06 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 3:0:7.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 7:53:04 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 2:53:4.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 7:47:38 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 2:47:38.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 7:27:56 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 14:27:56.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 6:44:31 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 1:44:31.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 6:14:48 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 13:14:48.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 5:43:22 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 0:43:21.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 5:01:37 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 12:1:37.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 4:29:09 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 23:29:9.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 4:01:31 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 11:1:31.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 3:33:00 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 22:33:0.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 3:16:01 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 22:16:1.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 3:01:21 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 10:1:21.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 2:02:55 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 21:2:55.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 12:38:08 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 7:38:8.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 11:55:26 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 18:55:26.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 10:40:51 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 5:40:51.0000 7/25/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 1:47:14 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 8:47:14.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/24/2013 1:02:44 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 20:2:44.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 9:46:12 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:46:12.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 9:13:44 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 4:13:44.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 9:03:31 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:3:30.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 9:02:48 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {1CCB96F4-B8AD-4B43-9688-B273F58E0910} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/23/2013 8:58:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
7/23/2013 8:58:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
7/23/2013 8:57:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
7/23/2013 8:57:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
7/23/2013 8:56:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
7/23/2013 8:15:13 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 15:15:13.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 8:03:38 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 3:3:38.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 8:03:25 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 15:3:26.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 7:01:32 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 2:1:32.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 6:41:12 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 13:41:12.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 4:52:11 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 23:52:11.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 3:09:59 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 22:9:59.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 2:52:30 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 21:52:30.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 2:35:26 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 21:35:26.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 2:16:46 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 21:16:46.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 2:00:05 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 21:0:5.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 12:56:49 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:56:49.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 12:30:58 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:30:58.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 12:07:45 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:7:47.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 11:59:26 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 18:59:26.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 11:30:59 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 6:30:59.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 10:53:18 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:53:18.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 10:17:51 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 5:17:51.0000 7/24/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 10:13:15 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:13:15.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/23/2013 1:25:45 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 20:25:45.0000 7/23/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 9:47:20 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:47:19.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 9:05:00 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:5:0.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 8:30:33 PM, Error: LV_Tracker [68] -
7/22/2013 8:20:34 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 15:20:34.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 7:58:45 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 14:58:46.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 7:20:47 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 14:20:48.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 6:53:19 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 13:53:20.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 4:34:06 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 23:34:6.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 2:05:58 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 21:5:58.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 12:54:38 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:54:37.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 12:48:02 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The pipe has been ended.
7/22/2013 12:48:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
7/22/2013 12:07:37 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:7:36.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 11:36:54 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 18:36:52.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 10:32:21 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:32:20.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/22/2013 10:02:22 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:2:22.0000 7/22/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/21/2013 9:40:28 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:40:28.0000 7/21/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/21/2013 9:04:50 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 16:4:50.0000 7/21/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/21/2013 8:16:31 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 15:16:31.0000 7/21/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/21/2013 7:50:33 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 14:50:33.0000 7/21/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/21/2013 6:39:51 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 13:39:51.0000 7/21/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/21/2013 4:00:49 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 23:0:49.0000 7/21/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/21/2013 12:00:39 PM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:0:39.0000 7/21/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/21/2013 11:21:11 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 18:21:11.0000 7/21/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/21/2013 10:59:29 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:59:30.0000 7/21/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/21/2013 10:22:00 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
7/21/2013 10:22:00 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
7/21/2013 10:20:00 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/21/2013 10:11:52 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:11:52.0000 7/21/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
7/21/2013 10:04:49 AM, Error: Microsoft-Windows-Security-Kerberos [3] - A Kerberos Error Message was received: on logon session Client Time: Server Time: 17:4:49.0000 7/21/2013 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: 0xc0000035 KLIN(0) Client Realm: Client Name: Server Realm: GNE.WINDOWS.GENE.COM Server Name: host/followme Target Name: host/followme@GNE.WINDOWS.GENE.COM Error Text: File: 9 Line: f09 Error Data is in record data.
.
==== End Of File ===========================

dds.txt info:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.25.2
Run by steviec at 0:23:29 on 2013-07-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2991.1458 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\WINDOWS\system32\wininit.exe
C:\WINDOWS\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\WINDOWS\system32\Hpservice.exe
C:\WINDOWS\system32\vcsFPService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\atashost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\enstart.exe
C:\WINDOWS\system32\taskhost.exe
C:\WINDOWS\system32\Dwm.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Products\Time Service\svctimegsc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\msinfo32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\conhost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\System32\svchost.exe -k secsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://gwiz4.gene.com/gwp/site/gwiz/
uDefault_Page_URL = hxxp://gwiz.gene.com/
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={38776960-C61D-11E2-A1FF-E02A8231236B}
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://google.com
mDefault_Search_URL = hxxp://google.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: QuickNet BHO: {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - c:\program files\regtweaker\key.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: UserPolicyMode = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://genentech.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} - hxxp://genell.gene.com/support/webedit/lledit.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1FE9D880-6C01-4857-8E8F-E43A82C7DB8F} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1FE9D880-6C01-4857-8E8F-E43A82C7DB8F}\0554544535 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{1FE9D880-6C01-4857-8E8F-E43A82C7DB8F}\0796E6563627563747 : DHCPNameServer = 192.168.2.1 24.205.192.61 24.205.224.36 68.116.46.115
TCP: Interfaces\{1FE9D880-6C01-4857-8E8F-E43A82C7DB8F}\35143475543545 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1FE9D880-6C01-4857-8E8F-E43A82C7DB8F}\375737965637771637864796D656 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1FE9D880-6C01-4857-8E8F-E43A82C7DB8F}\74D225944454D2432363 : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{FFA1B51E-2234-4970-9685-A951BE674787} : DHCPNameServer = 128.137.240.235 128.137.241.235
TCP: Interfaces\{FFA1B51E-2234-4970-9685-A951BE674787}\055524C49434 : DHCPNameServer = 172.17.192.1 172.17.2.194
TCP: Interfaces\{FFA1B51E-2234-4970-9685-A951BE674787}\144545337363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FFA1B51E-2234-4970-9685-A951BE674787}\2375942554831393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FFA1B51E-2234-4970-9685-A951BE674787}\25F657E64602451626C656020596A7A716 : DHCPNameServer = 208.67.222.222 208.67.220.220 192.168.100.1
TCP: Interfaces\{FFA1B51E-2234-4970-9685-A951BE674787}\F42716E6765644565627D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: chrome_cleanup - wscript.exe "c:\program files\common files\chrome_cleanup\chrome_cleanup.vbs"
mASetup: chrome_setup - wscript.exe "c:\program files\common files\chrome_setup\chrome_setup.vbs"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {EE94C70E-A1A1-43E7-8F1D-956AFD65263A} - msiexec /fup {EE94C70E-A1A1-43E7-8F1D-956AFD65263A} /qb!
mASetup: {GConnect} - msiexec /f {E804A956-B578-4E06-9FCC-BE51FD2524FB}
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steviec\appdata\roaming\mozilla\firefox\profiles\6aubrq8g.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - hxxp://gwiz4.gene.com/gwp/site/gwiz/
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\ca\arcot\plugins\npAuthMinder.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\safeview\npsfvw.dll
FF - plugin: c:\users\steviec\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=ff3f2059b0634074b4065a214fe4e4e1&tu=11JL0008F2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=ff3f2059b0634074b4065a214fe4e4e1&tu=11JL0008F2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=ff3f2059b0634074b4065a214fe4e4e1&tu=11JL0008F2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=ff3f2059b0634074b4065a214fe4e4e1&tu=11JL0008F2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - f033742300000000000000ff80802a89
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15851
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.169:25:32
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN118218438772198-5043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-22 65584]
R1 enstart_;enstart_;c:\windows\system32\enstart_.sys [2011-9-9 77760]
R1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\drivers\Teefer3.sys [2012-3-1 43936]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2013-7-23 81920]
R2 AgentService;AgentService;c:\program files\iron mountain\connected backuppc\AgentService.exe [2010-5-21 7587232]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2013-4-11 593376]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-9-21 133944]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2012-9-12 104240]
R2 enstart;enstart;c:\windows\system32\enstart.exe [2011-9-9 929792]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-7-21 103992]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-8 26168]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2011-9-7 198520]
R2 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [2010-5-21 45384]
R2 svctimegsc;Timing Service;c:\program files\products\time service\svctimegsc.exe -service -servicename svctimegsc --> c:\program files\products\time service\svctimegsc.exe -service -servicename svctimegsc [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2012-3-1 1851224]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2013-7-23 2497408]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-18 1664304]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\intel\wifi\bin\ZeroConfigService.exe [2013-4-18 2532592]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2013-4-11 112608]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-7-15 224424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-7-8 106656]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-7-15 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-8-23 270336]
R3 Mandiant_Tools;Mandiant_Tools;c:\programdata\application data\time service\mktools.sys [2011-11-7 19920]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwsn00.sys [2013-4-18 10375680]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2011-7-15 49152]
S2 ccmsetup;ccmsetup;c:\windows\system32\ccmsetup\ccmsetup.exe [2011-9-8 611688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe --> c:\program files\common files\portrait displays\drivers\pdisrvc.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2013-4-11 112608]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-9-9 228408]
S3 DbusAudio;DbusAudio;c:\windows\system32\drivers\DbusAudio.sys [2011-11-25 23608]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2013-4-18 242928]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-7-15 48640]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-7-15 47616]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-7-15 38912]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-11-25 23608]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-5-15 52224]
S3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2012-3-5 23608]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-3-5 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-3-5 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-3-5 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-3-5 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-3-5 25704]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
.
=============== Created Last 30 ================
.
2013-07-26 18:04:27 -------- d-----r- c:\program files\Skype
2013-07-23 18:15:39 -------- d-----w- c:\program files\common files\postureAgent
2013-07-23 18:09:40 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-07-23 18:06:37 61440 ----a-w- c:\windows\system32\aestaren.dll
2013-07-23 18:06:37 380928 ----a-w- c:\windows\system32\aestecap.dll
2013-07-23 18:06:37 140288 ----a-w- c:\windows\system32\aestacap.dll
2013-07-23 18:06:36 86016 ----a-w- c:\windows\system32\AESTCom.dll
2013-07-23 18:06:36 495708 ----a-w- c:\windows\sttray.exe
2013-07-23 18:06:36 1953792 ----a-w- c:\windows\system32\stlang.dll
2013-07-23 18:06:36 12705884 ----a-w- c:\windows\system32\idtcpl.cpl
2013-07-23 18:06:30 179712 ----a-w- c:\windows\system32\staco.dll
2013-07-23 18:05:54 934912 ----a-w- c:\windows\system32\stapo.dll
2013-07-23 18:05:54 531968 ------w- c:\windows\system32\stapi32.dll
2013-07-23 18:05:54 431616 ----a-w- c:\windows\system32\drivers\stwrt.sys
2013-07-23 18:05:54 405504 ----a-w- c:\windows\system32\stcplx.dll
2013-07-23 16:41:42 -------- d-----w- c:\program files\Windows Kits
2013-07-22 19:46:45 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-07-22 19:46:45 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-07-22 19:46:45 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-07-22 19:46:45 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-07-22 19:46:45 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-07-22 19:46:44 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-07-22 19:46:44 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-07-22 17:07:46 -------- d-----w- c:\users\steviec\Intel
2013-07-21 23:11:15 -------- d-----w- c:\windows\system32\wbem\repositoryTempBackup.0
2013-07-21 18:04:28 -------- d--h--w- c:\windows\system32\WLANProfiles
2013-07-21 18:04:04 -------- d-----w- c:\users\steviec\Roaming
2013-07-21 18:04:03 -------- d-----w- c:\programdata\Roaming
2013-07-21 18:03:24 -------- d-----w- c:\program files\Cisco
2013-07-21 18:01:26 -------- d-----w- c:\programdata\Package Cache
2013-07-21 16:59:31 -------- d-----w- c:\program files\Belarc
2013-07-21 16:14:45 -------- d-----w- C:\symbols
2013-07-21 16:12:14 -------- d-----w- C:\SymCache
2013-07-21 16:01:12 -------- d-----w- C:\xperf
2013-07-21 14:43:17 -------- d-----w- c:\users\steviec\appdata\roaming\Blurity
2013-07-10 03:02:00 -------- d-----w- c:\users\steviec\appdata\roaming\ESET
2013-07-10 03:02:00 -------- d-----w- c:\users\steviec\appdata\local\ESET
2013-07-03 14:48:59 91560 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
.
==================== Find3M ====================
.
2013-07-18 03:42:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-18 03:42:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-25 18:46:15 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 18:46:14 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 18:46:14 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-21 12:28:02 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-21 12:28:02 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-05-21 12:28:02 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-05-21 12:28:02 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-05-21 12:28:02 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-16 18:21:48 981504 ----a-w- c:\windows\system32\wininet.dll
2013-05-16 16:44:21 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 20:26:40 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.1.7601 Disk: ST950056 rev.SD24 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83856000]<< >>UNKNOWN [0x8C2EA000]<< >>UNKNOWN [0x8C2D9000]<< >>UNKNOWN [0x8C29E000]<< >>UNKNOWN [0x8381F000]<< >>UNKNOWN [0x8BA93000]<< >>UNKNOWN [0x8BC1E000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8388CBBA] -> \Device\Harddisk0\DR0[0x879A6030]
\Driver\Disk[0x879A32A0] -> IRP_MJ_CREATE -> 0x8C2EE39F
3 [0x8C2EE59E] -> ntkrnlpa!IofCallDriver[0x8388CBBA] -> [0x879A56A8]
\Driver\hpdskflt[0x8616A1F8] -> IRP_MJ_CREATE -> 0x8C29FFB0
5 [0x8C2A0090] -> ntkrnlpa!IofCallDriver[0x8388CBBA] -> [0x86EF4958]
\Driver\ACPI[0x86A27DB8] -> IRP_MJ_CREATE -> 0x8BA9C4CC
7 [0x8BA9C3D4] -> ntkrnlpa!IofCallDriver[0x8388CBBA] -> \Device\Ide\IAAStorageDevice-1[0x86EA1028]
\Driver\iaStor[0x86EC2260] -> IRP_MJ_CREATE -> 0x8BC62C16
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 0:24:08.50 ===============

checkup.txt info:

Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x86 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 25
Microsoft IE JavaScript Error Fix KB175500 EN
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (22.0)
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
 
Hi, Phoo.

It is good that you followed the advice from satrow. Now, let's see what we can do to clean your computer.

Please follow these instructions carefully. Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

    Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.
 
Hi Corinne- hopefully I've run this and attached appropriately. Thanks for the help.

Phoo

ComboFix 13-07-30.03 - steviec 07/30/2013 14:43:04.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2991.1318 [GMT -7:00]
Running from: c:\users\steviec\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\RegTweaker\keY.dll
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-30 )))))))))))))))))))))))))))))))
.
.
2013-07-30 21:49 . 2013-07-30 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-30 21:49 . 2013-07-30 21:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-07-30 21:49 . 2013-07-30 21:49 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2013-07-28 07:48 . 2013-07-28 07:57 -------- d-----w- c:\programdata\HitmanPro
2013-07-26 18:04 . 2013-07-26 18:04 -------- d-----w- c:\program files\Common Files\Skype
2013-07-26 18:04 . 2013-07-26 18:04 -------- d-----r- c:\program files\Skype
2013-07-23 18:15 . 2013-07-23 18:15 -------- d-----w- c:\program files\Common Files\postureAgent
2013-07-23 18:09 . 2009-12-14 20:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-07-23 18:06 . 2010-01-26 07:28 140288 ----a-w- c:\windows\system32\aestacap.dll
2013-07-23 18:06 . 2009-10-09 05:45 380928 ----a-w- c:\windows\system32\aestecap.dll
2013-07-23 18:06 . 2009-03-02 06:57 61440 ----a-w- c:\windows\system32\aestaren.dll
2013-07-23 18:06 . 2010-09-08 07:05 495708 ----a-w- c:\windows\sttray.exe
2013-07-23 18:06 . 2010-09-08 07:05 1953792 ----a-w- c:\windows\system32\stlang.dll
2013-07-23 18:06 . 2010-09-08 07:05 12705884 ----a-w- c:\windows\system32\idtcpl.cpl
2013-07-23 18:06 . 2009-03-02 06:47 86016 ----a-w- c:\windows\system32\AESTCom.dll
2013-07-23 18:06 . 2010-09-08 07:05 179712 ----a-w- c:\windows\system32\staco.dll
2013-07-23 18:05 . 2010-09-08 07:05 934912 ----a-w- c:\windows\system32\stapo.dll
2013-07-23 18:05 . 2010-09-08 07:05 531968 ------w- c:\windows\system32\stapi32.dll
2013-07-23 18:05 . 2010-09-08 07:05 431616 ----a-w- c:\windows\system32\drivers\stwrt.sys
2013-07-23 18:05 . 2010-09-08 07:05 405504 ----a-w- c:\windows\system32\stcplx.dll
2013-07-23 16:41 . 2013-07-23 16:41 -------- d-----w- c:\program files\Windows Kits
2013-07-22 19:46 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-07-22 19:46 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-07-22 19:46 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-07-22 19:46 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-07-22 19:46 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-07-22 19:46 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-07-22 19:46 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-07-22 17:07 . 2013-07-22 17:07 -------- d-----w- c:\users\steviec\Intel
2013-07-21 23:11 . 2013-07-21 23:11 -------- d-----w- c:\windows\system32\wbem\repositoryTempBackup.0
2013-07-21 18:04 . 2013-07-21 18:04 -------- d--h--w- c:\windows\system32\WLANProfiles
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\steviec\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\Public\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\old profiles\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\E\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\Default\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\admwehnerm\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\Administrator\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\ADMINI~1\Roaming
2013-07-21 18:03 . 2013-07-23 19:08 -------- d-----w- c:\programdata\Intel
2013-07-21 18:03 . 2013-07-21 18:03 -------- d-----w- c:\program files\Cisco
2013-07-21 18:01 . 2013-07-23 16:41 -------- d-----w- c:\programdata\Package Cache
2013-07-21 17:51 . 2013-07-21 17:51 -------- d-----w- c:\users\steviec\AppData\Roaming\SystemRequirementsLab
2013-07-21 16:59 . 2013-07-21 16:59 -------- d-----w- c:\program files\Belarc
2013-07-21 16:14 . 2013-07-21 16:14 -------- d-----w- C:\symbols
2013-07-21 16:12 . 2013-07-21 16:14 -------- d-----w- C:\SymCache
2013-07-21 16:01 . 2013-07-22 17:54 -------- d-----w- C:\xperf
2013-07-21 15:56 . 2013-07-21 15:56 -------- d-----w- c:\program files\Microsoft SDKs
2013-07-21 14:43 . 2013-07-21 14:48 -------- d-----w- c:\users\steviec\AppData\Roaming\Blurity
2013-07-11 00:37 . 2013-07-27 01:37 -------- d-----w- c:\users\steviec\AppData\Roaming\Skype
2013-07-10 03:02 . 2013-07-10 03:02 -------- d-----w- c:\users\steviec\AppData\Local\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-18 03:42 . 2012-06-25 16:43 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-18 03:42 . 2011-09-22 21:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-25 18:46 . 2013-06-25 18:46 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 18:46 . 2012-08-21 05:00 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 18:46 . 2011-09-09 07:08 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-21 12:28 . 2013-05-26 15:59 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-21 12:28 . 2013-05-26 15:59 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-05-21 12:28 . 2013-05-26 15:59 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-05-21 12:28 . 2013-05-26 15:59 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-05-21 12:28 . 2013-05-26 15:59 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-16 18:21 . 2013-06-25 21:05 981504 ----a-w- c:\windows\system32\wininet.dll
2013-05-16 16:44 . 2013-06-25 21:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 20:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-05-13 04:45 . 2013-06-25 21:05 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-25 21:05 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-25 21:05 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-25 21:05 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-25 21:05 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-08 05:38 . 2013-06-25 21:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-25 21:05 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-25 21:05 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28 . 2013-06-20 18:38 238872 ------w- c:\windows\system32\MpSigStub.exe
2010-04-22 12:50 . 2013-07-03 14:48 124320 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-04-22 12:55 . 2013-07-03 14:48 13216 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-04-22 12:53 . 2013-07-03 14:48 70568 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-04-22 12:54 . 2013-07-03 14:48 91560 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-04-22 12:53 . 2013-07-03 14:48 22440 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-04-22 12:51 . 2013-07-03 14:48 255392 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-04-22 12:54 . 2013-07-03 14:48 31144 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-04-22 12:55 . 2013-07-03 14:48 40360 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-22 11:25 . 2013-07-03 14:49 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-04-22 12:53 . 2013-07-03 14:49 23976 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2003-12-12 15:06 . 2011-10-24 21:04 9662464 ----a-w- c:\program files\internet explorer\plugins\axbqs32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-02-23 1791272]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-04-22 103848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 142656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 177472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 177984]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-08 495708]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-10-25 111488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-1659004503-839522115-244443\Scripts\Logon\0\0]
"Script"=vv-login.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-1659004503-839522115-244445\Scripts\Logon\0\0]
"Script"=vv-login.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-1659004503-839522115-3802\Scripts\Logon\0\0]
"Script"=vv-login.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2013-05-10 07:57 37960 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentUiRunKey]
2010-05-22 04:55 239104 ----a-w- c:\program files\Iron Mountain\Connected BackupPC\Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 04:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2012-03-01 19:45 115624 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskSubSystemIO]
2011-11-30 17:27 3338240 ----a-w- c:\windows\diskediag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-08-09 22:21 177472 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWirelessAssistant]
2010-07-21 21:33 8192 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2010-05-21 20:40 324976 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-15 21:59 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 22:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 10:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2013-01-17 23:08 267792 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-09-08 07:05 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 ccmsetup;ccmsetup;c:\windows\system32\ccmsetup\ccmsetup.exe [2010-02-01 611688]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2013-04-11 112608]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-01-19 577536]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DbusAudio;DbusAudio;c:\windows\system32\drivers\DbusAudio.sys [2011-11-13 23608]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-27 64624]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2013-04-19 242928]
R3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-26 48640]
R3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2009-10-29 47616]
R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-09-28 38912]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-11-13 23608]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2012-02-15 23608]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-09 25704]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-22 65584]
S1 enstart_;enstart_;c:\windows\system32\enstart_.sys [2011-09-09 77760]
S1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [2012-03-01 43936]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
S2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [2010-05-22 7587232]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-04-11 593376]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-09-21 133944]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-09-13 104240]
S2 enstart;enstart;c:\windows\system32\enstart.exe [2011-09-09 929792]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2011-09-08 198520]
S2 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker.sys [2010-05-22 45384]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
S2 svctimegsc;Timing Service;c:\program files\Products\Time Service\svctimegsc.exe [2011-09-10 9602376]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-25 2497408]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 1664304]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2013-04-19 2532592]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2013-04-11 112608]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2011-02-23 224424]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-05-13 106656]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2011-02-23 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 Mandiant_Tools;Mandiant_Tools;c:\programdata\Application Data\Time Service\mktools.sys [2011-11-08 19920]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwsn00.sys [2013-04-18 10375680]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MANDIANT_TOOLS
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\chrome_cleanup]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\chrome_setup]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 03:31 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 03:42]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce7f25260e5c4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-12 18:01]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce7f252ce6504.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-12 18:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gwiz4.gene.com/gwp/site/gwiz/
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={38776960-C61D-11E2-A1FF-E02A8231236B}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 128.137.240.235 128.137.241.235
DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} - hxxp://genell.gene.com/support/webedit/lledit.cab
FF - ProfilePath - c:\users\steviec\AppData\Roaming\Mozilla\Firefox\Profiles\6aubrq8g.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - hxxp://gwiz4.gene.com/gwp/site/gwiz/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=ff3f2059b0634074b4065a214fe4e4e1&tu=11JL0008F2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=ff3f2059b0634074b4065a214fe4e4e1&tu=11JL0008F2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=ff3f2059b0634074b4065a214fe4e4e1&tu=11JL0008F2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=ff3f2059b0634074b4065a214fe4e4e1&tu=11JL0008F2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - f033742300000000000000ff80802a89
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15851
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.169:25
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN118218438772198-5043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
SafeBoot-Symantec Antvirus
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-HPPowerAssistant - c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe
MSConfigStartUp-Lexmark X1100 Series - c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
MSConfigStartUp-Philips Device Listener - c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
MSConfigStartUp-Recordpad - c:\program files\NCH Software\Recordpad\recordpad.exe
HKLM_ActiveSetup-{EE94C70E-A1A1-43E7-8F1D-956AFD65263A} - msiexec
HKLM_ActiveSetup-{GConnect} - msiexec
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ccmsetup]
"ImagePath"="\"c:\windows\system32\ccmsetup\ccmsetup.exe\" /runservice /config:MobileClient.tcf"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-30 14:52:03
ComboFix-quarantined-files.txt 2013-07-30 21:52
.
Pre-Run: 266,737,000,448 bytes free
Post-Run: 266,825,932,800 bytes free
.
- - End Of File - - D5E5484E63A6E8D3A545A6EB239E5EB4
A36C5E4F47E84449FF07ED3517B43A31
 

Attachments

Last edited by a moderator:
Hi, Phoo. I edited your post to paste the ComboFix log. Having the logs in the thread rather than attached make it much easier when comparing before and after results.

1. Please rescan with AdwCleaner.
  • Double-click AdwCleaner.exe to run the tool.
  • Click Delete.
  • Everything that was found will be deleted.
  • Save any open files and approve the reboot. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

2. Please download Junkware Removal Tool to your desktop.
  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

3. A critical security update was released for Adobe Reader in May. I suggest you update to the latest version, 11.0.03 even though a new update will likely be released in a couple of weeks. Adobe Reader XI (11.0.03) for Windows is available here: Adobe - Adobe Reader : For Windows.

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

4. Please go here to run an on-line scan from ESET.

  • Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.

5. Finally, after providing the requested AdwCleaner, JRT and ESET logs please let me know how your computer is now.
 
Ok Corinne- so here's where I stand.

I did all as you directed (logs below). Interesting things about eset- I ran the online scanner as you suggested. It picked up 6 things, but didn't give me an option to remove (maybe I missed it). The interesting part, a couple of weeks ago I downloaded eset full version 30 day trial and ran the in-depth scan, which picked up nothing (I uninstalled it shortly after).

since I couldn't remove the 6 issues with eset online scan, I downloaded AVG full version 30 day trial and it picked up some things, which I removed- but so far i'm still getting pauses when word processing, watching you tube, etc. I've included all logs below, including another DPC graphich with xPerf and table. I know the DPC doesn't show much action, but I'm still getting the 10 second good 2 second pause action, even as I type. Maddening.

Thanks again for taking the time.

eset online scan:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f303790910a57f429344a0bbc8ceb321
# engine=14593
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-31 05:52:55
# local_time=2013-07-30 10:52:55 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776637 100 94 6509522 126794766 0 0
# scanned=210265
# found=6
# cleaned=0
# scan_time=12526
sh=D61164551BC88814D62FE132FCA26015D9758D38 ft=1 fh=a94b16275d84b617 vn="Win32/OpenCandy application" ac=I fn="C:\oldsteve\Desktop\cdbxp_setup_4.3.9.2809.exe"
sh=D61164551BC88814D62FE132FCA26015D9758D38 ft=1 fh=a94b16275d84b617 vn="Win32/OpenCandy application" ac=I fn="C:\Users\Administrator\Desktop\steviec\Desktop\cdbxp_setup_4.3.9.2809.exe"
sh=D0D317BE2B56A8DF46532D9D740804C2FC1A7B7E ft=1 fh=0082b3f8d722c9d9 vn="multiple threats" ac=I fn="C:\Users\old profiles\0ld_04012013steviec\Downloads\Free3GPVideoConverter.exe"
sh=D0D317BE2B56A8DF46532D9D740804C2FC1A7B7E ft=1 fh=0082b3f8d722c9d9 vn="multiple threats" ac=I fn="C:\Users\steviec\Downloads\Free3GPVideoConverter.exe"
sh=F3F1AB6D42AC2667F0A05C8940D25FC391A0E639 ft=1 fh=3d7a482cab44c496 vn="Win32/Monitor.SSPro application" ac=I fn="C:\Windows\CoreComp\mdaxml32.dll"
sh=8B291C9F8727E6E233A70A1544DAF28E88DD7BFC ft=1 fh=34bcb1c7609f83bc vn="Win32/Monitor.SSPro application" ac=I fn="C:\Windows\CoreComp\ntdrsys64.dll"


AVG Scan:
[TABLE="width: 64"]
[TR]
[TD="width: 64"]Whole Computer Scan[/TD]
[/TR]
[TR]
[TD]Medium priority;"7";"7";"0"[/TD]
[/TR]
[TR]
[TD]Folders selected for scanning:;"Scan Whole Computer"[/TD]
[/TR]
[TR]
[TD]Started:;"8/1/2013, 2:27:14 PM"[/TD]
[/TR]
[TR]
[TD]Finished:;"8/1/2013, 3:26:52 PM"[/TD]
[/TR]
[TR]
[TD]Total object scanned:;"1930146"[/TD]
[/TR]
[TR]
[TD]User who launched the scan:;"steviec"[/TD]
[/TR]
[TR]
[TD][/TD]
[/TR]
[TR]
[TD]Status;"Priority";"Name";"Description";"Result"[/TD]
[/TR]
[TR]
[TD]Healed;"Medium";"Found Tracking cookie.Pointroll";"C:\Users\old profiles\0ld_04012013steviec\AppData\Roaming\Microsoft\Windows\Cookies\Low\0QCY27GH.txt";"Secured"[/TD]
[/TR]
[TR]
[TD]Healed;"Medium";"Found Tracking cookie.Atdmt";"C:\Users\old profiles\0ld_04012013steviec\AppData\Roaming\Microsoft\Windows\Cookies\Low\761EEBS0.txt";"Secured"[/TD]
[/TR]
[TR]
[TD]Healed;"Medium";"Found Tracking cookie.Webtrends";"C:\Users\steviec\AppData\Roaming\Microsoft\Windows\Cookies\C54CBZZS.txt";"Secured"[/TD]
[/TR]
[TR]
[TD]Healed;"Medium";"Service function NtMapViewOfSection hook -> 0x883492E8";"<unknown>";"Secured"[/TD]
[/TR]
[TR]
[TD]Healed;"Medium";"Found Tracking cookie.Advertising";"C:\Users\steviec\AppData\Roaming\Microsoft\Windows\Cookies\Low\7IMK1HFJ.txt";"Secured"[/TD]
[/TR]
[TR]
[TD]Healed;"Medium";"Found Tracking cookie.Atdmt";"C:\Users\steviec\AppData\Roaming\Microsoft\Windows\Cookies\Low\N23E1FH8.txt";"Secured"[/TD]
[/TR]
[TR]
[TD]Healed;"Medium";"Found Tracking cookie.Atdmt";"C:\Users\steviec\AppData\Roaming\Microsoft\Windows\Cookies\Low\OE15EZ0U.txt";"Secured"
[/TD]
[/TR]
[/TABLE]

JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Professional x86
Ran by steviec on Tue 07/30/2013 at 18:41:06.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c4cfc0de-134f-4466-b2a2-ff7c59a8bfad}
Emptied folder: C:\Users\steviec\AppData\Roaming\mozilla\firefox\profiles\6aubrq8g.default\minidumps [135 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/30/2013 at 18:43:53.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADW Cleaner:
# AdwCleaner v2.306 - Logfile created 07/30/2013 at 16:26:54
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : steviec - GNELTVD0500M99
# Boot Mode : Normal
# Running from : C:\Users\steviec\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\steviec\AppData\Local\Babylon
Folder Deleted : C:\Users\steviec\AppData\Roaming\Babylon
Folder Deleted : C:\Users\steviec\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={38776960-C61D-11E2-A1FF-E02A8231236B} --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\steviec\AppData\Roaming\Mozilla\Firefox\Profiles\6aubrq8g.default\prefs.js

C:\Users\steviec\AppData\Roaming\Mozilla\Firefox\Profiles\6aubrq8g.default\user.js ... Deleted !

Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks")[...]

-\\ Google Chrome v28.0.1500.72

File : C:\Users\steviec\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\admwehnerm\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4014 octets] - [30/07/2013 16:25:09]
AdwCleaner[R2].txt - [4074 octets] - [30/07/2013 16:26:05]
AdwCleaner[S1].txt - [4058 octets] - [30/07/2013 16:26:54]

########## EOF - C:\AdwCleaner[S1].txt - [4118 octets] ##########
 

Attachments

  • dpc.jpg
    dpc.jpg
    51.1 KB · Views: 6
  • graph.jpg
    graph.jpg
    63.5 KB · Views: 3
  • table.jpg
    table.jpg
    104.6 KB · Views: 7
Hi, Phoo.

The settings I had you use for ESET were to not have ESET remove what was found. All AVG found was some cookies it didn't like. That said, I hope you disabled Symantec before running AVG and have since uninstalled AVG. It wouldn't hurt to run the AVG Removal Tool, available from here: AVG | Download tools and utilities

The DPC Latency Checker image implies that it is drivers that are causing the problem. Let's finish cleaning the computer.

1. Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/size]

  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
Code: 
File::
C:\oldsteve\Desktop\cdbxp_setup_4.3.9.2809.exe
C:\Users\Administrator\Desktop\steviec\Desktop\cdbxp_setup_4.3.9.2809.exe
C:\Users\old profiles\0ld_04012013steviec\Downloads\Free3GPVideoConverter.exe
C:\Users\steviec\Downloads\Free3GPVideoConverter.exe
C:\Windows\CoreComp\mdaxml32.dll
C:\Windows\CoreComp\ntdrsys64.dll
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.


    CF_CFScript.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

2. Following that, just to double-check, please do the following:

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
 
"That said, I hope you disabled Symantec before running AVG and have since uninstalled AVG." - yes ma'am, sure did.

"It wouldn't hurt to run the AVG Removal Tool, available from here: AVG | Download tools and utilities" - did that also, thanks!

Here you go:
Combofix.log

ComboFix 13-08-02.01 - steviec 08/02/2013 16:30:29.2.4 - x86 MINIMAL
Running from: c:\users\steviec\Desktop\ComboFix.exe
Command switches used :: c:\users\steviec\Desktop\CFScript.txt
.
FILE ::
"c:\oldsteve\Desktop\cdbxp_setup_4.3.9.2809.exe"
"c:\users\Administrator\Desktop\steviec\Desktop\cdbxp_setup_4.3.9.2809.exe"
"c:\users\old profiles\0ld_04012013steviec\Downloads\Free3GPVideoConverter.exe"
"c:\users\steviec\Downloads\Free3GPVideoConverter.exe"
"c:\windows\CoreComp\mdaxml32.dll"
"c:\windows\CoreComp\ntdrsys64.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\oldsteve\Desktop\cdbxp_setup_4.3.9.2809.exe
c:\programdata\ntuser.dat
c:\users\Administrator\Desktop\steviec\Desktop\cdbxp_setup_4.3.9.2809.exe
c:\users\old profiles\0ld_04012013steviec\Downloads\Free3GPVideoConverter.exe
c:\users\steviec\Downloads\Free3GPVideoConverter.exe
c:\windows\CoreComp\mdaxml32.dll
c:\windows\CoreComp\ntdrsys64.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 )))))))))))))))))))))))))))))))
.
.
2013-08-02 23:35 . 2013-08-02 23:35 -------- d-----w- c:\users\steviec\AppData\Local\temp
2013-08-02 23:35 . 2013-08-02 23:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-02 23:35 . 2013-08-02 23:35 -------- d-----w- c:\users\admwehnerm\AppData\Local\temp
2013-08-02 23:35 . 2013-08-02 23:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-08-02 23:35 . 2013-08-02 23:35 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp
2013-08-01 21:08 . 2013-08-01 21:08 -------- d-----w- c:\users\steviec\AppData\Roaming\TuneUp Software
2013-07-31 02:04 . 2013-07-31 02:04 -------- d-----w- c:\program files\ESET
2013-07-31 01:59 . 2013-07-31 01:59 -------- d-----w- c:\program files\Common Files\Adobe
2013-07-31 01:41 . 2013-07-31 01:41 -------- d-----w- c:\windows\ERUNT
2013-07-28 07:48 . 2013-07-28 07:57 -------- d-----w- c:\programdata\HitmanPro
2013-07-26 18:04 . 2013-07-26 18:04 -------- d-----w- c:\program files\Common Files\Skype
2013-07-26 18:04 . 2013-07-26 18:04 -------- d-----r- c:\program files\Skype
2013-07-23 18:15 . 2013-07-23 18:15 -------- d-----w- c:\program files\Common Files\postureAgent
2013-07-23 18:09 . 2009-12-14 20:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-07-23 18:06 . 2010-01-26 07:28 140288 ----a-w- c:\windows\system32\aestacap.dll
2013-07-23 18:06 . 2009-10-09 05:45 380928 ----a-w- c:\windows\system32\aestecap.dll
2013-07-23 18:06 . 2009-03-02 06:57 61440 ----a-w- c:\windows\system32\aestaren.dll
2013-07-23 18:06 . 2010-09-08 07:05 495708 ----a-w- c:\windows\sttray.exe
2013-07-23 18:06 . 2010-09-08 07:05 1953792 ----a-w- c:\windows\system32\stlang.dll
2013-07-23 18:06 . 2010-09-08 07:05 12705884 ----a-w- c:\windows\system32\idtcpl.cpl
2013-07-23 18:06 . 2009-03-02 06:47 86016 ----a-w- c:\windows\system32\AESTCom.dll
2013-07-23 18:06 . 2010-09-08 07:05 179712 ----a-w- c:\windows\system32\staco.dll
2013-07-23 18:05 . 2010-09-08 07:05 934912 ----a-w- c:\windows\system32\stapo.dll
2013-07-23 18:05 . 2010-09-08 07:05 531968 ------w- c:\windows\system32\stapi32.dll
2013-07-23 18:05 . 2010-09-08 07:05 431616 ----a-w- c:\windows\system32\drivers\stwrt.sys
2013-07-23 18:05 . 2010-09-08 07:05 405504 ----a-w- c:\windows\system32\stcplx.dll
2013-07-23 16:41 . 2013-07-23 16:41 -------- d-----w- c:\program files\Windows Kits
2013-07-22 19:46 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-07-22 19:46 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-07-22 19:46 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-07-22 19:46 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-07-22 19:46 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-07-22 19:46 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-07-22 19:46 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-07-22 17:07 . 2013-07-22 17:07 -------- d-----w- c:\users\steviec\Intel
2013-07-21 23:11 . 2013-07-21 23:11 -------- d-----w- c:\windows\system32\wbem\repositoryTempBackup.0
2013-07-21 18:04 . 2013-07-21 18:04 -------- d--h--w- c:\windows\system32\WLANProfiles
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\steviec\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\Public\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\old profiles\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\E\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\Default\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\admwehnerm\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\Administrator\Roaming
2013-07-21 18:04 . 2013-07-21 18:04 -------- d-----w- c:\users\ADMINI~1\Roaming
2013-07-21 18:03 . 2013-07-23 19:08 -------- d-----w- c:\programdata\Intel
2013-07-21 18:03 . 2013-07-21 18:03 -------- d-----w- c:\program files\Cisco
2013-07-21 18:01 . 2013-07-23 16:41 -------- d-----w- c:\programdata\Package Cache
2013-07-21 17:51 . 2013-07-21 17:51 -------- d-----w- c:\users\steviec\AppData\Roaming\SystemRequirementsLab
2013-07-21 16:59 . 2013-07-21 16:59 -------- d-----w- c:\program files\Belarc
2013-07-21 16:14 . 2013-07-21 16:14 -------- d-----w- C:\symbols
2013-07-21 16:12 . 2013-07-21 16:14 -------- d-----w- C:\SymCache
2013-07-21 16:01 . 2013-07-22 17:54 -------- d-----w- C:\xperf
2013-07-21 15:56 . 2013-07-21 15:56 -------- d-----w- c:\program files\Microsoft SDKs
2013-07-21 14:43 . 2013-07-21 14:48 -------- d-----w- c:\users\steviec\AppData\Roaming\Blurity
2013-07-11 00:37 . 2013-07-27 01:37 -------- d-----w- c:\users\steviec\AppData\Roaming\Skype
2013-07-10 03:02 . 2013-07-10 03:02 -------- d-----w- c:\users\steviec\AppData\Local\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-18 03:42 . 2012-06-25 16:43 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-18 03:42 . 2011-09-22 21:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-25 18:46 . 2013-06-25 18:46 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 18:46 . 2012-08-21 05:00 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-25 18:46 . 2011-09-09 07:08 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-21 12:28 . 2013-05-26 15:59 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-21 12:28 . 2013-05-26 15:59 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-05-21 12:28 . 2013-05-26 15:59 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-05-21 12:28 . 2013-05-26 15:59 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-05-21 12:28 . 2013-05-26 15:59 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-16 18:21 . 2013-06-25 21:05 981504 ----a-w- c:\windows\system32\wininet.dll
2013-05-16 16:44 . 2013-06-25 21:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 20:26 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-05-13 04:45 . 2013-06-25 21:05 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-25 21:05 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-25 21:05 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-25 21:05 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-25 21:05 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-08 05:38 . 2013-06-25 21:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-25 21:05 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-25 21:05 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-22 12:50 . 2013-07-03 14:48 124320 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-04-22 12:55 . 2013-07-03 14:48 13216 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-04-22 12:53 . 2013-07-03 14:48 70568 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-04-22 12:54 . 2013-07-03 14:48 91560 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-04-22 12:53 . 2013-07-03 14:48 22440 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-04-22 12:51 . 2013-07-03 14:48 255392 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-04-22 12:54 . 2013-07-03 14:48 31144 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-04-22 12:55 . 2013-07-03 14:48 40360 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-22 11:25 . 2013-07-03 14:49 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-04-22 12:53 . 2013-07-03 14:49 23976 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2003-12-12 15:06 . 2011-10-24 21:04 9662464 ----a-w- c:\program files\internet explorer\plugins\axbqs32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-02-23 1791272]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-04-22 103848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-09 142656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-09 177472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-09 177984]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-08 495708]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-10-25 111488]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-1659004503-839522115-244443\Scripts\Logon\0\0]
"Script"=vv-login.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-1659004503-839522115-244445\Scripts\Logon\0\0]
"Script"=vv-login.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1004336348-1659004503-839522115-3802\Scripts\Logon\0\0]
"Script"=vv-login.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentUiRunKey]
2010-05-22 04:55 239104 ----a-w- c:\program files\Iron Mountain\Connected BackupPC\Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 04:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2012-03-01 19:45 115624 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskSubSystemIO]
2011-11-30 17:27 3338240 ----a-w- c:\windows\diskediag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2012-08-09 22:21 177472 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWirelessAssistant]
2010-07-21 21:33 8192 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2010-05-21 20:40 324976 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-15 21:59 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 22:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 10:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2013-01-17 23:08 267792 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-09-08 07:05 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-22 65584]
R1 enstart_;enstart_;c:\windows\system32\enstart_.sys [2011-09-09 77760]
R1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [2012-03-01 43936]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
R2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [2010-05-22 7587232]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-04-11 593376]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-09-21 133944]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-09-13 104240]
R2 ccmsetup;ccmsetup;c:\windows\system32\ccmsetup\ccmsetup.exe [2010-02-01 611688]
R2 enstart;enstart;c:\windows\system32\enstart.exe [2011-09-09 929792]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-11-12 116648]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2011-09-08 198520]
R2 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker.sys [2010-05-22 45384]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-07-16 35088]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R2 svctimegsc;Timing Service;c:\program files\Products\Time Service\svctimegsc.exe [2011-09-10 9602376]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-25 2497408]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 1664304]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2013-04-19 2532592]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2013-04-11 112608]
R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2013-04-11 112608]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-01-19 577536]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DbusAudio;DbusAudio;c:\windows\system32\drivers\DbusAudio.sys [2011-11-13 23608]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-27 64624]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2011-02-23 224424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-05-13 106656]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-11-12 116648]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2011-02-23 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
R3 Mandiant_Tools;Mandiant_Tools;c:\program files\Products\Time Service\mktools.sys [2013-07-30 19920]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2013-04-19 242928]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwsn00.sys [2013-04-18 10375680]
R3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-10-26 48640]
R3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2009-10-29 47616]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-09-28 38912]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-11-13 23608]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2012-02-15 23608]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-12-09 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-12-09 25704]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\chrome_cleanup]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\chrome_setup]
2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 12:31 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 03:42]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce7f25260e5c4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-12 18:01]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce7f252ce6504.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-12 18:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gwiz4.gene.com/gwp/site/gwiz/
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.254
DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} - hxxp://genell.gene.com/support/webedit/lledit.cab
FF - ProfilePath - c:\users\steviec\AppData\Roaming\Mozilla\Firefox\Profiles\6aubrq8g.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - hxxp://gwiz4.gene.com/gwp/site/gwiz/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ccmsetup]
"ImagePath"="\"c:\windows\system32\ccmsetup\ccmsetup.exe\" /runservice /config:MobileClient.tcf"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-02 16:36:36
ComboFix-quarantined-files.txt 2013-08-02 23:36
.
Pre-Run: 265,334,202,368 bytes free
Post-Run: 265,870,462,976 bytes free
.
- - End Of File - - 8322B4A5CB22968DE4D7AF0F89733E2D
A36C5E4F47E84449FF07ED3517B43A31

TDSS Killer log
16:44:53.0210 5012 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
16:44:53.0741 5012 ============================================================
16:44:53.0741 5012 Current date / time: 2013/08/02 16:44:53.0741
16:44:53.0741 5012 SystemInfo:
16:44:53.0741 5012
16:44:53.0741 5012 OS Version: 6.1.7601 ServicePack: 1.0
16:44:53.0741 5012 Product type: Workstation
16:44:53.0741 5012 ComputerName: GNELTVD0500M99
16:44:53.0741 5012 UserName: steviec
16:44:53.0741 5012 Windows directory: C:\WINDOWS
16:44:53.0741 5012 System windows directory: C:\WINDOWS
16:44:53.0741 5012 Processor architecture: Intel x86
16:44:53.0741 5012 Number of processors: 4
16:44:53.0741 5012 Page size: 0x1000
16:44:53.0741 5012 Boot type: Normal boot
16:44:53.0741 5012 ============================================================
16:44:54.0209 5012 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:44:54.0209 5012 ============================================================
16:44:54.0209 5012 \Device\Harddisk0\DR0:
16:44:54.0209 5012 MBR partitions:
16:44:54.0209 5012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x39F4F000
16:44:54.0209 5012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x39F81800, BlocksNum 0x400000
16:44:54.0209 5012 ============================================================
16:44:54.0224 5012 C: <-> \Device\Harddisk0\DR0\Partition1
16:44:54.0224 5012 E: <-> \Device\Harddisk0\DR0\Partition2
16:44:54.0224 5012 ============================================================
16:44:54.0224 5012 Initialize success
16:44:54.0224 5012 ============================================================
16:44:58.0015 6116 ============================================================
16:44:58.0015 6116 Scan started
16:44:58.0015 6116 Mode: Manual;
16:44:58.0015 6116 ============================================================
16:45:02.0773 6116 ================ Scan system memory ========================
16:45:02.0773 6116 System memory - ok
16:45:02.0773 6116 ================ Scan services =============================
16:45:03.0007 6116 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\WINDOWS\system32\drivers\1394ohci.sys
16:45:03.0007 6116 1394ohci - ok
16:45:03.0038 6116 [ 4DF5E6215A102A192B2B6DBB61F2FBA5 ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
16:45:03.0038 6116 Accelerometer - ok
16:45:03.0054 6116 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
16:45:03.0054 6116 ACPI - ok
16:45:03.0070 6116 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\WINDOWS\system32\drivers\acpipmi.sys
16:45:03.0070 6116 AcpiPmi - ok
16:45:03.0101 6116 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:45:03.0101 6116 AdobeARMservice - ok
16:45:03.0116 6116 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:45:03.0116 6116 AdobeFlashPlayerUpdateSvc - ok
16:45:03.0148 6116 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\WINDOWS\system32\DRIVERS\adp94xx.sys
16:45:03.0148 6116 adp94xx - ok
16:45:03.0179 6116 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\WINDOWS\system32\DRIVERS\adpahci.sys
16:45:03.0194 6116 adpahci - ok
16:45:03.0194 6116 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
16:45:03.0194 6116 adpu320 - ok
16:45:03.0210 6116 [ 96A0FF09E226B023DC6ACA253AACEE2E ] ADVService C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
16:45:03.0226 6116 ADVService - ok
16:45:03.0226 6116 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
16:45:03.0226 6116 AeLookupSvc - ok
16:45:03.0257 6116 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
16:45:03.0257 6116 AESTFilters - ok
16:45:03.0272 6116 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\WINDOWS\system32\drivers\afd.sys
16:45:03.0272 6116 AFD - ok
16:45:03.0943 6116 [ EA7BF1EBCF0D36291FBED3FDD76DC448 ] AgentService C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
16:45:03.0990 6116 AgentService - ok
16:45:03.0990 6116 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
16:45:03.0990 6116 AgereModemAudio - ok
16:45:04.0037 6116 [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:45:04.0052 6116 AgereSoftModem - ok
16:45:04.0052 6116 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
16:45:04.0052 6116 agp440 - ok
16:45:04.0068 6116 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\WINDOWS\system32\DRIVERS\djsvs.sys
16:45:04.0068 6116 aic78xx - ok
16:45:04.0068 6116 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\WINDOWS\System32\alg.exe
16:45:04.0068 6116 ALG - ok
16:45:04.0068 6116 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\WINDOWS\system32\drivers\aliide.sys
16:45:04.0084 6116 aliide - ok
16:45:04.0084 6116 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\WINDOWS\system32\drivers\amdagp.sys
16:45:04.0084 6116 amdagp - ok
16:45:04.0084 6116 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\WINDOWS\system32\drivers\amdide.sys
16:45:04.0084 6116 amdide - ok
16:45:04.0099 6116 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\WINDOWS\system32\DRIVERS\amdk8.sys
16:45:04.0099 6116 AmdK8 - ok
16:45:04.0115 6116 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\WINDOWS\system32\DRIVERS\amdppm.sys
16:45:04.0115 6116 AmdPPM - ok
16:45:04.0115 6116 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
16:45:04.0115 6116 amdsata - ok
16:45:04.0130 6116 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\WINDOWS\system32\DRIVERS\amdsbs.sys
16:45:04.0130 6116 amdsbs - ok
16:45:04.0130 6116 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
16:45:04.0130 6116 amdxata - ok
16:45:04.0146 6116 [ 35711796E1164FFB1D238F1E3EF4FAD0 ] AMPPAL C:\WINDOWS\system32\DRIVERS\AMPPAL.sys
16:45:04.0146 6116 AMPPAL - ok
16:45:04.0146 6116 [ 35711796E1164FFB1D238F1E3EF4FAD0 ] AMPPALP C:\WINDOWS\system32\DRIVERS\amppal.sys
16:45:04.0146 6116 AMPPALP - ok
16:45:04.0224 6116 [ F738EAF743271EF502EAEED8EFA9F6A8 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:45:04.0240 6116 AMPPALR3 - ok
16:45:04.0240 6116 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\WINDOWS\system32\drivers\appid.sys
16:45:04.0255 6116 AppID - ok
16:45:04.0255 6116 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
16:45:04.0255 6116 AppIDSvc - ok
16:45:04.0271 6116 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\WINDOWS\System32\appinfo.dll
16:45:04.0271 6116 Appinfo - ok
16:45:04.0333 6116 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:45:04.0333 6116 Apple Mobile Device - ok
16:45:04.0349 6116 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:45:04.0349 6116 AppMgmt - ok
16:45:04.0364 6116 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\WINDOWS\system32\DRIVERS\arc.sys
16:45:04.0364 6116 arc - ok
16:45:04.0364 6116 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\WINDOWS\system32\DRIVERS\arcsas.sys
16:45:04.0364 6116 arcsas - ok
16:45:04.0411 6116 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:45:04.0411 6116 aspnet_state - ok
16:45:04.0411 6116 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:45:04.0411 6116 AsyncMac - ok
16:45:04.0427 6116 [ 338C86357871C167A96AB976519BF59E ] atapi C:\WINDOWS\system32\drivers\atapi.sys
16:45:04.0427 6116 atapi - ok
16:45:04.0427 6116 [ 42529B1CCC376B8DB8B40A52F9C13FAC ] atashost C:\WINDOWS\system32\atashost.exe
16:45:04.0427 6116 atashost - ok
16:45:04.0520 6116 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\WINDOWS\System32\Audiosrv.dll
16:45:04.0520 6116 AudioEndpointBuilder - ok
16:45:04.0536 6116 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
16:45:04.0536 6116 Audiosrv - ok
16:45:04.0552 6116 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
16:45:04.0552 6116 AxInstSV - ok
16:45:04.0614 6116 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\WINDOWS\system32\DRIVERS\bxvbdx.sys
16:45:04.0614 6116 b06bdrv - ok
16:45:04.0645 6116 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\WINDOWS\system32\DRIVERS\b57nd60x.sys
16:45:04.0645 6116 b57nd60x - ok
16:45:04.0661 6116 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
16:45:04.0661 6116 BDESVC - ok
16:45:04.0661 6116 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:45:04.0661 6116 Beep - ok
16:45:04.0692 6116 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\WINDOWS\System32\bfe.dll
16:45:04.0708 6116 BFE - ok
16:45:04.0723 6116 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\WINDOWS\system32\qmgr.dll
16:45:04.0739 6116 BITS - ok
16:45:04.0770 6116 [ 686045905787B68D829CE647A6DFAD2B ] Blackberry Device Manager C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
16:45:04.0770 6116 Blackberry Device Manager - ok
16:45:04.0786 6116 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\WINDOWS\system32\DRIVERS\blbdrive.sys
16:45:04.0786 6116 blbdrive - ok
16:45:04.0786 6116 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
16:45:04.0786 6116 bowser - ok
16:45:04.0801 6116 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\WINDOWS\system32\DRIVERS\BrFiltLo.sys
16:45:04.0801 6116 BrFiltLo - ok
16:45:04.0801 6116 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\WINDOWS\system32\DRIVERS\BrFiltUp.sys
16:45:04.0801 6116 BrFiltUp - ok
16:45:04.0801 6116 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
16:45:04.0801 6116 BridgeMP - ok
16:45:04.0817 6116 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\WINDOWS\System32\browser.dll
16:45:04.0817 6116 Browser - ok
16:45:04.0832 6116 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\WINDOWS\System32\Drivers\Brserid.sys
16:45:04.0832 6116 Brserid - ok
16:45:04.0832 6116 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\WINDOWS\System32\Drivers\BrSerWdm.sys
16:45:04.0832 6116 BrSerWdm - ok
16:45:04.0832 6116 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\WINDOWS\System32\Drivers\BrUsbMdm.sys
16:45:04.0848 6116 BrUsbMdm - ok
16:45:04.0848 6116 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\WINDOWS\System32\Drivers\BrUsbSer.sys
16:45:04.0848 6116 BrUsbSer - ok
16:45:04.0910 6116 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\WINDOWS\system32\drivers\BthEnum.sys
16:45:04.0910 6116 BthEnum - ok
16:45:04.0926 6116 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
16:45:04.0926 6116 BTHMODEM - ok
16:45:04.0926 6116 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
16:45:04.0942 6116 BthPan - ok
16:45:04.0957 6116 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
16:45:04.0957 6116 BTHPORT - ok
16:45:04.0957 6116 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\WINDOWS\system32\bthserv.dll
16:45:04.0973 6116 bthserv - ok
16:45:04.0973 6116 [ B445F65A329A78CE59DA4081C698094E ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:45:04.0973 6116 BTHSSecurityMgr - ok
16:45:04.0988 6116 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
16:45:04.0988 6116 BTHUSB - ok
16:45:04.0988 6116 [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt C:\WINDOWS\system32\DRIVERS\btwavdt.sys
16:45:04.0988 6116 btwavdt - ok
16:45:05.0004 6116 [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid C:\WINDOWS\system32\drivers\btwrchid.sys
16:45:05.0004 6116 btwrchid - ok
16:45:05.0066 6116 catchme - ok
16:45:05.0098 6116 [ BDA4E1060947FB60585E6CEC32B18353 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:45:05.0098 6116 ccEvtMgr - ok
16:45:05.0191 6116 [ A454A9BAA25B8C8E76735DD86BD4B017 ] CcmExec C:\WINDOWS\system32\CCM\CcmExec.exe
16:45:05.0191 6116 CcmExec - ok
16:45:05.0269 6116 [ 6AA0A24098BED789D47617943CC7B0CB ] ccmsetup C:\WINDOWS\system32\ccmsetup\ccmsetup.exe
16:45:05.0285 6116 ccmsetup - ok
16:45:05.0285 6116 [ BDA4E1060947FB60585E6CEC32B18353 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
16:45:05.0285 6116 ccSetMgr - ok
16:45:05.0300 6116 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
16:45:05.0300 6116 cdfs - ok
16:45:05.0300 6116 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\WINDOWS\system32\drivers\cdrom.sys
16:45:05.0300 6116 cdrom - ok
16:45:05.0316 6116 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\WINDOWS\System32\certprop.dll
16:45:05.0316 6116 CertPropSvc - ok
16:45:05.0316 6116 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\WINDOWS\system32\DRIVERS\circlass.sys
16:45:05.0316 6116 circlass - ok
16:45:05.0332 6116 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\WINDOWS\system32\CLFS.sys
16:45:05.0332 6116 CLFS - ok
16:45:05.0347 6116 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:45:05.0347 6116 clr_optimization_v2.0.50727_32 - ok
16:45:05.0363 6116 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:45:05.0363 6116 clr_optimization_v4.0.30319_32 - ok
16:45:05.0363 6116 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:45:05.0363 6116 CmBatt - ok
16:45:05.0363 6116 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\WINDOWS\system32\drivers\cmdide.sys
16:45:05.0363 6116 cmdide - ok
16:45:05.0378 6116 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\WINDOWS\system32\Drivers\cng.sys
16:45:05.0378 6116 CNG - ok
16:45:05.0425 6116 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:45:05.0425 6116 Com4QLBEx - ok
16:45:05.0425 6116 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:45:05.0425 6116 Compbatt - ok
16:45:05.0441 6116 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\WINDOWS\system32\drivers\CompositeBus.sys
16:45:05.0441 6116 CompositeBus - ok
16:45:05.0441 6116 COMSysApp - ok
16:45:05.0456 6116 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\WINDOWS\system32\DRIVERS\crcdisk.sys
16:45:05.0456 6116 crcdisk - ok
16:45:05.0456 6116 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
16:45:05.0456 6116 CryptSvc - ok
16:45:05.0472 6116 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\WINDOWS\system32\drivers\csc.sys
16:45:05.0472 6116 CSC - ok
16:45:05.0503 6116 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\WINDOWS\System32\cscsvc.dll
16:45:05.0519 6116 CscService - ok
16:45:05.0519 6116 [ CF6C202178A42984114234EEF4376826 ] CSRBC C:\WINDOWS\system32\Drivers\csrbcxp.sys
16:45:05.0519 6116 CSRBC - ok
16:45:05.0550 6116 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
16:45:05.0550 6116 ctxusbm - ok
16:45:05.0566 6116 [ 222024E762DDE87712BA7170DACC7A25 ] DbusAudio C:\WINDOWS\system32\drivers\DbusAudio.sys
16:45:05.0566 6116 DbusAudio - ok
16:45:05.0566 6116 [ 418114393BFCCE0B4F7CAE96405F4428 ] dc3d C:\WINDOWS\system32\DRIVERS\dc3d.sys
16:45:05.0566 6116 dc3d - ok
16:45:05.0612 6116 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:45:05.0628 6116 DcomLaunch - ok
16:45:05.0644 6116 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
16:45:05.0644 6116 defragsvc - ok
16:45:05.0644 6116 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\WINDOWS\system32\Drivers\dfsc.sys
16:45:05.0659 6116 DfsC - ok
16:45:05.0659 6116 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
16:45:05.0675 6116 Dhcp - ok
16:45:05.0675 6116 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\WINDOWS\system32\drivers\discache.sys
16:45:05.0675 6116 discache - ok
16:45:05.0675 6116 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:45:05.0690 6116 Disk - ok
16:45:05.0690 6116 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:45:05.0690 6116 Dnscache - ok
16:45:05.0706 6116 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
16:45:05.0706 6116 dot3svc - ok
16:45:05.0722 6116 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\WINDOWS\system32\dps.dll
16:45:05.0722 6116 DPS - ok
16:45:05.0722 6116 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:45:05.0722 6116 drmkaud - ok
16:45:05.0737 6116 [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
16:45:05.0737 6116 dsNcAdpt - ok
16:45:05.0753 6116 [ DBB553EFC611BFC7FC2E658FFDD3AF33 ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
16:45:05.0753 6116 dsNcService - ok
16:45:05.0784 6116 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
16:45:05.0784 6116 DXGKrnl - ok
16:45:05.0800 6116 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
16:45:05.0800 6116 E1G60 - ok
16:45:05.0800 6116 [ 19E30C3C80D8CE29944B3F30FF9C8B76 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k6232.sys
16:45:05.0800 6116 e1kexpress - ok
16:45:05.0815 6116 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:45:05.0815 6116 EapHost - ok
16:45:05.0893 6116 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\WINDOWS\system32\DRIVERS\evbdx.sys
16:45:05.0909 6116 ebdrv - ok
16:45:05.0924 6116 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:45:05.0924 6116 eeCtrl - ok
16:45:05.0940 6116 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\WINDOWS\System32\lsass.exe
16:45:05.0940 6116 EFS - ok
16:45:05.0971 6116 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\WINDOWS\ehome\ehRecvr.exe
16:45:05.0971 6116 ehRecvr - ok
16:45:05.0971 6116 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\WINDOWS\ehome\ehsched.exe
16:45:05.0987 6116 ehSched - ok
16:45:06.0002 6116 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\WINDOWS\system32\DRIVERS\elxstor.sys
16:45:06.0002 6116 elxstor - ok
16:45:06.0034 6116 [ 245EE56C6FE945EF9CD4EA130DFDC1C6 ] enstart C:\WINDOWS\system32\enstart.exe
16:45:06.0034 6116 enstart - ok
16:45:06.0065 6116 [ 5A1C0CFDC7C68BF6E13E58ABD60C1E98 ] enstart_ C:\WINDOWS\system32\enstart_.sys
16:45:06.0065 6116 enstart_ - ok
16:45:06.0080 6116 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:45:06.0080 6116 EraserUtilRebootDrv - ok
16:45:06.0080 6116 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\WINDOWS\system32\drivers\errdev.sys
16:45:06.0080 6116 ErrDev - ok
16:45:06.0112 6116 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\WINDOWS\system32\es.dll
16:45:06.0112 6116 EventSystem - ok
16:45:06.0127 6116 [ 0A1F04227D2848999ECEBB49A8D412C1 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:45:06.0143 6116 EvtEng - ok
16:45:06.0143 6116 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\WINDOWS\system32\drivers\exfat.sys
16:45:06.0143 6116 exfat - ok
16:45:06.0158 6116 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
16:45:06.0158 6116 fastfat - ok
16:45:06.0174 6116 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\WINDOWS\system32\fxssvc.exe
16:45:06.0190 6116 Fax - ok
16:45:06.0190 6116 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:45:06.0190 6116 fdc - ok
16:45:06.0190 6116 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\WINDOWS\system32\fdPHost.dll
16:45:06.0190 6116 fdPHost - ok
16:45:06.0205 6116 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\WINDOWS\system32\fdrespub.dll
16:45:06.0205 6116 FDResPub - ok
16:45:06.0205 6116 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
16:45:06.0205 6116 FileInfo - ok
16:45:06.0205 6116 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
16:45:06.0205 6116 Filetrace - ok
16:45:06.0221 6116 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:45:06.0221 6116 flpydisk - ok
16:45:06.0221 6116 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:45:06.0221 6116 FltMgr - ok
16:45:06.0252 6116 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\WINDOWS\system32\FntCache.dll
16:45:06.0252 6116 FontCache - ok
16:45:06.0252 6116 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:45:06.0252 6116 FontCache3.0.0.0 - ok
16:45:06.0268 6116 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
16:45:06.0268 6116 FsDepends - ok
16:45:06.0283 6116 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:45:06.0283 6116 Fs_Rec - ok
16:45:06.0299 6116 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
16:45:06.0299 6116 fvevol - ok
16:45:06.0299 6116 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
16:45:06.0299 6116 gagp30kx - ok
16:45:06.0299 6116 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:45:06.0299 6116 GEARAspiWDM - ok
16:45:06.0330 6116 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
16:45:06.0330 6116 gpsvc - ok
16:45:06.0346 6116 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:45:06.0346 6116 gupdate - ok
16:45:06.0346 6116 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:45:06.0346 6116 gupdatem - ok
16:45:06.0361 6116 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\WINDOWS\system32\drivers\hcw85cir.sys
16:45:06.0361 6116 hcw85cir - ok
16:45:06.0392 6116 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
16:45:06.0392 6116 HdAudAddService - ok
16:45:06.0408 6116 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\WINDOWS\system32\drivers\HDAudBus.sys
16:45:06.0408 6116 HDAudBus - ok
16:45:06.0408 6116 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
16:45:06.0408 6116 HECI - ok
16:45:06.0424 6116 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
16:45:06.0424 6116 HidBatt - ok
16:45:06.0424 6116 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys
16:45:06.0424 6116 HidBth - ok
16:45:06.0439 6116 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\WINDOWS\system32\DRIVERS\hidir.sys
16:45:06.0439 6116 HidIr - ok
16:45:06.0439 6116 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\WINDOWS\System32\hidserv.dll
16:45:06.0439 6116 hidserv - ok
16:45:06.0455 6116 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:45:06.0455 6116 HidUsb - ok
16:45:06.0470 6116 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
16:45:06.0470 6116 hkmsvc - ok
16:45:06.0470 6116 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
16:45:06.0486 6116 HomeGroupListener - ok
16:45:06.0486 6116 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
16:45:06.0486 6116 HomeGroupProvider - ok
16:45:06.0502 6116 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
16:45:06.0502 6116 HP Wireless Assistant Service - ok
16:45:06.0517 6116 [ E1D82F0C8456ABB03B7DF5D623CA47D1 ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
16:45:06.0517 6116 hpdskflt - ok
16:45:06.0517 6116 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
16:45:06.0517 6116 HpqKbFiltr - ok
16:45:06.0611 6116 [ FCD6B17530B3A41638A72080AFEF0B6A ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
16:45:06.0611 6116 hpqwmiex - ok
16:45:06.0626 6116 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
16:45:06.0626 6116 HpSAMD - ok
16:45:06.0626 6116 [ D1F817E61D52816996B8F1EBA9A38276 ] hpsrv C:\WINDOWS\system32\Hpservice.exe
16:45:06.0626 6116 hpsrv - ok
16:45:06.0658 6116 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
16:45:06.0673 6116 HTTP - ok
16:45:06.0673 6116 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
16:45:06.0673 6116 hwpolicy - ok
16:45:06.0673 6116 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
16:45:06.0673 6116 i8042prt - ok
16:45:06.0689 6116 [ 593EF9F904C8497F6D794DC6FCC59DCA ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:45:06.0704 6116 IAANTMON - ok
16:45:06.0704 6116 [ 592A0B130FF567A1725F96AD1510D551 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
16:45:06.0720 6116 iaStor - ok
16:45:06.0736 6116 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
16:45:06.0736 6116 iaStorV - ok
16:45:06.0736 6116 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:45:06.0736 6116 IDriverT - ok
16:45:06.0767 6116 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:45:06.0782 6116 idsvc - ok
16:45:07.0438 6116 [ 40A63A2ABC7116C54966533A283E3B48 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
16:45:07.0484 6116 igfx - ok
16:45:07.0516 6116 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\WINDOWS\system32\DRIVERS\iirsp.sys
16:45:07.0516 6116 iirsp - ok
16:45:07.0547 6116 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
16:45:07.0547 6116 IKEEXT - ok
16:45:07.0562 6116 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\WINDOWS\system32\DRIVERS\Impcd.sys
16:45:07.0562 6116 Impcd - ok
16:45:07.0578 6116 [ C4FA261B9B5C9822D26020949605AC43 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
16:45:07.0578 6116 IntcDAud - ok
16:45:07.0578 6116 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
16:45:07.0578 6116 intelide - ok
16:45:07.0578 6116 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:45:07.0578 6116 intelppm - ok
16:45:07.0594 6116 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\WINDOWS\system32\ipbusenum.dll
16:45:07.0594 6116 IPBusEnum - ok
16:45:07.0594 6116 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:45:07.0594 6116 IpFilterDriver - ok
16:45:07.0609 6116 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
16:45:07.0609 6116 iphlpsvc - ok
16:45:07.0625 6116 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\WINDOWS\system32\drivers\IPMIDrv.sys
16:45:07.0625 6116 IPMIDRV - ok
16:45:07.0625 6116 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
16:45:07.0625 6116 IPNAT - ok
16:45:07.0656 6116 [ E3E71649A926CB34FA4D7AB75DCE126C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:45:07.0656 6116 iPod Service - ok
16:45:07.0656 6116 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
16:45:07.0656 6116 IRENUM - ok
16:45:07.0672 6116 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
16:45:07.0672 6116 isapnp - ok
16:45:07.0672 6116 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\WINDOWS\system32\drivers\msiscsi.sys
16:45:07.0687 6116 iScsiPrt - ok
16:45:07.0687 6116 [ 045108BB1BFE03B825ABC47A2B2682B1 ] JuniperAccessService C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
16:45:07.0687 6116 JuniperAccessService - ok
16:45:07.0703 6116 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:45:07.0703 6116 kbdclass - ok
16:45:07.0703 6116 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:45:07.0703 6116 kbdhid - ok
16:45:07.0703 6116 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\WINDOWS\system32\lsass.exe
16:45:07.0703 6116 KeyIso - ok
16:45:07.0718 6116 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
16:45:07.0718 6116 KSecDD - ok
16:45:07.0718 6116 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
16:45:07.0718 6116 KSecPkg - ok
16:45:07.0734 6116 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
16:45:07.0750 6116 KtmRm - ok
16:45:07.0750 6116 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:45:07.0750 6116 LanmanServer - ok
16:45:07.0765 6116 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
16:45:07.0765 6116 LanmanWorkstation - ok
16:45:07.0843 6116 [ 9E25FFBA1EE26ABFE7B9319F8EF3F771 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
16:45:07.0859 6116 LiveUpdate - ok
16:45:07.0874 6116 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
16:45:07.0874 6116 lltdio - ok
16:45:07.0874 6116 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
16:45:07.0890 6116 lltdsvc - ok
16:45:07.0890 6116 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
16:45:07.0890 6116 lmhosts - ok
16:45:07.0921 6116 [ 78A750F8BADC9A7BCA90E37C070458B0 ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:45:07.0921 6116 LMS - ok
16:45:07.0937 6116 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\WINDOWS\system32\DRIVERS\lsi_fc.sys
16:45:07.0937 6116 LSI_FC - ok
16:45:07.0937 6116 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\WINDOWS\system32\DRIVERS\lsi_sas.sys
16:45:07.0937 6116 LSI_SAS - ok
16:45:07.0937 6116 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\WINDOWS\system32\DRIVERS\lsi_sas2.sys
16:45:07.0937 6116 LSI_SAS2 - ok
16:45:07.0952 6116 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\WINDOWS\system32\DRIVERS\lsi_scsi.sys
16:45:07.0952 6116 LSI_SCSI - ok
16:45:07.0952 6116 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\WINDOWS\system32\drivers\luafv.sys
16:45:07.0952 6116 luafv - ok
16:45:07.0968 6116 [ 35F6FF391C59BF8FAC3D0A5572FCB9EA ] LV_Tracker C:\WINDOWS\system32\DRIVERS\LV_Tracker.sys
16:45:07.0968 6116 LV_Tracker - ok
16:45:07.0968 6116 [ 625F1EA55A4C4C55226BB91C34751C23 ] Mandiant_Tools C:\Program Files\Products\Time Service\mktools.sys
16:45:07.0968 6116 Mandiant_Tools - ok
16:45:07.0984 6116 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\WINDOWS\system32\Mcx2Svc.dll
16:45:07.0984 6116 Mcx2Svc - ok
16:45:07.0984 6116 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\WINDOWS\system32\DRIVERS\megasas.sys
16:45:07.0984 6116 megasas - ok
16:45:07.0999 6116 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\WINDOWS\system32\DRIVERS\MegaSR.sys
16:45:07.0999 6116 MegaSR - ok
16:45:07.0999 6116 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\WINDOWS\system32\mmcss.dll
16:45:07.0999 6116 MMCSS - ok
16:45:08.0015 6116 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\WINDOWS\system32\drivers\modem.sys
16:45:08.0015 6116 Modem - ok
16:45:08.0015 6116 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\WINDOWS\system32\DRIVERS\monitor.sys
16:45:08.0015 6116 monitor - ok
16:45:08.0015 6116 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:45:08.0015 6116 mouclass - ok
16:45:08.0030 6116 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:45:08.0030 6116 mouhid - ok
16:45:08.0030 6116 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
16:45:08.0030 6116 mountmgr - ok
16:45:08.0062 6116 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:45:08.0062 6116 MozillaMaintenance - ok
16:45:08.0062 6116 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\WINDOWS\system32\drivers\mpio.sys
16:45:08.0062 6116 mpio - ok
16:45:08.0077 6116 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
16:45:08.0077 6116 mpsdrv - ok
16:45:08.0093 6116 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
16:45:08.0093 6116 MpsSvc - ok
16:45:08.0093 6116 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
16:45:08.0093 6116 MRxDAV - ok
16:45:08.0108 6116 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:45:08.0108 6116 mrxsmb - ok
16:45:08.0124 6116 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
16:45:08.0124 6116 mrxsmb10 - ok
16:45:08.0124 6116 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
16:45:08.0124 6116 mrxsmb20 - ok
16:45:08.0124 6116 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\WINDOWS\system32\drivers\msahci.sys
16:45:08.0124 6116 msahci - ok
16:45:08.0140 6116 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\WINDOWS\system32\drivers\msdsm.sys
16:45:08.0140 6116 msdsm - ok
16:45:08.0140 6116 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\WINDOWS\System32\msdtc.exe
16:45:08.0140 6116 MSDTC - ok
16:45:08.0155 6116 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:45:08.0155 6116 Msfs - ok
16:45:08.0155 6116 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
16:45:08.0155 6116 mshidkmdf - ok
16:45:08.0171 6116 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
16:45:08.0171 6116 msisadrv - ok
16:45:08.0171 6116 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
16:45:08.0171 6116 MSiSCSI - ok
16:45:08.0171 6116 msiserver - ok
16:45:08.0186 6116 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:45:08.0186 6116 MSKSSRV - ok
16:45:08.0186 6116 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:45:08.0186 6116 MSPCLOCK - ok
16:45:08.0186 6116 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:45:08.0186 6116 MSPQM - ok
16:45:08.0202 6116 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
16:45:08.0202 6116 MsRPC - ok
16:45:08.0202 6116 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\WINDOWS\system32\drivers\mssmbios.sys
16:45:08.0202 6116 mssmbios - ok
16:45:08.0218 6116 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:45:08.0218 6116 MSTEE - ok
16:45:08.0218 6116 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\WINDOWS\system32\DRIVERS\MTConfig.sys
16:45:08.0218 6116 MTConfig - ok
16:45:08.0218 6116 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
16:45:08.0218 6116 Mup - ok
16:45:08.0249 6116 [ 7725D189ED48B6EB7823EBA173519DB8 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:45:08.0249 6116 MyWiFiDHCPDNS - ok
16:45:08.0280 6116 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\WINDOWS\system32\qagentRT.dll
16:45:08.0280 6116 napagent - ok
16:45:08.0296 6116 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
16:45:08.0296 6116 NativeWifiP - ok
16:45:08.0311 6116 [ CE2156DF796D41614AB60E68D107D573 ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130801.034\NAVENG.SYS
16:45:08.0311 6116 NAVENG - ok
16:45:08.0374 6116 [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130801.034\NAVEX15.SYS
16:45:08.0389 6116 NAVEX15 - ok
16:45:08.0498 6116 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
16:45:08.0498 6116 NDIS - ok
16:45:08.0514 6116 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
16:45:08.0514 6116 NdisCap - ok
16:45:08.0530 6116 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:45:08.0530 6116 NdisTapi - ok
16:45:08.0530 6116 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:45:08.0530 6116 Ndisuio - ok
16:45:08.0530 6116 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:45:08.0545 6116 NdisWan - ok
16:45:08.0545 6116 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:45:08.0545 6116 NDProxy - ok
16:45:08.0545 6116 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:45:08.0545 6116 NetBIOS - ok
16:45:08.0561 6116 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:45:08.0561 6116 NetBT - ok
16:45:08.0561 6116 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:45:08.0576 6116 Netlogon - ok
16:45:08.0576 6116 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\WINDOWS\System32\netman.dll
16:45:08.0576 6116 Netman - ok
16:45:08.0592 6116 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:45:08.0592 6116 NetMsmqActivator - ok
16:45:08.0592 6116 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:45:08.0592 6116 NetPipeActivator - ok
16:45:08.0608 6116 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\WINDOWS\System32\netprofm.dll
16:45:08.0608 6116 netprofm - ok
16:45:08.0608 6116 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:45:08.0623 6116 NetTcpActivator - ok
16:45:08.0623 6116 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:45:08.0623 6116 NetTcpPortSharing - ok
16:45:09.0076 6116 [ B9D3D87B499A9D9261146EE8CF8F3F5A ] NETwNs32 C:\WINDOWS\system32\DRIVERS\NETwsn00.sys
16:45:09.0138 6116 NETwNs32 - ok
16:45:09.0138 6116 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\WINDOWS\system32\DRIVERS\nfrd960.sys
16:45:09.0154 6116 nfrd960 - ok
16:45:09.0154 6116 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
16:45:09.0154 6116 NlaSvc - ok
16:45:09.0185 6116 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf C:\WINDOWS\system32\drivers\npf.sys
16:45:09.0185 6116 npf - ok
16:45:09.0185 6116 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:45:09.0185 6116 Npfs - ok
16:45:09.0200 6116 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\WINDOWS\system32\nsisvc.dll
16:45:09.0200 6116 nsi - ok
16:45:09.0200 6116 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
16:45:09.0200 6116 nsiproxy - ok
16:45:09.0263 6116 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:45:09.0278 6116 Ntfs - ok
16:45:09.0294 6116 [ F9756A98D69098DCA8945D62858A812C ] Null C:\WINDOWS\system32\drivers\Null.sys
16:45:09.0294 6116 Null - ok
16:45:09.0310 6116 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
16:45:09.0310 6116 nvraid - ok
16:45:09.0325 6116 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
16:45:09.0325 6116 nvstor - ok
16:45:09.0341 6116 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
16:45:09.0341 6116 nv_agp - ok
16:45:09.0356 6116 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\WINDOWS\system32\drivers\ohci1394.sys
16:45:09.0356 6116 ohci1394 - ok
16:45:09.0372 6116 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:45:09.0372 6116 ose - ok
16:45:09.0575 6116 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:45:09.0606 6116 osppsvc - ok
16:45:09.0622 6116 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
16:45:09.0637 6116 p2pimsvc - ok
16:45:09.0684 6116 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
16:45:09.0700 6116 p2psvc - ok
16:45:09.0731 6116 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:45:09.0731 6116 Parport - ok
16:45:09.0731 6116 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
16:45:09.0731 6116 partmgr - ok
16:45:09.0746 6116 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\WINDOWS\system32\DRIVERS\parvdm.sys
16:45:09.0746 6116 Parvdm - ok
16:45:09.0746 6116 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
16:45:09.0762 6116 PcaSvc - ok
16:45:09.0762 6116 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\WINDOWS\system32\drivers\pci.sys
16:45:09.0762 6116 pci - ok
16:45:09.0778 6116 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\WINDOWS\system32\drivers\pciide.sys
16:45:09.0778 6116 pciide - ok
16:45:09.0793 6116 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:45:09.0793 6116 pcmcia - ok
16:45:09.0793 6116 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\WINDOWS\system32\drivers\pcw.sys
16:45:09.0793 6116 pcw - ok
16:45:09.0809 6116 PdiService - ok
16:45:09.0824 6116 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
16:45:09.0824 6116 PEAUTH - ok
16:45:09.0871 6116 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll
16:45:09.0871 6116 PeerDistSvc - ok
16:45:10.0012 6116 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\WINDOWS\system32\pla.dll
16:45:10.0027 6116 pla - ok
16:45:10.0043 6116 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
16:45:10.0043 6116 PlugPlay - ok
16:45:10.0058 6116 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
16:45:10.0058 6116 PNRPAutoReg - ok
16:45:10.0074 6116 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
16:45:10.0074 6116 PNRPsvc - ok
16:45:10.0074 6116 [ 226BAACBFA1BA1A4937935DBC23CB1CD ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
16:45:10.0074 6116 Point32 - ok
16:45:10.0090 6116 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
16:45:10.0090 6116 PolicyAgent - ok
16:45:10.0105 6116 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\WINDOWS\system32\umpo.dll
16:45:10.0105 6116 Power - ok
16:45:10.0105 6116 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:45:10.0105 6116 PptpMiniport - ok
16:45:10.0168 6116 [ 2A4514A9233D35A355F569FF8B8F6240 ] prepdrvr C:\WINDOWS\system32\CCM\prepdrv.sys
16:45:10.0168 6116 prepdrvr - ok
16:45:10.0183 6116 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:45:10.0183 6116 Processor - ok
16:45:10.0183 6116 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
16:45:10.0183 6116 ProfSvc - ok
16:45:10.0199 6116 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:45:10.0199 6116 ProtectedStorage - ok
16:45:10.0199 6116 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
16:45:10.0199 6116 Psched - ok
16:45:10.0261 6116 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\WINDOWS\system32\DRIVERS\ql2300.sys
16:45:10.0277 6116 ql2300 - ok
16:45:10.0277 6116 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\WINDOWS\system32\DRIVERS\ql40xx.sys
16:45:10.0277 6116 ql40xx - ok
16:45:10.0292 6116 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\WINDOWS\system32\qwave.dll
16:45:10.0292 6116 QWAVE - ok
16:45:10.0292 6116 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
16:45:10.0292 6116 QWAVEdrv - ok
16:45:10.0308 6116 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:45:10.0308 6116 RasAcd - ok
16:45:10.0308 6116 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
16:45:10.0308 6116 RasAgileVpn - ok
16:45:10.0308 6116 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:45:10.0324 6116 RasAuto - ok
16:45:10.0324 6116 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:45:10.0324 6116 Rasl2tp - ok
16:45:10.0339 6116 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:45:10.0339 6116 RasMan - ok
16:45:10.0355 6116 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:45:10.0355 6116 RasPppoe - ok
16:45:10.0355 6116 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
16:45:10.0355 6116 RasSstp - ok
16:45:10.0370 6116 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:45:10.0370 6116 rdbss - ok
16:45:10.0386 6116 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\WINDOWS\system32\DRIVERS\rdpbus.sys
16:45:10.0386 6116 rdpbus - ok
16:45:10.0386 6116 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:45:10.0386 6116 RDPCDD - ok
16:45:10.0386 6116 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
16:45:10.0402 6116 RDPDR - ok
16:45:10.0402 6116 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\WINDOWS\system32\drivers\rdpencdd.sys
16:45:10.0402 6116 RDPENCDD - ok
16:45:10.0402 6116 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\WINDOWS\system32\drivers\rdprefmp.sys
16:45:10.0402 6116 RDPREFMP - ok
16:45:10.0417 6116 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:45:10.0417 6116 RDPWD - ok
16:45:10.0417 6116 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
16:45:10.0417 6116 rdyboost - ok
16:45:10.0433 6116 [ F27E4291C2C017BDE3EE7C2784C7ED68 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:45:10.0433 6116 RegSrvc - ok
16:45:10.0433 6116 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:45:10.0448 6116 RemoteAccess - ok
16:45:10.0448 6116 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:45:10.0448 6116 RemoteRegistry - ok
16:45:10.0448 6116 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
16:45:10.0464 6116 RFCOMM - ok
16:45:10.0464 6116 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
16:45:10.0464 6116 rimmptsk - ok
16:45:10.0464 6116 [ E891F07815AF88075705EF6A248711F6 ] rimspci C:\WINDOWS\system32\drivers\rimspe86.sys
16:45:10.0464 6116 rimspci - ok
16:45:10.0480 6116 [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk C:\WINDOWS\system32\drivers\rimsptsk.sys
16:45:10.0480 6116 rimsptsk - ok
16:45:10.0480 6116 [ BBCE96557881586683611C561FB06269 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
16:45:10.0480 6116 RimUsb - ok
16:45:10.0480 6116 [ C4F4FCD5AE48BDD31648981DDF8EF993 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
16:45:10.0480 6116 RimVSerPort - ok
16:45:10.0495 6116 [ D853D35F792A3A44726A794BF9A0BBC3 ] risdpcie C:\WINDOWS\system32\drivers\risdpe86.sys
16:45:10.0495 6116 risdpcie - ok
16:45:10.0495 6116 [ 470FC46E2989F6606043C1C5365B15FD ] rismc32 C:\WINDOWS\system32\DRIVERS\rismc32.sys
16:45:10.0495 6116 rismc32 - ok
16:45:10.0495 6116 [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp C:\WINDOWS\system32\drivers\rixdptsk.sys
16:45:10.0511 6116 rismxdp - ok
16:45:10.0511 6116 [ 6A60626412129C713CC30C81870A8095 ] rixdpcie C:\WINDOWS\system32\drivers\rixdpe86.sys
16:45:10.0511 6116 rixdpcie - ok
16:45:10.0511 6116 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
16:45:10.0511 6116 ROOTMODEM - ok
16:45:10.0511 6116 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
16:45:10.0526 6116 RpcEptMapper - ok
16:45:10.0526 6116 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\WINDOWS\system32\locator.exe
16:45:10.0526 6116 RpcLocator - ok
16:45:10.0542 6116 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:45:10.0542 6116 RpcSs - ok
16:45:10.0542 6116 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
16:45:10.0558 6116 rspndr - ok
16:45:10.0558 6116 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\WINDOWS\system32\drivers\vms3cap.sys
16:45:10.0558 6116 s3cap - ok
16:45:10.0558 6116 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\WINDOWS\system32\lsass.exe
16:45:10.0558 6116 SamSs - ok
16:45:10.0573 6116 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
16:45:10.0573 6116 sbp2port - ok
16:45:10.0573 6116 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
16:45:10.0573 6116 SCardSvr - ok
16:45:10.0589 6116 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
16:45:10.0589 6116 scfilter - ok
16:45:10.0604 6116 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:45:10.0620 6116 Schedule - ok
16:45:10.0620 6116 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
16:45:10.0620 6116 SCPolicySvc - ok
16:45:10.0620 6116 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\WINDOWS\system32\drivers\sdbus.sys
16:45:10.0620 6116 sdbus - ok
16:45:10.0636 6116 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
16:45:10.0636 6116 SDRSVC - ok
16:45:10.0636 6116 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
16:45:10.0636 6116 secdrv - ok
16:45:10.0651 6116 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\WINDOWS\system32\seclogon.dll
16:45:10.0651 6116 seclogon - ok
16:45:10.0651 6116 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\WINDOWS\system32\sens.dll
16:45:10.0651 6116 SENS - ok
16:45:10.0667 6116 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
16:45:10.0667 6116 SensrSvc - ok
16:45:10.0667 6116 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:45:10.0667 6116 Serenum - ok
16:45:10.0667 6116 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:45:10.0667 6116 Serial - ok
16:45:10.0682 6116 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\WINDOWS\system32\DRIVERS\sermouse.sys
16:45:10.0682 6116 sermouse - ok
16:45:10.0682 6116 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\WINDOWS\system32\sessenv.dll
16:45:10.0698 6116 SessionEnv - ok
16:45:10.0698 6116 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\WINDOWS\system32\drivers\sffdisk.sys
16:45:10.0698 6116 sffdisk - ok
16:45:10.0698 6116 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\WINDOWS\system32\drivers\sffp_mmc.sys
16:45:10.0698 6116 sffp_mmc - ok
16:45:10.0714 6116 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\WINDOWS\system32\drivers\sffp_sd.sys
16:45:10.0714 6116 sffp_sd - ok
16:45:10.0714 6116 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
16:45:10.0714 6116 sfloppy - ok
16:45:10.0729 6116 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:45:10.0729 6116 SharedAccess - ok
16:45:10.0745 6116 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:45:10.0745 6116 ShellHWDetection - ok
16:45:10.0760 6116 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\WINDOWS\system32\drivers\sisagp.sys
16:45:10.0760 6116 sisagp - ok
16:45:10.0760 6116 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys
16:45:10.0760 6116 SiSRaid2 - ok
16:45:10.0776 6116 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\WINDOWS\system32\DRIVERS\sisraid4.sys
16:45:10.0776 6116 SiSRaid4 - ok
16:45:10.0776 6116 [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:45:10.0776 6116 SkypeUpdate - ok
16:45:10.0792 6116 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\WINDOWS\system32\DRIVERS\smb.sys
16:45:10.0792 6116 Smb - ok
16:45:10.0854 6116 [ 16176075021462D37EDABB98DEA753D0 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
16:45:10.0870 6116 SmcService - ok
16:45:10.0885 6116 smstsmgr - ok
16:45:10.0901 6116 [ 1C48F2DF2CF97504169E63C37A2818B2 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
16:45:10.0901 6116 SNAC - ok
16:45:10.0916 6116 [ 222024E762DDE87712BA7170DACC7A25 ] SndTAudio C:\WINDOWS\system32\drivers\SndTAudio.sys
16:45:10.0916 6116 SndTAudio - ok
16:45:10.0916 6116 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
16:45:10.0916 6116 SNMPTRAP - ok
16:45:10.0979 6116 [ 4D8A49526AA035B1A8FF3FE6807783F5 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
16:45:10.0994 6116 SNP2UVC - ok
16:45:11.0072 6116 [ E87CF104F12C92401C4D33C50A3D5DC8 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
16:45:11.0072 6116 SPBBCDrv - ok
16:45:11.0088 6116 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\WINDOWS\system32\drivers\spldr.sys
16:45:11.0088 6116 spldr - ok
16:45:11.0104 6116 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\WINDOWS\System32\spoolsv.exe
16:45:11.0104 6116 Spooler - ok
16:45:11.0260 6116 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
16:45:11.0275 6116 sppsvc - ok
16:45:11.0275 6116 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\WINDOWS\system32\sppuinotify.dll
16:45:11.0275 6116 sppuinotify - ok
16:45:11.0306 6116 [ 620BBCC5C4C4407447866793C36E1215 ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
16:45:11.0306 6116 SRTSP - ok
16:45:11.0322 6116 [ 995E15DE499CA58445E39A2FBA7D170E ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
16:45:11.0322 6116 SRTSPL - ok
16:45:11.0338 6116 [ 1B63F794F283B974A79084514DF206A0 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
16:45:11.0338 6116 SRTSPX - ok
16:45:11.0338 6116 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:45:11.0353 6116 srv - ok
16:45:11.0353 6116 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
16:45:11.0353 6116 srv2 - ok
16:45:11.0369 6116 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
16:45:11.0369 6116 srvnet - ok
16:45:11.0369 6116 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:45:11.0369 6116 SSDPSRV - ok
16:45:11.0384 6116 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
16:45:11.0384 6116 SstpSvc - ok
16:45:11.0400 6116 [ 03F6CF42A1DB74290448CDE668578C87 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
16:45:11.0400 6116 STacSV - ok
16:45:11.0400 6116 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\WINDOWS\system32\DRIVERS\stexstor.sys
16:45:11.0400 6116 stexstor - ok
16:45:11.0431 6116 [ 8A8246F40792956E957F3E8D0C188963 ] STHDA C:\WINDOWS\system32\DRIVERS\stwrt.sys
16:45:11.0431 6116 STHDA - ok
16:45:11.0462 6116 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\WINDOWS\System32\wiaservc.dll
16:45:11.0462 6116 StiSvc - ok
16:45:11.0478 6116 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
16:45:11.0478 6116 storflt - ok
16:45:11.0478 6116 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\WINDOWS\system32\storsvc.dll
16:45:11.0494 6116 StorSvc - ok
16:45:11.0494 6116 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
16:45:11.0494 6116 storvsc - ok
16:45:11.0494 6116 svctimegsc - ok
16:45:11.0509 6116 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\WINDOWS\system32\drivers\swenum.sys
16:45:11.0509 6116 swenum - ok
16:45:11.0525 6116 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\WINDOWS\System32\swprv.dll
16:45:11.0525 6116 swprv - ok
16:45:11.0572 6116 [ DC358448CD60F6739C58361A0A5FDA0B ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
16:45:11.0587 6116 Symantec AntiVirus - ok
16:45:11.0587 6116 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:45:11.0587 6116 SymEvent - ok
16:45:11.0634 6116 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:45:11.0634 6116 SynTP - ok
16:45:11.0681 6116 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\WINDOWS\system32\sysmain.dll
16:45:11.0696 6116 SysMain - ok
16:45:11.0712 6116 [ C8F9EB4AC42740D036B0B9F0809B335B ] SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
16:45:11.0712 6116 SysPlant - ok
16:45:11.0712 6116 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
16:45:11.0712 6116 TabletInputService - ok
16:45:11.0728 6116 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:45:11.0728 6116 TapiSrv - ok
16:45:11.0743 6116 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\WINDOWS\System32\tbssvc.dll
16:45:11.0743 6116 TBS - ok
16:45:11.0774 6116 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
16:45:11.0790 6116 Tcpip - ok
16:45:11.0806 6116 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:45:11.0821 6116 TCPIP6 - ok
16:45:11.0821 6116 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
16:45:11.0821 6116 tcpipreg - ok
16:45:11.0837 6116 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\WINDOWS\system32\drivers\tdpipe.sys
16:45:11.0837 6116 TDPIPE - ok
16:45:11.0837 6116 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\WINDOWS\system32\drivers\tdtcp.sys
16:45:11.0837 6116 TDTCP - ok
16:45:11.0837 6116 [ B459575348C20E8121D6039DA063C704 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
16:45:11.0837 6116 tdx - ok
16:45:11.0852 6116 [ 8F9BF086FED2C7C076A7A4B8E8A24FE9 ] Teefer3 C:\WINDOWS\system32\DRIVERS\Teefer3.sys
16:45:11.0852 6116 Teefer3 - ok
16:45:11.0852 6116 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\WINDOWS\system32\drivers\termdd.sys
16:45:11.0852 6116 TermDD - ok
16:45:11.0868 6116 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\WINDOWS\System32\termsrv.dll
16:45:11.0884 6116 TermService - ok
16:45:11.0884 6116 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\WINDOWS\system32\themeservice.dll
16:45:11.0884 6116 Themes - ok
16:45:11.0884 6116 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\WINDOWS\system32\mmcss.dll
16:45:11.0884 6116 THREADORDER - ok
16:45:11.0899 6116 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
16:45:11.0899 6116 TPM - ok
16:45:11.0899 6116 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\WINDOWS\System32\trkwks.dll
16:45:11.0899 6116 TrkWks - ok
16:45:11.0915 6116 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
16:45:11.0915 6116 TrustedInstaller - ok
16:45:11.0915 6116 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\WINDOWS\system32\DRIVERS\tssecsrv.sys
16:45:11.0915 6116 tssecsrv - ok
16:45:11.0930 6116 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
16:45:11.0930 6116 TsUsbFlt - ok
16:45:11.0930 6116 [ EE87C7A7A0EBEDF713A152CA0D0462D6 ] TuneConvertAudio C:\WINDOWS\system32\drivers\TuneConvertAudio.sys
16:45:11.0946 6116 TuneConvertAudio - ok
16:45:11.0946 6116 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
16:45:11.0946 6116 tunnel - ok
16:45:11.0946 6116 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
16:45:11.0946 6116 uagp35 - ok
16:45:11.0962 6116 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
16:45:11.0962 6116 udfs - ok
16:45:11.0977 6116 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
16:45:11.0977 6116 UI0Detect - ok
16:45:11.0977 6116 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
16:45:11.0977 6116 uliagpkx - ok
16:45:11.0993 6116 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\WINDOWS\system32\drivers\umbus.sys
16:45:11.0993 6116 umbus - ok
16:45:11.0993 6116 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\WINDOWS\system32\DRIVERS\umpass.sys
16:45:11.0993 6116 UmPass - ok
16:45:11.0993 6116 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
16:45:12.0008 6116 UmRdpService - ok
16:45:12.0086 6116 [ C08C80B786FC6EEBD4B0E6E4E039D8B7 ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:45:12.0102 6116 UNS - ok
16:45:12.0118 6116 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:45:12.0118 6116 upnphost - ok
16:45:12.0133 6116 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
16:45:12.0133 6116 USBAAPL - ok
16:45:12.0133 6116 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:45:12.0133 6116 usbccgp - ok
16:45:12.0149 6116 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\WINDOWS\system32\drivers\usbcir.sys
16:45:12.0149 6116 usbcir - ok
16:45:12.0149 6116 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\WINDOWS\system32\drivers\usbehci.sys
16:45:12.0149 6116 usbehci - ok
16:45:12.0164 6116 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:45:12.0164 6116 usbhub - ok
16:45:12.0164 6116 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\WINDOWS\system32\drivers\usbohci.sys
16:45:12.0164 6116 usbohci - ok
16:45:12.0164 6116 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:45:12.0164 6116 usbprint - ok
16:45:12.0180 6116 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:45:12.0180 6116 usbscan - ok
16:45:12.0180 6116 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\WINDOWS\system32\drivers\USBSTOR.SYS
16:45:12.0180 6116 USBSTOR - ok
16:45:12.0180 6116 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\WINDOWS\system32\drivers\usbuhci.sys
16:45:12.0180 6116 usbuhci - ok
16:45:12.0196 6116 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\WINDOWS\System32\uxsms.dll
16:45:12.0196 6116 UxSms - ok
16:45:12.0196 6116 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\WINDOWS\system32\lsass.exe
16:45:12.0196 6116 VaultSvc - ok
16:45:12.0258 6116 [ 8C72E0E88E5A1A70691135864F2F7F1B ] vcsFPService C:\WINDOWS\system32\vcsFPService.exe
16:45:12.0274 6116 vcsFPService - ok
16:45:12.0289 6116 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
16:45:12.0289 6116 vdrvroot - ok
16:45:12.0305 6116 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\WINDOWS\System32\vds.exe
16:45:12.0305 6116 vds - ok
16:45:12.0305 6116 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\WINDOWS\system32\DRIVERS\vgapnp.sys
16:45:12.0305 6116 vga - ok
16:45:12.0320 6116 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:45:12.0320 6116 VgaSave - ok
16:45:12.0320 6116 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\WINDOWS\system32\drivers\vhdmp.sys
16:45:12.0320 6116 vhdmp - ok
16:45:12.0336 6116 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\WINDOWS\system32\drivers\viaagp.sys
16:45:12.0336 6116 viaagp - ok
16:45:12.0336 6116 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\WINDOWS\system32\DRIVERS\viac7.sys
16:45:12.0336 6116 ViaC7 - ok
16:45:12.0336 6116 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\WINDOWS\system32\drivers\viaide.sys
16:45:12.0336 6116 viaide - ok
16:45:12.0352 6116 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
16:45:12.0352 6116 vmbus - ok
16:45:12.0352 6116 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\WINDOWS\system32\drivers\VMBusHID.sys
16:45:12.0352 6116 VMBusHID - ok
16:45:12.0352 6116 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
16:45:12.0367 6116 volmgr - ok
16:45:12.0367 6116 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
16:45:12.0367 6116 volmgrx - ok
16:45:12.0383 6116 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
16:45:12.0383 6116 volsnap - ok
16:45:12.0398 6116 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\WINDOWS\system32\DRIVERS\vsmraid.sys
16:45:12.0398 6116 vsmraid - ok
16:45:12.0430 6116 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\WINDOWS\system32\vssvc.exe
16:45:12.0430 6116 VSS - ok
16:45:12.0445 6116 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\WINDOWS\system32\DRIVERS\vwifibus.sys
16:45:12.0445 6116 vwifibus - ok
16:45:12.0445 6116 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
16:45:12.0445 6116 vwififlt - ok
16:45:12.0445 6116 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
16:45:12.0461 6116 vwifimp - ok
16:45:12.0461 6116 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\WINDOWS\system32\w32time.dll
16:45:12.0476 6116 W32Time - ok
16:45:12.0476 6116 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\WINDOWS\system32\DRIVERS\wacompen.sys
16:45:12.0476 6116 WacomPen - ok
16:45:12.0476 6116 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:45:12.0476 6116 WANARP - ok
16:45:12.0492 6116 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:45:12.0492 6116 Wanarpv6 - ok
16:45:12.0523 6116 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\WINDOWS\system32\wbengine.exe
16:45:12.0523 6116 wbengine - ok
16:45:12.0539 6116 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
16:45:12.0539 6116 WbioSrvc - ok
16:45:12.0554 6116 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
16:45:12.0554 6116 wcncsvc - ok
16:45:12.0554 6116 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
16:45:12.0554 6116 WcsPlugInService - ok
16:45:12.0570 6116 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\WINDOWS\system32\DRIVERS\wd.sys
16:45:12.0570 6116 Wd - ok
16:45:12.0601 6116 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
16:45:12.0601 6116 Wdf01000 - ok
16:45:12.0617 6116 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
16:45:12.0617 6116 WdiServiceHost - ok
16:45:12.0617 6116 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
16:45:12.0617 6116 WdiSystemHost - ok
16:45:12.0632 6116 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\WINDOWS\System32\webclnt.dll
16:45:12.0632 6116 WebClient - ok
16:45:12.0632 6116 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
16:45:12.0632 6116 Wecsvc - ok
16:45:12.0648 6116 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
16:45:12.0648 6116 wercplsupport - ok
16:45:12.0648 6116 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
16:45:12.0648 6116 WerSvc - ok
16:45:12.0664 6116 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\WINDOWS\system32\DRIVERS\wfplwf.sys
16:45:12.0664 6116 WfpLwf - ok
16:45:12.0664 6116 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
16:45:12.0664 6116 WIMMount - ok
16:45:12.0679 6116 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:45:12.0695 6116 WinDefend - ok
16:45:12.0695 6116 WinHttpAutoProxySvc - ok
16:45:12.0710 6116 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:45:12.0710 6116 Winmgmt - ok
16:45:12.0742 6116 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\WINDOWS\system32\WsmSvc.dll
16:45:12.0757 6116 WinRM - ok
16:45:12.0773 6116 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:45:12.0773 6116 WinUSB - ok
16:45:12.0788 6116 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\WINDOWS\System32\wlansvc.dll
16:45:12.0804 6116 Wlansvc - ok
16:45:12.0804 6116 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\WINDOWS\system32\drivers\wmiacpi.sys
16:45:12.0804 6116 WmiAcpi - ok
16:45:12.0820 6116 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
16:45:12.0820 6116 wmiApSrv - ok
16:45:12.0851 6116 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:45:12.0866 6116 WMPNetworkSvc - ok
16:45:12.0882 6116 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
16:45:12.0882 6116 WPCSvc - ok
16:45:12.0898 6116 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
16:45:12.0898 6116 WPDBusEnum - ok
16:45:12.0913 6116 [ D81EF0D8716500A573CD82185EF3E42D ] WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys
16:45:12.0913 6116 WPS - ok
16:45:12.0913 6116 [ C306D2037EC147C7C663994F12B87F1E ] WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys
16:45:12.0913 6116 WpsHelper - ok
16:45:12.0929 6116 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
16:45:12.0929 6116 ws2ifsl - ok
16:45:12.0929 6116 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
16:45:12.0929 6116 WsAudio_DeviceS(1) - ok
16:45:12.0944 6116 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
16:45:12.0944 6116 WsAudio_DeviceS(2) - ok
16:45:12.0944 6116 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
16:45:12.0944 6116 WsAudio_DeviceS(3) - ok
16:45:12.0960 6116 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
16:45:12.0960 6116 WsAudio_DeviceS(4) - ok
16:45:12.0960 6116 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
16:45:12.0960 6116 WsAudio_DeviceS(5) - ok
16:45:12.0960 6116 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:45:12.0976 6116 wscsvc - ok
16:45:12.0976 6116 WSearch - ok
16:45:13.0038 6116 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\WINDOWS\system32\wuaueng.dll
16:45:13.0054 6116 wuauserv - ok
16:45:13.0054 6116 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
16:45:13.0054 6116 WudfPf - ok
16:45:13.0069 6116 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
16:45:13.0069 6116 WUDFRd - ok
16:45:13.0085 6116 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
16:45:13.0085 6116 wudfsvc - ok
16:45:13.0085 6116 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
16:45:13.0085 6116 WwanSvc - ok
16:45:13.0178 6116 [ E30CE359A21C8DE5C7DEC026748EC414 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
16:45:13.0210 6116 ZeroConfigService - ok
16:45:13.0241 6116 ================ Scan global ===============================
16:45:13.0256 6116 [ DAB748AE0439955ED2FA22357533DDDB ] C:\WINDOWS\system32\basesrv.dll
16:45:13.0272 6116 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\WINDOWS\system32\winsrv.dll
16:45:13.0272 6116 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\WINDOWS\system32\winsrv.dll
16:45:13.0288 6116 [ 364455805E64882844EE9ACB72522830 ] C:\WINDOWS\system32\sxssrv.dll
16:45:13.0288 6116 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\WINDOWS\system32\services.exe
16:45:13.0303 6116 [Global] - ok
16:45:13.0303 6116 ================ Scan MBR ==================================
16:45:13.0303 6116 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:45:13.0849 6116 \Device\Harddisk0\DR0 - ok
16:45:13.0849 6116 ================ Scan VBR ==================================
16:45:13.0865 6116 [ 59D3FB1DEE17B0F130E62517EF4FFB2C ] \Device\Harddisk0\DR0\Partition1
16:45:13.0865 6116 \Device\Harddisk0\DR0\Partition1 - ok
16:45:13.0896 6116 [ DB7470E5A16E8B37BB1096C3F18DF927 ] \Device\Harddisk0\DR0\Partition2
16:45:13.0896 6116 \Device\Harddisk0\DR0\Partition2 - ok
16:45:13.0896 6116 ============================================================
16:45:13.0896 6116 Scan finished
16:45:13.0896 6116 ============================================================
16:45:13.0896 4948 Detected object count: 0
16:45:13.0896 4948 Actual detected object count: 0
 
Great! Thank you, Phoo.

You can delete TDSS Killer from your desktop and do the following to implement cleanup procedures an also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.



The reason I asked for the TDSS Killer scan was the indication in the original DDS.scr log which was showing a possible TDSS infection related to \Device\Ide\IAAStorageDevice. When comparing the DPC Latency images from when you first came here for help to now, there is an improvement. However, since hardware isn't my specialty, I will contact satrow to let him know your computer is clean and ask him to take over here rather than in your original topic since that has gone a bit off course.
 
Last edited:
Thanks Corrine, please step back in any time you want :)

Hi again, Phoo.

Your xPerf trace looks interesting (I've yet to fully study the logs, more on logs later), the major spike at ~5.25 seconds is different to all the others logged - everything in the trace spikes at the same time. That's making me think there's something very deep behind this, close to the Windows kernel or possibly in hardware (which may point us back to iaStor.sys - hard drive issues?). Security software also kicks in at this level.

Hardware problems trump anything we can do with software/driver juggling, so let's run some checks on the hard drive and get some baseline logs as well; carefully read and follow the BSOD instructions here, pay close attention to Autoruns and running the collection App as Administrator; when collection is complete, post the required logs back here and then continue with the hard drive diagnostics from part #6 of the BSOD sticky.

We're several time zones apart so it might be some time before I can study the logs, so in the meantime you can enable Driver Verifier, also in part #6, read the instructions very carefully - yes, it will make any 'lag' worse, it's designed to stress drivers to flush out any bad ones - it may cause a non-boot scenario, you'll need to read how to work around that possibility!

Any problems, post back and we'll try to help keep you on track.
 
Thank you Corinne, satrow and Digerati for the work you've done and the time taken to respond. satrow, I will continue as directed this evening. A couple of interesting notes- Corinne you stated potential issue with \Device\Ide\IAAStorageDevice. I know about 2/3's of the time when pulling up the DPC CPU usage xperf table, iastor.sys was at the top of the list. When I first started having this issue, I did try to update that driver, though it was hard to find at first from the HP site. i finally found the right version and updated, but it didn't seem to make a difference. Anyway, I wonder if it being at the top of the list is related to your comment.

The other interesting note- Corinne I ran ComboFix /Uninstall as you said to, and it appeared as if it simply ran combofix again. When it did that though, THIS time around (about midway through, sorry I'm not sure what Stage it was in), it came up with a message about a kernel being infected, which it fixed. I ran to get a pen to jot the name down, but it disappeared before I had a chance to do so. Combo fix did not display this message the first time I ran it.

Again, I will make sure to continue with your path forward this evening. I'm using a different laptop at the moment (no pauses...... ahhhhhhhh), but will resume tonight.

satrow, what tables would you like me to pull up from xperf?
 
AwwPhooey said:
The other interesting note- Corinne I ran ComboFix /Uninstall as you said to, and it appeared as if it simply ran combofix again. When it did that though, THIS time around (about midway through, sorry I'm not sure what Stage it was in), it came up with a message about a kernel being infected, which it fixed.
Click to expand...
Corrine, I think this puts the ball back in your court.

Phoo, I wouldn't do anything in software with the PC until Corrine has given you further instructions, if there is a confirmed new development, that needs dealing with first.
 
ok NP- I edited my post after you replied. After Corinne helps me get this worked out, are there any particular tables from xperf you'd like to see?
 
Phoo, please check to see if you still have C:\Qoobox on your computer with a run date of 03/08/2013. If you do, please copy/paste the log.
 
Corrine said:
Phoo, please check to see if you still have C:\Qoobox on your computer with a run date of 03/08/2013. If you do, please copy/paste the log.
Click to expand...
Phoo, priority above ^^



If you get the all-clear from Corrine soon and you still have the DPC issue, please continue as per my post #9; depending on the drive test results, any Driver Verified crashes and the details in the needed logs, I may ask you to run a specific xPerf trace to gain yet another log for us to examine. Anyway, good hunting :)
 
Corinne - I just deleted my last post as I wasn't sure what exactly I should be sending. Here's screen shots of what c:\Qoobox brings up.

c folder.jpgquarantine folder.jpgqoobox.jpg
 
No log was produced and there was no change in the dates of any of the folders that might provide an indication of what was replaced. That said, any replacement would have been from an earlier version on your computer. So, let's see if it has made a difference in the latency issues. Please run the tests requested by satrow.
 
Thanks Corinne~

Here you go satrow, please let me know if I did not do this correctly.
thanks again.
 

Attachments

Thanks Phoo,

The overriding feeling I have on reading the logs is that I really shouldn't be 'tampering with' what looks like a business machine with mapped drives and Group Policy and all the other complexities that go along with that.
 
Ok satrow, no problem. When I went from working at a site to telecommuting, one of the caveats was I had to have my personal laptop loaded with things to allow me to log in. I went to one of our IT guys when this first started happening (really small group), he had it for an hour, couldn't tell what the problem was and said if I figured it out, let him know. Uh... ok. Thus, my own research and ending up here. I was really hoping this would have been a simple "Yeah, the issue is tis driver, update it and you'll be good." Didn't realize we'd be going this far down a path. Guess I'll have to start considering buying a second laptop.

Well, I do appreciate all of the time you and Corinne put in, thanks for extending yourself and being cordial.

Phoo
 
I was sounding you out, not closing the door on you ;)

Standard troubleshooting techniques for issues like these would probably include removing all current 3rd party (non-Windows) security software, replacing with Microsoft Security Essentials (MSE) which is least likely to cause any issues, and 'breaking' the mapped drives, followed by some hard testing to see if the issues reported changed in anyway. As you can guess, in a corporate situation, this would be 'frowned upon'.

Continue with the tests remaining from #9, let's see if they make things any clearer.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top