Sunshine2
-
Posts
25 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Sunshine2
-
-
It seems ok - and I'll re-update Firefox. Thanks for your help.
-
-
It found 2 apps to update:
-
I don't see the message from OpenDNS any more. ESET did not find anything either; I've attached the log.
Thank you for your help!
-
I'm starting to wonder if it is a misleading message from OpenDNS. I still see the error message when I log in, but haven't gotten any answer from their support as to what is triggering the message.
But I would like to follow through with your suggestions to make sure.
I won't be back to this for a few days.
Thank you for your help!
-
Thanks - I've done that and attached logs as requested.
malwarebytes10-14-20.txt FRST.txt Addition.txt AdwCleaner[C00].txt
-
Yes, please, I could use some help.
-
Hello,
I use OpenDNS to do filtering at home. The dashboard said 'malware/botnet activity detected with past 14 days'. I wasn't able to see anything in my history when I looked to see what was blocked there, so ran MB which found nothing. I've attached the logs requested. Any advice is appreciated as to what my next step, if anything, should be.
Thank you.
-
Once again, thank you for your help. I appreciate it.
-
Those went fine. Looks like I need to be better about keeping things updated. Sometimes I think the little people I share the computer with just close windows they don't know what to do with.
-
Oh, that's a hidden file/folder thing. Got it.
-
Weird. I couldn't go through Windows Explorer to find that file, I had to search for it. It was modified yesterday and had a .bak file too. I deleted them both - I hadn't ever created it myself. Looks like some people use it for Firefox preferences; I'm not rememebering using it.
Here is the checkup.txt:
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Scholastic's I SPY Junior
SpywareBlaster 4.6
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
-
My computer seems to be fine. After you helped me fix up the stuff I had in August, having Norton tell me it found something now made me want to be especially careful and thoroughly check things out.
ESET said it found:
C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan
C:\Users\Sunshine\AppData\Roaming\Mozilla\Firefox\Profiles\dd8pwjtk.default\user.js JS/SecurityDisabler.A.Gen application
The log it created is here:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=96e8bb531958f44dbdb058d69d0adfb5
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-04 03:33:03
# local_time=2012-12-04 09:33:03 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 98 137825 105211279 0 0
# compatibility_mode=5893 16776574 66 85 6859084 106179974 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=3117
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=96e8bb531958f44dbdb058d69d0adfb5
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-04 04:14:02
# local_time=2012-12-04 10:14:02 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 98 0 105213738 0 0
# compatibility_mode=5893 16776574 66 85 6861543 106182433 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=2229
-
Here are my logs:
Combofix:
ComboFix 12-12-02.01 - Sunshine 12/03/2012 15:45:19.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.2015 [GMT -6:00]
Running from: c:\users\Sunshine\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 21:51 . 2012-12-03 21:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-03 21:51 . 2012-12-03 21:51 -------- d-----w- c:\users\Nicole\AppData\Local\temp
2012-12-03 21:51 . 2012-12-03 21:51 -------- d-----w- c:\users\Nicole.Sunshine-DellPC\AppData\Local\temp
2012-12-03 21:51 . 2012-12-03 21:51 -------- d-----w- c:\users\Nels\AppData\Local\temp
2012-12-03 21:51 . 2012-12-03 21:51 -------- d-----w- c:\users\Homework\AppData\Local\temp
2012-12-03 21:51 . 2012-12-03 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-03 21:51 . 2012-12-03 21:51 -------- d-----w- c:\users\Brita\AppData\Local\temp
2012-12-02 04:01 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-02 04:00 . 2012-12-02 04:01 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-02 04:00 . 2012-12-02 04:00 -------- d-----w- c:\users\Sunshine\AppData\Local\Programs
2012-11-26 15:50 . 2012-11-26 15:50 -------- d-----w- c:\users\Nicole.Sunshine-DellPC\AppData\Roaming\CyberLink
2012-11-15 22:14 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 22:14 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 22:14 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 22:14 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 22:14 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 22:14 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 22:14 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 22:14 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 22:13 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 22:12 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 22:12 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 22:12 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 22:12 . 2012-10-18 22:12 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-17 15:47 . 2010-03-21 05:59 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-10-17 15:47 . 2010-03-23 17:46 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-10-17 15:47 . 2010-05-21 23:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-10-16 07:39 . 2012-11-28 14:01 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 20:46 . 2012-04-23 20:10 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 20:46 . 2011-05-17 14:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 00:54 . 2011-12-01 04:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 04:16 . 2012-10-26 22:58 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-21 13:07 . 2010-03-21 05:54 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 13:06 . 2010-05-19 22:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-14 18:28 . 2012-10-10 13:04 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-05 14:39 . 2012-08-30 04:01 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 14:39 . 2010-08-11 15:24 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-05 14:12 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-10-28 02:44 . 2012-10-28 02:44 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Sunshine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Sunshine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Sunshine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\Sunshine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-12-26 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-23 7514656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\ismagent.exe" [2012-08-07 155456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Intel AppUp(SM) center Systray"="c:\program files\Intel\IntelAppStore\bin\AppUp.exe" [2012-08-07 901416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-12-12 50688]
TimesUpKidz Reminders.lnk - c:\windows\Installer\{837DA79C-B12B-4709-9B9B-16D1468E418A}\_E0FC1390CC082CEC4B7147.exe [2012-4-2 17542]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121130.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0604000.009\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [x]
S2 TimesUpKidz;TimesUpKidz;c:\program files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 20:46]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 18:56]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 18:56]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\users\Sunshine\AppData\Roaming\Mozilla\Firefox\Profiles\dd8pwjtk.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-84977827.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1498416925-3057025073-3905950374-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1498416925-3057025073-3905950374-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5416)
c:\users\Sunshine\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-12-03 15:52:24
ComboFix-quarantined-files.txt 2012-12-03 21:52
ComboFix2.txt 2012-09-03 01:01
.
Pre-Run: 167,059,918,848 bytes free
Post-Run: 166,900,908,032 bytes free
.
- - End Of File - - 370E4D5EDC9D5E06EABEA160205C27C8
Mbar-log:
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.12.03.13
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sunshine :: Sunshine-DELLPC [administrator]
12/3/2012 4:40:46 PM
mbar-log-2012-12-03 (16-40-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 27896
Time elapsed: 8 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
System-log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.926000 GHz
Memory total: 3184513024, free: 1754730496
------------ Kernel report ------------
12/03/2012 16:31:30
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\N360\0604000.009\SYMDS.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\N360\0604000.009\SYMEFA.SYS
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\N360\0604000.009\ccSetx86.sys
\SystemRoot\System32\Drivers\N360\0604000.009\SRTSP.SYS
\SystemRoot\system32\drivers\N360\0604000.009\Ironx86.SYS
\SystemRoot\system32\drivers\N360\0604000.009\SRTSPX.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\N360\0604000.009\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121130.001\IDSvix86.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\HSXHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\XAudio32.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121130.005\BHDrvx86.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121203.002\NAVEX15.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121203.002\NAVENG.SYS
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Users\Sunshine\AppData\Local\Temp\catchme.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff891b4560
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xffffffff891b04e8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff891b4ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xffffffff85595ca8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff891b2560
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007c\
Lower Device Object: 0xffffffff88d21678
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff891b2ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007b\
Lower Device Object: 0xffffffff855bdca8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86ce3030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff85ea6028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.03.13
Downloaded database version: v2012.11.30.01
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86ce3030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ce3d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86ce3030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85ea6028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xffffffffa095b4c8, 0xffffffff86ce3030, 0xffffffff88c71208
Lower DeviceData: 0xffffffffcfd34f48, 0xffffffff85ea6028, 0xffffffff85773548
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7740BF64
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 81920 Numsec = 30720000
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 30801920 Numsec = 457477282
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250000000000 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-488261250-488281250)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff891b2ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff891bad10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff891b2ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff855bdca8, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff891b2560, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88d1d588, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff891b2560, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88d21678, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff891b4ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88d28910, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff891b4ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85595ca8, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff891b4560, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85578d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff891b4560, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff891b04e8, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
Adw:
# AdwCleaner v2.011 - Logfile created 12/03/2012 at 16:45:00
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Sunshine - Sunshine-DELLPC
# Boot Mode : Normal
# Running from : C:\Users\Sunshine\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Registry is clean.
-\\ Mozilla Firefox v16.0.2 (en-US)
Profile name : default
File : C:\Users\Sunshine\AppData\Roaming\Mozilla\Firefox\Profiles\dd8pwjtk.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\Brita\AppData\Roaming\Mozilla\Firefox\Profiles\csjd9y1v.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\dzv61ltc.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\14jxg4lo.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\Aric\AppData\Roaming\Mozilla\Firefox\Profiles\nqhj5m7h.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\Homework\AppData\Roaming\Mozilla\Firefox\Profiles\nwh2p4r1.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\Nels\AppData\Roaming\Mozilla\Firefox\Profiles\jsmge43r.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\Nicole.Sunshine-DellPC\AppData\Roaming\Mozilla\Firefox\Profiles\1lgcdpwm.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v23.0.1271.95
File : C:\Users\Sunshine\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Brita\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1955 octets] - [03/12/2012 16:45:00]
########## EOF - C:\AdwCleaner[R1].txt - [2015 octets] ##########
-
Thanks - will get started on this. The PC seems OK right now - had a blue screen last week or so, and Microsoft Works was acting funny.
-
Hello,
I run Norton 360, and its Autoprotect claimed to clean up some stuff yesterday. It looks like it thought a quarantined file from a previous TDSkiller session (helped by you all here!) was a threat,but then there was a couple of other things it found:
Full Path: c:\tdsskiller_quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0010.dta
Threat: Backdoor.Tidserv
____________________________
File Actions
File: C:\resycled\boot.com
Removed
File: c:\tdsskiller_quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0010.dta
Removed
File: C:\Users\Sunshine\Desktop\Casino.url
Removed
____________________________
Suspicious Actions
Service change: spooler
Terminated
Could someone please take a look at my logs and make sure everything is OK? Spybot and MBAM didn't find anything. Thanks in advance.
Sunshine
DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Sunshine at 9:31:11 on 2012-12-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1472 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\IntelAppStore\bin\AppUp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Sunshine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\6.4.0.9\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
uRun: [sansaDispatch] c:\users\Sunshine\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [intel AppUp(SM) center Systray] "c:\program files\intel\intelappstore\bin\AppUp.exe" --domain F0399437-FD0C-4A48-B101-F0314A6172E4 --openmode trayicon
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\timesu~1.lnk - c:\windows\installer\{837da79c-b12b-4709-9b9b-16d1468e418a}\_E0FC1390CC082CEC4B7147.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{F6DD09E8-37A6-4945-A7D9-F383575F0CC7} : DHCPNameServer = 192.168.254.254 192.168.254.254
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\Sunshine\appdata\roaming\mozilla\firefox\profiles\dd8pwjtk.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin1017300.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\intel\intelappstore\bin\npAppUp.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604000.009\symds.sys [2012-10-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604000.009\symefa.sys [2012-10-1 924320]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\bashdefs\20121106.001\BHDrvx86.sys [2012-10-23 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys [2012-10-1 132768]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\ipsdefs\20121130.001\IDSvix86.sys [2012-11-30 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604000.009\ironx86.sys [2012-10-1 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0604000.009\symnets.sys [2012-10-1 318584]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-12-12 81920]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.4.0.9\ccsvchst.exe [2012-10-1 138272]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-12-1 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-12-1 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-12-1 168384]
R2 TimesUpKidz;TimesUpKidz;c:\program files\rain city digital llc\timesupkidz\TimesUpKidzServer.exe [2011-10-22 11264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-13 106656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-24 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-24 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-20 1343400]
.
=============== Created Last 30 ================
.
2012-12-02 14:55:37 -------- d-----w- c:\users\Sunshine\appdata\local\{91C105CF-91BB-416A-A338-FDB55E42BA3D}
2012-12-02 04:01:00 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-02 04:00:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-02 04:00:14 -------- d-----w- c:\users\Sunshine\appdata\local\Programs
2012-12-01 19:33:59 -------- d-----w- c:\users\Sunshine\appdata\local\{BE24D499-1D34-4421-A6EC-711599334B72}
2012-12-01 04:33:24 -------- d-----w- c:\users\Sunshine\appdata\local\{FA676445-1222-435C-B853-561FEFC706A0}
2012-11-30 14:09:47 -------- d-----w- c:\users\Sunshine\appdata\local\{C67F240A-BFAB-4946-8E65-8D048B4A95C6}
2012-11-30 01:55:52 -------- d-----w- c:\users\Sunshine\appdata\local\{81B709E8-274B-4DFB-970F-B354D8CF0915}
2012-11-29 13:55:28 -------- d-----w- c:\users\Sunshine\appdata\local\{A4130063-A367-4207-99D5-CABEEB4C1E99}
2012-11-28 14:46:18 -------- d-----w- c:\users\Sunshine\appdata\local\{BFB698EE-14D2-4B20-BDD2-6C56B3ED4944}
2012-11-28 02:45:54 -------- d-----w- c:\users\Sunshine\appdata\local\{D2E797C9-3F9F-4357-A1BA-60DB6CCF46DB}
2012-11-27 14:45:43 -------- d-----w- c:\users\Sunshine\appdata\local\{6842530A-FC96-47C3-8BA2-6BB204C8F697}
2012-11-27 02:45:20 -------- d-----w- c:\users\Sunshine\appdata\local\{A19DA96C-F049-4F39-B314-54B391629477}
2012-11-26 13:54:59 -------- d-----w- c:\users\Sunshine\appdata\local\{D9FBB065-CEE1-45B8-97BC-A4925A3045E6}
2012-11-25 16:28:07 -------- d-----w- c:\users\Sunshine\appdata\local\{1D3232B1-96DC-4325-8280-E4F35994ABDF}
2012-11-24 17:51:11 -------- d-----w- c:\users\Sunshine\appdata\local\{A8FC00CA-A744-4781-83C4-485ABFEB30E6}
2012-11-23 22:50:32 -------- d-----w- c:\users\Sunshine\appdata\local\{FB23691E-B5E5-448F-92F4-42022C32049B}
2012-11-22 16:02:25 -------- d-----w- c:\users\Sunshine\appdata\local\{5659E8F0-6AC4-4B7B-8FD9-BC2C00989847}
2012-11-21 17:30:20 -------- d-----w- c:\users\Sunshine\appdata\local\{F3EFF4F8-A387-4A68-B03C-CF1970860DC4}
2012-11-21 05:26:32 -------- d-----w- c:\users\Sunshine\appdata\local\{EE83EB0A-87F6-4B39-8D3E-03FDAB20C2FC}
2012-11-20 14:11:42 -------- d-----w- c:\users\Sunshine\appdata\local\{FDABB266-8CB3-41DC-ABC6-CFA3D07B65CE}
2012-11-20 02:11:18 -------- d-----w- c:\users\Sunshine\appdata\local\{BDE5FF05-29C5-4258-9ECC-E9E307A1500C}
2012-11-19 14:01:39 -------- d-----w- c:\users\Sunshine\appdata\local\{C4152796-CF40-43AE-AF8B-FA8DE19737F9}
2012-11-17 18:02:51 -------- d-----w- c:\users\Sunshine\appdata\local\{BA031EC8-F902-4865-9042-860F18EEFF97}
2012-11-17 05:49:41 -------- d-----w- c:\users\Sunshine\appdata\local\{75F1BE29-1989-4A91-9461-3C58B0E5E3AA}
2012-11-16 17:00:12 -------- d-----w- c:\users\Sunshine\appdata\local\{1E620A07-BA71-40D9-B712-5D468A76F9F9}
2012-11-16 04:59:48 -------- d-----w- c:\users\Sunshine\appdata\local\{5CB83D1E-A767-465B-A9B5-67B40B5C5B99}
2012-11-16 04:44:18 -------- d-----w- c:\users\Sunshine\appdata\local\{178E6B89-F9C8-42B6-84DB-255EB8CE939B}
2012-11-15 22:14:02 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 22:14:02 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 22:14:02 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 22:14:02 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 22:14:02 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 22:14:02 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 22:14:02 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 22:14:02 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 22:13:56 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 22:12:57 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 22:12:43 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 22:12:43 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-15 16:20:24 -------- d-----w- c:\users\Sunshine\appdata\local\{97F4F9C7-2209-4282-9830-6F32F1C1D464}
2012-11-15 04:20:01 -------- d-----w- c:\users\Sunshine\appdata\local\{7D968EDF-AAB4-4557-92E3-BAD174DD3648}
2012-11-14 15:45:24 -------- d-----w- c:\users\Sunshine\appdata\local\{BD1C5897-9FA8-4822-8121-7C38DE6AB742}
2012-11-14 03:13:16 -------- d-----w- c:\users\Sunshine\appdata\local\{75ED3293-8971-4B1E-B4D0-B7015AE5ACF2}
2012-11-13 14:05:10 -------- d-----w- c:\users\Sunshine\appdata\local\{E21AE30D-D032-4015-B5FD-ED0DF26EF5C1}
2012-11-13 02:04:19 -------- d-----w- c:\users\Sunshine\appdata\local\{70FBE023-3F6A-41A7-BE84-2CFACB94DD9C}
2012-11-12 14:03:55 -------- d-----w- c:\users\Sunshine\appdata\local\{4F5F1ABF-D8DF-48BD-AE9E-35B12DF27659}
2012-11-11 20:01:29 -------- d-----w- c:\users\Sunshine\appdata\local\{6F8981C5-997D-47B0-B184-827BB2E736E3}
2012-11-11 04:30:37 -------- d-----w- c:\users\Sunshine\appdata\local\{1C3314F5-8462-477D-8592-D44A552B8464}
2012-11-10 16:30:14 -------- d-----w- c:\users\Sunshine\appdata\local\{60554413-D8F6-4E0D-96BE-181A63137072}
2012-11-10 03:51:40 -------- d-----w- c:\users\Sunshine\appdata\local\{A8DC604D-000C-4137-9655-F8ED613D1643}
2012-11-09 15:51:17 -------- d-----w- c:\users\Sunshine\appdata\local\{B0596F1B-652C-45E9-8035-54E907A89443}
2012-11-09 03:50:49 -------- d-----w- c:\users\Sunshine\appdata\local\{A2CE5F17-3DD5-451E-A922-96E82556C7B9}
2012-11-09 03:10:13 -------- d-----w- c:\users\Sunshine\appdata\local\{552A7452-7F61-429E-9ADA-F93E22B3851B}
2012-11-08 14:50:48 -------- d-----w- c:\users\Sunshine\appdata\local\{E04DBA09-3DA2-4CA7-9098-6092FE29C91B}
2012-11-07 17:51:12 -------- d-----w- c:\users\Sunshine\appdata\local\{18ED5800-880E-4F8F-9F41-2BF6B21760B3}
2012-11-07 04:59:11 -------- d-----w- c:\users\Sunshine\appdata\local\{9502D6C3-6F09-4F28-9E40-73EEDEBC0E93}
2012-11-06 16:06:56 -------- d-----w- c:\users\Sunshine\appdata\local\{534B1664-54DD-4C96-AED4-38D2AADECE73}
2012-11-05 17:16:01 -------- d-----w- c:\users\Sunshine\appdata\local\{2C74B646-0F55-44E6-B84F-6EEC4106D567}
2012-11-04 19:16:21 -------- d-----w- c:\users\Sunshine\appdata\local\{7E0F64C1-7A54-4105-A977-44AE0741CA3D}
.
==================== Find3M ====================
.
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-08 20:46:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 20:46:36 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 04:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-05 14:39:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 14:39:04 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-05 14:12:20 152576 ----a-w- c:\windows\system32\msclmd.dll
.
============= FINISH: 9:31:44.50 ===============
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2010 11:26:12 AM
System Uptime: 12/2/2012 7:59:48 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0JJW8N
Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2928/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 153.838 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP296: 11/10/2012 12:53:03 PM - Scheduled Checkpoint
RP297: 11/15/2012 11:35:28 PM - Windows Update
RP298: 11/23/2012 6:02:22 PM - Scheduled Checkpoint
RP299: 11/28/2012 8:09:52 PM - Windows Update
.
==== Installed Programs ======================
.
Sansa Media Converter
Activity Center, Winnie the Pooh
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.17
Angry Birds
Arthur's Thinking Games
Baby Smartronics
Beauty and the Beast Magical Ballroom
Blue's Art Time Activities
Cinderella's Dollhouse
Clifford Learning Activities
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Cool Timer 3.6
Coupon Printer for Windows
D3DX10
Dell Backup and Recovery Manager
Dell Edoc Viewer
Digital Line Detect
Dropbox
Google Chrome
Google Update Helper
Intel AppUp(SM) center
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
iSEEK AnswerWorks English Runtime
Java 7 Update 9
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.1.1000
Math Games - Multiplication 1.1
Mathboard Addition
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Money 2005
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
NetWaiting
NHL 2000
Norton 360
Norton Internet Security
OGA Notifier 2.0.0048.0
OverDrive Media Console
Picasa 3
PowerDVD DX
Putt-Putt Travels Through Time
QuickTime
Reader Rabbit's Math Ages 6-9
Reader Rabbit® I Can Read! With Phonics
Realtek High Definition Audio Driver
Rob's Maths
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Sansa Updater
Scholastic's I SPY Junior
Scrapbook Factory Deluxe 4.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Shutterfly Express Uploader
Spybot - Search & Destroy
SpywareBlaster 4.6
StarFlyers Royal Jewel Rescue
swMSM
The Ultimate Math Practicen 2.5.1
TimesUpKidz
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmniper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmniper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmniper
TurboTax 2011 wrapper
Tux Paint 0.9.21c
Tux Paint Stamps 2009-06-28
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
US State Finder
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Wisdom-soft Set up ScreenHunter 5.1 Free
.
==== Event Viewer Messages From Past Week ========
.
12/1/2012 4:59:30 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
12/1/2012 4:59:29 PM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/1/2012 4:59:29 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/1/2012 4:59:29 PM, Error: Service Control Manager [7009] - A timeout was reached (60001 milliseconds) while waiting for the Windows Search service to connect.
12/1/2012 4:59:29 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.
12/1/2012 4:59:29 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/1/2012 4:59:29 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
12/1/2012 4:59:29 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
12/1/2012 4:59:29 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
12/1/2012 4:59:29 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.
12/1/2012 4:59:29 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A system shutdown is in progress.
12/1/2012 11:03:24 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}. The error: "786" Happened while starting this command: C:\Windows\ehome\ehmsas.exe -Embedding
12/1/2012 10:07:32 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {380689D0-AFAA-47E6-B80E-A33436FE314B} as /. The error: "786" Happened while starting this command: "C:\Program Files\Windows Live\Contacts\wlcomm.exe" -Embedding
12/1/2012 1:23:12 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {5DDFFCF7-03EF-47B3-9527-FA3C25CB56BE}. The error: "786" Happened while starting this command: C:\PROGRA~1\MICROS~2\WkDStore.exe -Embedding
12/1/2012 1:23:12 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {0CD18583-8805-11D2-BD0E-00C04F72DBBC}. The error: "786" Happened while starting this command: C:\PROGRA~1\MICROS~2\wkgdcach.exe -Embedding
11/30/2012 10:33:01 PM, Error: Service Control Manager [7011] - A timeout (60001 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
11/29/2012 12:46:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00009088 (0x917cbb74, 0x917cbb78, 0x917cbb6c, 0x917cbb70). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112912-23758-01.
.
==== End Of File ===========================
-
Great advice. A definite learning experience for me and I certainly appreciate all of the help I was given. Thanks to you and to all those who spend time on this forum! It is much quieter here on my PC when it isn't grinding away because of the malware/trojan/yuck! on it.
-
OK. Got those 2 files deleted, updated Windows 7 to SP1, Java, and Adobe Reader. I had Automatic Updates selected - I wonder if someone else (my kids??) was on and decided not to update. I did not know Java didn't clean up after itself either.
-
Oh, Firefox was asking me to update add-ons/plug-ins. I was trying to check Windows Update sometime when I realized this was going on, so I'm not sure where I am with that. I haven't followed too many other logs to the end - are there clean up things besides uninstalling ComboFix I'll have to do later?
-
OK, here is log.txt:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=96e8bb531958f44dbdb058d69d0adfb5
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-05 12:57:45
# local_time=2012-09-04 07:57:45 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=3589 16777213 100 74 0 97379627 0 0
# compatibility_mode=5893 16776574 66 85 98334522 98348322 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=169249
# found=11
# cleaned=0
# scan_time=3133
C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NP trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\sunshine\Downloads\cnet2_Romaco Timeout 3_1_2_0 Installer_msi.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\sunshine\Downloads\couponprinter(4).exe probably a variant of Win32/Adware.Softomate.AD application (unable to clean) 00000000000000000000000000000000 I
Here is checkup.txt:
Results of screen317's Security Check version 0.99.50
Windows 7 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Scholastic's I SPY Junior
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java 6 Update 31
Java 7 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
Things seem to be running a lot smoother now. Google goes where it supposed to, and the PC is faster. Something changed the permissions to some of the folders - I couldn't save to the Desktop and possibly other places. Now it looks like I can. Can I just adjust those manually? I haven't wanted to do too much - feels like things are vulnerable until everything is clear. Thank you for helping. This is not fun, but I am glad I can try some things myself.
Sunshine
-
That makes sense. The PC did reboot and re-ran the scan finding nothing. Here is the log where it cured the infected file:
08:54:29.0900 3956 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
08:54:31.0901 3956 ============================================================
08:54:31.0901 3956 Current date / time: 2012/09/04 08:54:31.0901
08:54:31.0901 3956 SystemInfo:
08:54:31.0901 3956
08:54:31.0901 3956 OS Version: 6.1.7600 ServicePack: 0.0
08:54:31.0901 3956 Product type: Workstation
08:54:31.0901 3956 ComputerName: sunshine-DELLPC
08:54:31.0901 3956 UserName: sunshine
08:54:31.0901 3956 Windows directory: C:\Windows
08:54:31.0901 3956 System windows directory: C:\Windows
08:54:31.0901 3956 Processor architecture: Intel x86
08:54:31.0901 3956 Number of processors: 2
08:54:31.0901 3956 Page size: 0x1000
08:54:31.0901 3956 Boot type: Normal boot
08:54:31.0901 3956 ============================================================
08:54:32.0446 3956 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:54:32.0486 3956 ============================================================
08:54:32.0486 3956 \Device\Harddisk0\DR0:
08:54:32.0486 3956 MBR partitions:
08:54:32.0486 3956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
08:54:32.0486 3956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B448CA2
08:54:32.0486 3956 ============================================================
08:54:32.0506 3956 C: <-> \Device\Harddisk0\DR0\Partition2
08:54:32.0506 3956 ============================================================
08:54:32.0506 3956 Initialize success
08:54:32.0506 3956 ============================================================
08:54:34.0526 5776 ============================================================
08:54:34.0526 5776 Scan started
08:54:34.0526 5776 Mode: Manual;
08:54:34.0526 5776 ============================================================
08:54:37.0330 5776 ================ Scan system memory ========================
08:54:37.0330 5776 System memory - ok
08:54:37.0330 5776 ================ Scan services =============================
08:54:37.0470 5776 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
08:54:37.0488 5776 1394ohci - ok
08:54:37.0535 5776 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
08:54:37.0538 5776 ACPI - ok
08:54:37.0559 5776 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
08:54:37.0561 5776 AcpiPmi - ok
08:54:37.0675 5776 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:54:37.0693 5776 AdobeARMservice - ok
08:54:37.0753 5776 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:54:37.0774 5776 adp94xx - ok
08:54:37.0803 5776 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:54:37.0808 5776 adpahci - ok
08:54:37.0893 5776 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:54:37.0895 5776 adpu320 - ok
08:54:37.0964 5776 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:54:37.0965 5776 AeLookupSvc - ok
08:54:37.0991 5776 [ 7A841462AD4749F8A07B27AE8E8947B8 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
08:54:37.0994 5776 AERTFilters - ok
08:54:38.0054 5776 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
08:54:38.0069 5776 AFD - ok
08:54:38.0097 5776 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
08:54:38.0114 5776 agp440 - ok
08:54:38.0153 5776 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
08:54:38.0154 5776 aic78xx - ok
08:54:38.0237 5776 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
08:54:38.0251 5776 ALG - ok
08:54:38.0303 5776 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
08:54:38.0304 5776 aliide - ok
08:54:38.0318 5776 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
08:54:38.0319 5776 amdagp - ok
08:54:38.0353 5776 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
08:54:38.0354 5776 amdide - ok
08:54:38.0372 5776 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:54:38.0374 5776 AmdK8 - ok
08:54:38.0408 5776 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:54:38.0424 5776 AmdPPM - ok
08:54:38.0469 5776 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:54:38.0482 5776 amdsata - ok
08:54:38.0523 5776 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:54:38.0525 5776 amdsbs - ok
08:54:38.0557 5776 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:54:38.0558 5776 amdxata - ok
08:54:38.0581 5776 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
08:54:38.0583 5776 AppID - ok
08:54:38.0653 5776 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:54:38.0661 5776 AppIDSvc - ok
08:54:38.0699 5776 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
08:54:38.0699 5776 Appinfo - ok
08:54:38.0810 5776 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
08:54:38.0828 5776 arc - ok
08:54:38.0848 5776 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:54:38.0850 5776 arcsas - ok
08:54:38.0970 5776 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:54:39.0022 5776 aspnet_state - ok
08:54:39.0059 5776 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:54:39.0061 5776 AsyncMac - ok
08:54:39.0110 5776 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
08:54:39.0111 5776 atapi - ok
08:54:39.0160 5776 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:54:39.0165 5776 AudioEndpointBuilder - ok
08:54:39.0176 5776 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:54:39.0179 5776 Audiosrv - ok
08:54:39.0219 5776 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:54:39.0230 5776 AxInstSV - ok
08:54:39.0265 5776 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
08:54:39.0283 5776 b06bdrv - ok
08:54:39.0325 5776 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
08:54:39.0328 5776 b57nd60x - ok
08:54:39.0396 5776 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
08:54:39.0414 5776 BDESVC - ok
08:54:39.0441 5776 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
08:54:39.0442 5776 Beep - ok
08:54:39.0493 5776 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
08:54:39.0499 5776 BFE - ok
08:54:39.0789 5776 [ A9E111A358AC5F7EBA7AC61E43FC6725 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120823.007\BHDrvx86.sys
08:54:39.0798 5776 BHDrvx86 - ok
08:54:39.0867 5776 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
08:54:40.0032 5776 BITS - ok
08:54:40.0124 5776 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:54:40.0125 5776 blbdrive - ok
08:54:40.0196 5776 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:54:40.0197 5776 bowser - ok
08:54:40.0231 5776 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:54:40.0248 5776 BrFiltLo - ok
08:54:40.0267 5776 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:54:40.0268 5776 BrFiltUp - ok
08:54:40.0297 5776 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:54:40.0298 5776 BridgeMP - ok
08:54:40.0335 5776 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
08:54:40.0336 5776 Browser - ok
08:54:40.0378 5776 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:54:40.0394 5776 Brserid - ok
08:54:40.0450 5776 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:54:40.0452 5776 BrSerWdm - ok
08:54:40.0459 5776 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:54:40.0460 5776 BrUsbMdm - ok
08:54:40.0518 5776 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:54:40.0519 5776 BrUsbSer - ok
08:54:40.0533 5776 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:54:40.0534 5776 BTHMODEM - ok
08:54:40.0576 5776 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
08:54:40.0578 5776 bthserv - ok
08:54:40.0736 5776 catchme - ok
08:54:40.0851 5776 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys
08:54:40.0853 5776 ccSet_N360 - ok
08:54:40.0924 5776 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:54:40.0947 5776 cdfs - ok
08:54:41.0010 5776 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:54:41.0012 5776 cdrom - ok
08:54:41.0050 5776 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
08:54:41.0052 5776 CertPropSvc - ok
08:54:41.0077 5776 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:54:41.0078 5776 circlass - ok
08:54:41.0167 5776 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
08:54:41.0169 5776 CLFS - ok
08:54:41.0245 5776 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:54:41.0247 5776 clr_optimization_v2.0.50727_32 - ok
08:54:41.0346 5776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:54:41.0658 5776 clr_optimization_v4.0.30319_32 - ok
08:54:41.0808 5776 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:54:41.0828 5776 CmBatt - ok
08:54:41.0848 5776 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
08:54:41.0848 5776 cmdide - ok
08:54:41.0878 5776 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
08:54:41.0878 5776 CNG - ok
08:54:41.0938 5776 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:54:41.0958 5776 Compbatt - ok
08:54:41.0988 5776 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
08:54:41.0988 5776 CompositeBus - ok
08:54:41.0998 5776 COMSysApp - ok
08:54:42.0018 5776 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:54:42.0018 5776 crcdisk - ok
08:54:42.0058 5776 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:54:42.0058 5776 CryptSvc - ok
08:54:42.0098 5776 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
08:54:42.0098 5776 DcomLaunch - ok
08:54:42.0138 5776 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
08:54:42.0148 5776 defragsvc - ok
08:54:42.0208 5776 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:54:42.0208 5776 DfsC - ok
08:54:42.0248 5776 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:54:42.0248 5776 Dhcp - ok
08:54:42.0258 5776 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
08:54:42.0268 5776 discache - ok
08:54:42.0298 5776 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:54:42.0298 5776 Disk - ok
08:54:42.0338 5776 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:54:42.0338 5776 Dnscache - ok
08:54:42.0388 5776 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
08:54:42.0388 5776 dot3svc - ok
08:54:42.0408 5776 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
08:54:42.0408 5776 DPS - ok
08:54:42.0448 5776 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:54:42.0468 5776 drmkaud - ok
08:54:42.0498 5776 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:54:42.0518 5776 DXGKrnl - ok
08:54:42.0548 5776 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
08:54:42.0548 5776 EapHost - ok
08:54:42.0638 5776 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
08:54:42.0808 5776 ebdrv - ok
08:54:42.0858 5776 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:54:42.0878 5776 eeCtrl - ok
08:54:42.0898 5776 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
08:54:42.0908 5776 EFS - ok
08:54:42.0998 5776 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:54:43.0018 5776 ehRecvr - ok
08:54:43.0048 5776 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
08:54:43.0048 5776 ehSched - ok
08:54:43.0098 5776 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:54:43.0108 5776 elxstor - ok
08:54:43.0158 5776 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:54:43.0158 5776 EraserUtilRebootDrv - ok
08:54:43.0188 5776 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
08:54:43.0198 5776 ErrDev - ok
08:54:43.0278 5776 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
08:54:43.0288 5776 EventSystem - ok
08:54:43.0298 5776 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
08:54:43.0298 5776 exfat - ok
08:54:43.0318 5776 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:54:43.0318 5776 fastfat - ok
08:54:43.0368 5776 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
08:54:43.0398 5776 Fax - ok
08:54:43.0518 5776 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:54:43.0518 5776 fdc - ok
08:54:43.0638 5776 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
08:54:43.0638 5776 fdPHost - ok
08:54:43.0668 5776 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
08:54:43.0668 5776 FDResPub - ok
08:54:43.0718 5776 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:54:43.0718 5776 FileInfo - ok
08:54:43.0828 5776 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:54:43.0868 5776 Filetrace - ok
08:54:43.0938 5776 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:54:43.0938 5776 flpydisk - ok
08:54:43.0958 5776 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:54:43.0988 5776 FltMgr - ok
08:54:44.0048 5776 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
08:54:44.0088 5776 FontCache - ok
08:54:44.0228 5776 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:54:44.0228 5776 FontCache3.0.0.0 - ok
08:54:44.0568 5776 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:54:44.0568 5776 FsDepends - ok
08:54:44.0688 5776 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:54:44.0718 5776 Fs_Rec - ok
08:54:44.0788 5776 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:54:44.0828 5776 fvevol - ok
08:54:44.0878 5776 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:54:44.0878 5776 gagp30kx - ok
08:54:44.0938 5776 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
08:54:44.0938 5776 gpsvc - ok
08:54:45.0108 5776 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:54:45.0118 5776 gupdate - ok
08:54:45.0148 5776 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:54:45.0148 5776 gupdatem - ok
08:54:45.0248 5776 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:54:45.0258 5776 gusvc - ok
08:54:45.0358 5776 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:54:45.0408 5776 hcw85cir - ok
08:54:45.0448 5776 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:54:45.0458 5776 HDAudBus - ok
08:54:45.0488 5776 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:54:45.0488 5776 HidBatt - ok
08:54:45.0548 5776 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:54:45.0548 5776 HidBth - ok
08:54:45.0588 5776 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:54:45.0588 5776 HidIr - ok
08:54:45.0728 5776 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
08:54:45.0738 5776 hidserv - ok
08:54:45.0818 5776 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:54:45.0828 5776 HidUsb - ok
08:54:45.0968 5776 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:54:45.0968 5776 hkmsvc - ok
08:54:46.0028 5776 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:54:46.0138 5776 HomeGroupListener - ok
08:54:46.0168 5776 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:54:46.0178 5776 HomeGroupProvider - ok
08:54:46.0348 5776 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
08:54:46.0348 5776 HpSAMD - ok
08:54:46.0428 5776 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
08:54:46.0438 5776 HsfXAudioService - ok
08:54:46.0458 5776 [ 227C3BA25012752BB7450235392C719F ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
08:54:46.0558 5776 HSF_DPV - ok
08:54:46.0628 5776 [ 186C11D0CA0E53B1EE266633B9D8B393 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
08:54:46.0628 5776 HSXHWBS2 - ok
08:54:46.0668 5776 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:54:46.0678 5776 HTTP - ok
08:54:46.0768 5776 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:54:46.0768 5776 hwpolicy - ok
08:54:46.0968 5776 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:54:46.0968 5776 i8042prt - ok
08:54:47.0588 5776 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
08:54:47.0658 5776 IAANTMON - ok
08:54:47.0768 5776 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
08:54:47.0768 5776 iaStor - ok
08:54:47.0898 5776 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:54:47.0898 5776 iaStorV - ok
08:54:48.0138 5776 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:54:48.0598 5776 idsvc - ok
08:54:49.0128 5776 [ D0A4C9031B57295D6B1078E3CFA45DB4 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120831.001\IDSvix86.sys
08:54:49.0148 5776 IDSVix86 - ok
08:54:49.0378 5776 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
08:54:49.0548 5776 igfx - ok
08:54:49.0588 5776 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:54:49.0608 5776 iirsp - ok
08:54:49.0658 5776 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
08:54:49.0678 5776 IKEEXT - ok
08:54:49.0778 5776 [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:54:49.0788 5776 IntcAzAudAddService - ok
08:54:49.0808 5776 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
08:54:49.0818 5776 intelide - ok
08:54:49.0838 5776 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:54:49.0838 5776 intelppm - ok
08:54:49.0898 5776 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
08:54:49.0898 5776 IntuitUpdateService - ok
08:54:49.0958 5776 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
08:54:49.0968 5776 IntuitUpdateServiceV4 - ok
08:54:49.0998 5776 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:54:50.0018 5776 IPBusEnum - ok
08:54:50.0028 5776 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:54:50.0038 5776 IpFilterDriver - ok
08:54:50.0058 5776 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:54:50.0068 5776 iphlpsvc - ok
08:54:50.0118 5776 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:54:50.0118 5776 IPMIDRV - ok
08:54:50.0128 5776 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:54:50.0138 5776 IPNAT - ok
08:54:50.0158 5776 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:54:50.0158 5776 IRENUM - ok
08:54:50.0188 5776 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
08:54:50.0198 5776 isapnp - ok
08:54:50.0228 5776 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
08:54:50.0258 5776 iScsiPrt - ok
08:54:50.0328 5776 [ D7B5B5C5130B775EC7E32EDD780D737F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
08:54:50.0338 5776 JRAID - ok
08:54:50.0358 5776 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:54:50.0358 5776 kbdclass - ok
08:54:50.0378 5776 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:54:50.0378 5776 kbdhid - ok
08:54:50.0398 5776 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
08:54:50.0398 5776 KeyIso - ok
08:54:50.0428 5776 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:54:50.0438 5776 KSecDD - ok
08:54:50.0468 5776 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:54:50.0498 5776 KSecPkg - ok
08:54:50.0528 5776 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
08:54:50.0538 5776 KtmRm - ok
08:54:50.0608 5776 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
08:54:50.0618 5776 LanmanServer - ok
08:54:50.0638 5776 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:54:50.0648 5776 LanmanWorkstation - ok
08:54:50.0718 5776 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:54:50.0718 5776 lltdio - ok
08:54:50.0758 5776 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:54:50.0758 5776 lltdsvc - ok
08:54:50.0768 5776 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
08:54:50.0778 5776 lmhosts - ok
08:54:50.0848 5776 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:54:50.0848 5776 LSI_FC - ok
08:54:50.0858 5776 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:54:50.0868 5776 LSI_SAS - ok
08:54:50.0888 5776 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:54:50.0898 5776 LSI_SAS2 - ok
08:54:50.0908 5776 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:54:50.0908 5776 LSI_SCSI - ok
08:54:50.0928 5776 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
08:54:50.0928 5776 luafv - ok
08:54:50.0948 5776 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:54:50.0958 5776 Mcx2Svc - ok
08:54:50.0968 5776 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
08:54:50.0968 5776 mdmxsdk - ok
08:54:50.0988 5776 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:54:50.0988 5776 megasas - ok
08:54:51.0008 5776 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:54:51.0008 5776 MegaSR - ok
08:54:51.0028 5776 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
08:54:51.0028 5776 MMCSS - ok
08:54:51.0088 5776 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
08:54:51.0098 5776 Modem - ok
08:54:51.0108 5776 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:54:51.0118 5776 monitor - ok
08:54:51.0138 5776 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:54:51.0138 5776 mouclass - ok
08:54:51.0218 5776 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:54:51.0218 5776 mouhid - ok
08:54:51.0228 5776 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:54:51.0228 5776 mountmgr - ok
08:54:51.0318 5776 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:54:51.0328 5776 MozillaMaintenance - ok
08:54:51.0368 5776 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
08:54:51.0368 5776 mpio - ok
08:54:51.0378 5776 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:54:51.0378 5776 mpsdrv - ok
08:54:51.0418 5776 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
08:54:51.0428 5776 MpsSvc - ok
08:54:51.0448 5776 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:54:51.0448 5776 MRxDAV - ok
08:54:51.0488 5776 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:54:51.0488 5776 mrxsmb - ok
08:54:51.0518 5776 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:54:51.0528 5776 mrxsmb10 - ok
08:54:51.0538 5776 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:54:51.0538 5776 mrxsmb20 - ok
08:54:51.0568 5776 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
08:54:51.0568 5776 msahci - ok
08:54:51.0598 5776 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
08:54:51.0618 5776 msdsm - ok
08:54:51.0638 5776 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
08:54:51.0638 5776 MSDTC - ok
08:54:51.0668 5776 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:54:51.0668 5776 Msfs - ok
08:54:51.0718 5776 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:54:51.0718 5776 mshidkmdf - ok
08:54:51.0728 5776 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
08:54:51.0738 5776 msisadrv - ok
08:54:51.0798 5776 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:54:51.0798 5776 MSiSCSI - ok
08:54:51.0798 5776 msiserver - ok
08:54:51.0838 5776 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:54:51.0848 5776 MSKSSRV - ok
08:54:51.0908 5776 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:54:51.0908 5776 MSPCLOCK - ok
08:54:51.0968 5776 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:54:51.0978 5776 MSPQM - ok
08:54:51.0998 5776 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:54:52.0008 5776 MsRPC - ok
08:54:52.0018 5776 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:54:52.0018 5776 mssmbios - ok
08:54:52.0038 5776 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:54:52.0038 5776 MSTEE - ok
08:54:52.0048 5776 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:54:52.0048 5776 MTConfig - ok
08:54:52.0068 5776 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
08:54:52.0068 5776 Mup - ok
08:54:52.0158 5776 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
08:54:52.0168 5776 N360 - ok
08:54:52.0208 5776 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
08:54:52.0208 5776 napagent - ok
08:54:52.0248 5776 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:54:52.0258 5776 NativeWifiP - ok
08:54:52.0368 5776 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120902.007\NAVENG.SYS
08:54:52.0378 5776 NAVENG - ok
08:54:52.0438 5776 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120902.007\NAVEX15.SYS
08:54:52.0468 5776 NAVEX15 - ok
08:54:52.0558 5776 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:54:52.0568 5776 NDIS - ok
08:54:52.0648 5776 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:54:52.0658 5776 NdisCap - ok
08:54:52.0668 5776 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:54:52.0678 5776 NdisTapi - ok
08:54:52.0728 5776 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:54:52.0728 5776 Ndisuio - ok
08:54:52.0758 5776 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:54:52.0758 5776 NdisWan - ok
08:54:52.0768 5776 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:54:52.0768 5776 NDProxy - ok
08:54:52.0788 5776 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:54:52.0788 5776 NetBIOS - ok
08:54:52.0808 5776 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:54:52.0808 5776 NetBT - ok
08:54:52.0868 5776 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
08:54:52.0868 5776 Netlogon - ok
08:54:52.0948 5776 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
08:54:52.0948 5776 Netman - ok
08:54:53.0038 5776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:54:53.0098 5776 NetMsmqActivator - ok
08:54:53.0118 5776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:54:53.0118 5776 NetPipeActivator - ok
08:54:53.0148 5776 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
08:54:53.0158 5776 netprofm - ok
08:54:53.0168 5776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:54:53.0168 5776 NetTcpActivator - ok
08:54:53.0168 5776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:54:53.0178 5776 NetTcpPortSharing - ok
08:54:53.0218 5776 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:54:53.0228 5776 nfrd960 - ok
08:54:53.0258 5776 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
08:54:53.0258 5776 NlaSvc - ok
08:54:53.0268 5776 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:54:53.0278 5776 Npfs - ok
08:54:53.0308 5776 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
08:54:53.0308 5776 nsi - ok
08:54:53.0368 5776 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:54:53.0368 5776 nsiproxy - ok
08:54:53.0458 5776 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:54:53.0478 5776 Ntfs - ok
08:54:53.0508 5776 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
08:54:53.0508 5776 Null - ok
08:54:53.0548 5776 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:54:53.0568 5776 nvraid - ok
08:54:53.0668 5776 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:54:53.0698 5776 nvstor - ok
08:54:53.0708 5776 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
08:54:53.0718 5776 nv_agp - ok
08:54:53.0728 5776 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
08:54:53.0748 5776 ohci1394 - ok
08:54:53.0788 5776 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:54:53.0788 5776 p2pimsvc - ok
08:54:53.0838 5776 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
08:54:53.0848 5776 p2psvc - ok
08:54:53.0888 5776 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:54:53.0888 5776 Parport - ok
08:54:53.0928 5776 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:54:53.0928 5776 partmgr - ok
08:54:53.0948 5776 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
08:54:53.0948 5776 Parvdm - ok
08:54:53.0968 5776 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:54:53.0968 5776 PcaSvc - ok
08:54:53.0988 5776 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
08:54:53.0998 5776 pci - ok
08:54:54.0008 5776 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
08:54:54.0008 5776 pciide - ok
08:54:54.0068 5776 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:54:54.0068 5776 pcmcia - ok
08:54:54.0138 5776 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
08:54:54.0138 5776 pcw - ok
08:54:54.0158 5776 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:54:54.0178 5776 PEAUTH - ok
08:54:54.0248 5776 [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc C:\Windows\system32\drivers\pfc.sys
08:54:54.0258 5776 pfc - ok
08:54:54.0308 5776 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
08:54:54.0378 5776 pla - ok
08:54:54.0458 5776 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:54:54.0458 5776 PlugPlay - ok
08:54:54.0488 5776 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:54:54.0488 5776 PNRPAutoReg - ok
08:54:54.0528 5776 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:54:54.0528 5776 PNRPsvc - ok
08:54:54.0608 5776 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:54:54.0618 5776 PolicyAgent - ok
08:54:54.0748 5776 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
08:54:54.0748 5776 Power - ok
08:54:54.0788 5776 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:54:54.0788 5776 PptpMiniport - ok
08:54:54.0858 5776 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:54:54.0858 5776 Processor - ok
08:54:54.0888 5776 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
08:54:54.0898 5776 ProfSvc - ok
08:54:54.0908 5776 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:54:54.0908 5776 ProtectedStorage - ok
08:54:54.0938 5776 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:54:54.0938 5776 Psched - ok
08:54:54.0978 5776 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
08:54:54.0978 5776 PxHelp20 - ok
08:54:55.0058 5776 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:54:55.0328 5776 ql2300 - ok
08:54:55.0418 5776 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:54:55.0418 5776 ql40xx - ok
08:54:55.0488 5776 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
08:54:55.0498 5776 QWAVE - ok
08:54:55.0538 5776 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:54:55.0538 5776 QWAVEdrv - ok
08:54:55.0598 5776 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:54:55.0598 5776 RasAcd - ok
08:54:55.0658 5776 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:54:55.0658 5776 RasAgileVpn - ok
08:54:55.0758 5776 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
08:54:55.0818 5776 RasAuto - ok
08:54:55.0928 5776 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:54:55.0928 5776 Rasl2tp - ok
08:54:55.0978 5776 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
08:54:55.0978 5776 RasMan - ok
08:54:55.0998 5776 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:54:55.0998 5776 RasPppoe - ok
08:54:56.0068 5776 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:54:56.0068 5776 RasSstp - ok
08:54:56.0078 5776 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:54:56.0098 5776 rdbss - ok
08:54:56.0158 5776 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:54:56.0158 5776 rdpbus - ok
08:54:56.0178 5776 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:54:56.0178 5776 RDPCDD - ok
08:54:56.0198 5776 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:54:56.0198 5776 RDPENCDD - ok
08:54:56.0218 5776 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:54:56.0218 5776 RDPREFMP - ok
08:54:56.0248 5776 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:54:56.0258 5776 RDPWD - ok
08:54:56.0298 5776 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:54:56.0298 5776 rdyboost - ok
08:54:56.0348 5776 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
08:54:56.0358 5776 RemoteAccess - ok
08:54:56.0418 5776 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:54:56.0418 5776 RemoteRegistry - ok
08:54:56.0438 5776 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:54:56.0438 5776 RpcEptMapper - ok
08:54:56.0478 5776 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
08:54:56.0548 5776 RpcLocator - ok
08:54:56.0558 5776 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
08:54:56.0568 5776 RpcSs - ok
08:54:56.0608 5776 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:54:56.0618 5776 rspndr - ok
08:54:56.0648 5776 [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
08:54:56.0648 5776 RTL8167 - ok
08:54:56.0658 5776 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
08:54:56.0658 5776 SamSs - ok
08:54:56.0688 5776 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
08:54:56.0728 5776 sbp2port - ok
08:54:56.0758 5776 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:54:56.0768 5776 SCardSvr - ok
08:54:56.0858 5776 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:54:56.0858 5776 scfilter - ok
08:54:56.0898 5776 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
08:54:56.0998 5776 Schedule - ok
08:54:57.0048 5776 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:54:57.0058 5776 SCPolicySvc - ok
08:54:57.0088 5776 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:54:57.0098 5776 SDRSVC - ok
08:54:57.0138 5776 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:54:57.0158 5776 secdrv - ok
08:54:57.0188 5776 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
08:54:57.0188 5776 seclogon - ok
08:54:57.0208 5776 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
08:54:57.0208 5776 SENS - ok
08:54:57.0278 5776 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:54:57.0278 5776 SensrSvc - ok
08:54:57.0288 5776 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:54:57.0288 5776 Serenum - ok
08:54:57.0328 5776 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:54:57.0328 5776 Serial - ok
08:54:57.0338 5776 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:54:57.0338 5776 sermouse - ok
08:54:57.0378 5776 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
08:54:57.0398 5776 SessionEnv - ok
08:54:57.0428 5776 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
08:54:57.0428 5776 sffdisk - ok
08:54:57.0438 5776 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:54:57.0438 5776 sffp_mmc - ok
08:54:57.0448 5776 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
08:54:57.0468 5776 sffp_sd - ok
08:54:57.0488 5776 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:54:57.0488 5776 sfloppy - ok
08:54:57.0568 5776 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:54:57.0568 5776 SharedAccess - ok
08:54:57.0598 5776 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:54:57.0608 5776 ShellHWDetection - ok
08:54:57.0678 5776 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
08:54:57.0698 5776 sisagp - ok
08:54:57.0728 5776 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:54:57.0728 5776 SiSRaid2 - ok
08:54:57.0748 5776 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:54:57.0748 5776 SiSRaid4 - ok
08:54:57.0778 5776 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:54:57.0778 5776 Smb - ok
08:54:57.0818 5776 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:54:57.0828 5776 SNMPTRAP - ok
08:54:57.0868 5776 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
08:54:57.0878 5776 spldr - ok
08:54:57.0918 5776 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
08:54:57.0918 5776 Spooler - ok
08:54:58.0038 5776 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
08:54:58.0138 5776 sppsvc - ok
08:54:58.0188 5776 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:54:58.0238 5776 sppuinotify - ok
08:54:58.0288 5776 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\N360\0603000.00E\SRTSP.SYS
08:54:58.0298 5776 SRTSP - ok
08:54:58.0318 5776 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS
08:54:58.0328 5776 SRTSPX - ok
08:54:58.0368 5776 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:54:58.0368 5776 srv - ok
08:54:58.0438 5776 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:54:58.0448 5776 srv2 - ok
08:54:58.0478 5776 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:54:58.0478 5776 srvnet - ok
08:54:58.0668 5776 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:54:58.0698 5776 SSDPSRV - ok
08:54:58.0718 5776 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:54:58.0718 5776 SstpSvc - ok
08:54:58.0778 5776 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:54:58.0788 5776 stexstor - ok
08:54:58.0848 5776 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
08:54:58.0858 5776 StiSvc - ok
08:54:58.0928 5776 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
08:54:58.0948 5776 stllssvr - ok
08:54:58.0968 5776 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:54:58.0968 5776 swenum - ok
08:54:59.0078 5776 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
08:54:59.0078 5776 swprv - ok
08:54:59.0138 5776 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\N360\0603000.00E\SYMDS.SYS
08:54:59.0138 5776 SymDS - ok
08:54:59.0188 5776 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\N360\0603000.00E\SYMEFA.SYS
08:54:59.0358 5776 SymEFA - ok
08:54:59.0468 5776 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
08:54:59.0468 5776 SymEvent - ok
08:54:59.0518 5776 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS
08:54:59.0518 5776 SymIRON - ok
08:54:59.0548 5776 [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS C:\Windows\System32\Drivers\N360\0603000.00E\SYMNETS.SYS
08:54:59.0548 5776 SymNetS - ok
08:54:59.0598 5776 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
08:54:59.0628 5776 SysMain - ok
08:54:59.0688 5776 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:54:59.0718 5776 TabletInputService - ok
08:54:59.0738 5776 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
08:54:59.0748 5776 TapiSrv - ok
08:54:59.0778 5776 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
08:54:59.0798 5776 TBS - ok
08:54:59.0858 5776 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:54:59.0908 5776 Tcpip - ok
08:54:59.0958 5776 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:54:59.0958 5776 TCPIP6 - ok
08:54:59.0988 5776 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:54:59.0988 5776 tcpipreg - ok
08:55:00.0008 5776 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:55:00.0008 5776 TDPIPE - ok
08:55:00.0038 5776 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:55:00.0048 5776 TDTCP - ok
08:55:00.0058 5776 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:55:00.0068 5776 tdx - ok
08:55:00.0098 5776 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:55:00.0098 5776 TermDD - ok
08:55:00.0138 5776 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
08:55:00.0158 5776 TermService - ok
08:55:00.0188 5776 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
08:55:00.0188 5776 Themes - ok
08:55:00.0198 5776 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
08:55:00.0198 5776 THREADORDER - ok
08:55:00.0248 5776 [ 9154A8561A04ED54BE451395F7AAF53A ] TimesUpKidz C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe
08:55:00.0248 5776 TimesUpKidz - ok
08:55:00.0268 5776 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
08:55:00.0268 5776 TrkWks - ok
08:55:00.0338 5776 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:55:00.0358 5776 TrustedInstaller - ok
08:55:00.0378 5776 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:55:00.0378 5776 tssecsrv - ok
08:55:00.0418 5776 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:55:00.0428 5776 tunnel - ok
08:55:00.0438 5776 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:55:00.0438 5776 uagp35 - ok
08:55:00.0458 5776 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:55:00.0458 5776 udfs - ok
08:55:00.0518 5776 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:55:00.0518 5776 UI0Detect - ok
08:55:00.0608 5776 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
08:55:00.0628 5776 uliagpkx - ok
08:55:00.0658 5776 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:55:00.0658 5776 umbus - ok
08:55:00.0678 5776 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:55:00.0698 5776 UmPass - ok
08:55:00.0738 5776 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
08:55:00.0758 5776 upnphost - ok
08:55:00.0818 5776 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
08:55:00.0828 5776 usbccgp - ok
08:55:00.0868 5776 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
08:55:00.0888 5776 usbcir - ok
08:55:00.0918 5776 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:55:00.0938 5776 usbehci - ok
08:55:00.0988 5776 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:55:00.0998 5776 usbhub - ok
08:55:01.0048 5776 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:55:01.0068 5776 usbohci - ok
08:55:01.0108 5776 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:55:01.0128 5776 usbprint - ok
08:55:01.0158 5776 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:55:01.0158 5776 USBSTOR - ok
08:55:01.0168 5776 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:55:01.0178 5776 usbuhci - ok
08:55:01.0208 5776 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
08:55:01.0208 5776 UxSms - ok
08:55:01.0218 5776 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
08:55:01.0218 5776 VaultSvc - ok
08:55:01.0258 5776 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
08:55:01.0268 5776 vdrvroot - ok
08:55:01.0298 5776 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
08:55:01.0438 5776 vds - ok
08:55:01.0528 5776 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:55:01.0548 5776 vga - ok
08:55:01.0568 5776 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:55:01.0568 5776 VgaSave - ok
08:55:01.0588 5776 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
08:55:01.0588 5776 vhdmp - ok
08:55:01.0628 5776 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
08:55:01.0628 5776 viaagp - ok
08:55:01.0638 5776 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
08:55:01.0638 5776 ViaC7 - ok
08:55:01.0648 5776 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
08:55:01.0648 5776 viaide - ok
08:55:01.0668 5776 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
08:55:01.0688 5776 volmgr - ok
08:55:01.0728 5776 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:55:01.0728 5776 volmgrx - ok
08:55:01.0788 5776 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
08:55:01.0788 5776 volsnap - ok
08:55:01.0808 5776 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:55:01.0818 5776 vsmraid - ok
08:55:01.0858 5776 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
08:55:01.0888 5776 VSS - ok
08:55:01.0958 5776 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:55:01.0958 5776 vwifibus - ok
08:55:01.0978 5776 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
08:55:01.0988 5776 W32Time - ok
08:55:02.0028 5776 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:55:02.0048 5776 WacomPen - ok
08:55:02.0078 5776 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:55:02.0098 5776 WANARP - ok
08:55:02.0108 5776 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:55:02.0108 5776 Wanarpv6 - ok
08:55:02.0228 5776 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:55:02.0298 5776 WatAdminSvc - ok
08:55:02.0388 5776 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
08:55:02.0408 5776 wbengine - ok
08:55:02.0458 5776 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:55:02.0458 5776 WbioSrvc - ok
08:55:02.0488 5776 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:55:02.0488 5776 wcncsvc - ok
08:55:02.0618 5776 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:55:02.0648 5776 WcsPlugInService - ok
08:55:02.0678 5776 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:55:02.0718 5776 Wd - ok
08:55:02.0738 5776 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:55:02.0738 5776 Wdf01000 - ok
08:55:02.0798 5776 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:55:02.0801 5776 WdiServiceHost - ok
08:55:02.0805 5776 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:55:02.0807 5776 WdiSystemHost - ok
08:55:02.0874 5776 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
08:55:02.0891 5776 WebClient - ok
08:55:02.0956 5776 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:55:02.0976 5776 Wecsvc - ok
08:55:03.0063 5776 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:55:03.0066 5776 wercplsupport - ok
08:55:03.0105 5776 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
08:55:03.0107 5776 WerSvc - ok
08:55:03.0144 5776 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:55:03.0161 5776 WfpLwf - ok
08:55:03.0180 5776 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:55:03.0181 5776 WIMMount - ok
08:55:03.0258 5776 [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
08:55:03.0272 5776 winachsf - ok
08:55:03.0404 5776 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:55:03.0508 5776 WinDefend - ok
08:55:03.0514 5776 WinHttpAutoProxySvc - ok
08:55:03.0607 5776 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:55:03.0608 5776 Winmgmt - ok
08:55:03.0652 5776 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
08:55:03.0703 5776 WinRM - ok
08:55:03.0775 5776 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:55:03.0782 5776 WinUsb - ok
08:55:03.0825 5776 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:55:03.0867 5776 Wlansvc - ok
08:55:04.0040 5776 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:55:04.0070 5776 wlidsvc - ok
08:55:04.0101 5776 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
08:55:04.0103 5776 WmiAcpi - ok
08:55:04.0137 5776 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:55:04.0139 5776 wmiApSrv - ok
08:55:04.0218 5776 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:55:04.0244 5776 WMPNetworkSvc - ok
08:55:04.0305 5776 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:55:04.0317 5776 WPCSvc - ok
08:55:04.0331 5776 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:55:04.0334 5776 WPDBusEnum - ok
08:55:04.0397 5776 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:55:04.0398 5776 ws2ifsl - ok
08:55:04.0440 5776 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll
08:55:04.0443 5776 wscsvc - ok
08:55:04.0448 5776 WSearch - ok
08:55:04.0599 5776 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
08:55:04.0850 5776 wuauserv - ok
08:55:04.0888 5776 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:55:04.0890 5776 WudfPf - ok
08:55:04.0913 5776 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:55:04.0915 5776 WUDFRd - ok
08:55:05.0011 5776 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:55:05.0014 5776 wudfsvc - ok
08:55:05.0048 5776 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
08:55:05.0064 5776 WwanSvc - ok
08:55:05.0090 5776 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
08:55:05.0091 5776 XAudio - ok
08:55:05.0105 5776 ================ Scan global ===============================
08:55:05.0158 5776 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
08:55:05.0202 5776 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
08:55:05.0221 5776 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
08:55:05.0257 5776 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
08:55:05.0302 5776 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
08:55:05.0306 5776 [Global] - ok
08:55:05.0307 5776 ================ Scan MBR ==================================
08:55:05.0320 5776 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
08:55:05.0321 5776 Suspicious mbr (Forged): \Device\Harddisk0\DR0
08:55:05.0380 5776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
08:55:05.0380 5776 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
08:55:05.0380 5776 ================ Scan VBR ==================================
08:55:05.0383 5776 [ 9D19430D8B7AA3A7C4B810714BED685F ] \Device\Harddisk0\DR0\Partition1
08:55:05.0384 5776 \Device\Harddisk0\DR0\Partition1 - ok
08:55:05.0444 5776 [ 5D5D62D4EFF7793694CBB4CA282DC09E ] \Device\Harddisk0\DR0\Partition2
08:55:05.0446 5776 \Device\Harddisk0\DR0\Partition2 - ok
08:55:05.0446 5776 ============================================================
08:55:05.0446 5776 Scan finished
08:55:05.0446 5776 ============================================================
08:55:05.0457 3664 Detected object count: 1
08:55:05.0457 3664 Actual detected object count: 1
08:55:13.0024 3664 \Device\Harddisk0\DR0\# - copied to quarantine
08:55:13.0046 3664 \Device\Harddisk0\DR0 - copied to quarantine
08:55:13.0118 3664 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
08:55:13.0141 3664 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
08:55:13.0145 3664 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:55:13.0151 3664 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
08:55:13.0156 3664 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
08:55:13.0169 3664 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:55:13.0176 3664 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:55:13.0178 3664 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
08:55:13.0180 3664 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:55:13.0184 3664 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:55:13.0187 3664 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:55:13.0192 3664 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:55:13.0195 3664 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
08:55:13.0197 3664 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
08:55:13.0207 3664 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
08:55:13.0271 3664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
08:55:13.0273 3664 \Device\Harddisk0\DR0 - ok
08:55:13.0310 3664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
08:55:22.0382 3036 Deinitialize success
-
Hi again. I hope I'm doing this all right - it felt strange to click 'SKIP' when TDSSKiller found something.
TDSSKiller.log:
23:11:27.0461 5548 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
23:11:27.0863 5548 ============================================================
23:11:27.0863 5548 Current date / time: 2012/09/02 23:11:27.0863
23:11:27.0863 5548 SystemInfo:
23:11:27.0864 5548
23:11:27.0864 5548 OS Version: 6.1.7600 ServicePack: 0.0
23:11:27.0864 5548 Product type: Workstation
23:11:27.0864 5548 ComputerName: sunshine-DELLPC
23:11:27.0864 5548 UserName: sunshine
23:11:27.0864 5548 Windows directory: C:\Windows
23:11:27.0864 5548 System windows directory: C:\Windows
23:11:27.0864 5548 Processor architecture: Intel x86
23:11:27.0864 5548 Number of processors: 2
23:11:27.0864 5548 Page size: 0x1000
23:11:27.0864 5548 Boot type: Normal boot
23:11:27.0864 5548 ============================================================
23:11:29.0553 5548 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:11:29.0580 5548 ============================================================
23:11:29.0580 5548 \Device\Harddisk0\DR0:
23:11:29.0580 5548 MBR partitions:
23:11:29.0580 5548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
23:11:29.0580 5548 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B448CA2
23:11:29.0580 5548 ============================================================
23:11:29.0603 5548 C: <-> \Device\Harddisk0\DR0\Partition2
23:11:29.0603 5548 ============================================================
23:11:29.0603 5548 Initialize success
23:11:29.0603 5548 ============================================================
23:11:38.0270 5612 ============================================================
23:11:38.0270 5612 Scan started
23:11:38.0270 5612 Mode: Manual;
23:11:38.0270 5612 ============================================================
23:11:39.0712 5612 ================ Scan system memory ========================
23:11:39.0712 5612 System memory - ok
23:11:39.0712 5612 ================ Scan services =============================
23:11:39.0860 5612 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:11:39.0863 5612 1394ohci - ok
23:11:39.0892 5612 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:11:39.0896 5612 ACPI - ok
23:11:39.0916 5612 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:11:39.0916 5612 AcpiPmi - ok
23:11:40.0032 5612 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:11:40.0033 5612 AdobeARMservice - ok
23:11:40.0077 5612 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:11:40.0092 5612 adp94xx - ok
23:11:40.0118 5612 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:11:40.0122 5612 adpahci - ok
23:11:40.0158 5612 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:11:40.0160 5612 adpu320 - ok
23:11:40.0196 5612 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:11:40.0197 5612 AeLookupSvc - ok
23:11:40.0223 5612 [ 7A841462AD4749F8A07B27AE8E8947B8 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
23:11:40.0225 5612 AERTFilters - ok
23:11:40.0279 5612 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
23:11:40.0283 5612 AFD - ok
23:11:40.0313 5612 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:11:40.0314 5612 agp440 - ok
23:11:40.0368 5612 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:11:40.0370 5612 aic78xx - ok
23:11:40.0411 5612 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:11:40.0413 5612 ALG - ok
23:11:40.0451 5612 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:11:40.0452 5612 aliide - ok
23:11:40.0467 5612 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
23:11:40.0468 5612 amdagp - ok
23:11:40.0510 5612 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:11:40.0511 5612 amdide - ok
23:11:40.0537 5612 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:11:40.0539 5612 AmdK8 - ok
23:11:40.0572 5612 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:11:40.0574 5612 AmdPPM - ok
23:11:40.0616 5612 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:11:40.0618 5612 amdsata - ok
23:11:40.0654 5612 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:11:40.0657 5612 amdsbs - ok
23:11:40.0688 5612 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:11:40.0689 5612 amdxata - ok
23:11:40.0712 5612 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
23:11:40.0713 5612 AppID - ok
23:11:40.0751 5612 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:11:40.0752 5612 AppIDSvc - ok
23:11:40.0780 5612 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
23:11:40.0780 5612 Appinfo - ok
23:11:40.0840 5612 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:11:40.0842 5612 arc - ok
23:11:40.0854 5612 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:11:40.0856 5612 arcsas - ok
23:11:40.0967 5612 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:11:41.0009 5612 aspnet_state - ok
23:11:41.0032 5612 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:11:41.0033 5612 AsyncMac - ok
23:11:41.0074 5612 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:11:41.0075 5612 atapi - ok
23:11:41.0125 5612 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:11:41.0131 5612 AudioEndpointBuilder - ok
23:11:41.0150 5612 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:11:41.0153 5612 Audiosrv - ok
23:11:41.0209 5612 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:11:41.0211 5612 AxInstSV - ok
23:11:41.0246 5612 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:11:41.0252 5612 b06bdrv - ok
23:11:41.0289 5612 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:11:41.0293 5612 b57nd60x - ok
23:11:41.0319 5612 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:11:41.0320 5612 BDESVC - ok
23:11:41.0347 5612 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:11:41.0347 5612 Beep - ok
23:11:41.0416 5612 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
23:11:41.0422 5612 BFE - ok
23:11:41.0654 5612 [ A9E111A358AC5F7EBA7AC61E43FC6725 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120823.007\BHDrvx86.sys
23:11:41.0661 5612 BHDrvx86 - ok
23:11:41.0704 5612 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
23:11:41.0710 5612 BITS - ok
23:11:41.0746 5612 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:11:41.0747 5612 blbdrive - ok
23:11:41.0785 5612 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:11:41.0786 5612 bowser - ok
23:11:41.0820 5612 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:11:41.0821 5612 BrFiltLo - ok
23:11:41.0832 5612 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:11:41.0832 5612 BrFiltUp - ok
23:11:41.0861 5612 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:11:41.0862 5612 BridgeMP - ok
23:11:41.0899 5612 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
23:11:41.0900 5612 Browser - ok
23:11:41.0934 5612 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:11:41.0938 5612 Brserid - ok
23:11:41.0948 5612 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:11:41.0950 5612 BrSerWdm - ok
23:11:41.0965 5612 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:11:41.0966 5612 BrUsbMdm - ok
23:11:41.0982 5612 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:11:41.0983 5612 BrUsbSer - ok
23:11:41.0997 5612 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:11:41.0998 5612 BTHMODEM - ok
23:11:42.0049 5612 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:11:42.0050 5612 bthserv - ok
23:11:42.0157 5612 catchme - ok
23:11:42.0241 5612 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys
23:11:42.0242 5612 ccSet_N360 - ok
23:11:42.0263 5612 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:11:42.0265 5612 cdfs - ok
23:11:42.0308 5612 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:11:42.0310 5612 cdrom - ok
23:11:42.0348 5612 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
23:11:42.0350 5612 CertPropSvc - ok
23:11:42.0366 5612 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:11:42.0368 5612 circlass - ok
23:11:42.0415 5612 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:11:42.0418 5612 CLFS - ok
23:11:42.0485 5612 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:11:42.0487 5612 clr_optimization_v2.0.50727_32 - ok
23:11:42.0560 5612 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:11:42.0652 5612 clr_optimization_v4.0.30319_32 - ok
23:11:42.0687 5612 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:11:42.0689 5612 CmBatt - ok
23:11:42.0704 5612 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:11:42.0705 5612 cmdide - ok
23:11:42.0737 5612 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
23:11:42.0741 5612 CNG - ok
23:11:42.0770 5612 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:11:42.0771 5612 Compbatt - ok
23:11:42.0798 5612 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:11:42.0799 5612 CompositeBus - ok
23:11:42.0812 5612 COMSysApp - ok
23:11:42.0830 5612 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:11:42.0831 5612 crcdisk - ok
23:11:42.0887 5612 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:11:42.0889 5612 CryptSvc - ok
23:11:42.0926 5612 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
23:11:42.0932 5612 DcomLaunch - ok
23:11:42.0976 5612 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:11:42.0980 5612 defragsvc - ok
23:11:43.0008 5612 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:11:43.0009 5612 DfsC - ok
23:11:43.0065 5612 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:11:43.0068 5612 Dhcp - ok
23:11:43.0082 5612 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:11:43.0083 5612 discache - ok
23:11:43.0119 5612 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:11:43.0120 5612 Disk - ok
23:11:43.0156 5612 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:11:43.0159 5612 Dnscache - ok
23:11:43.0191 5612 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
23:11:43.0194 5612 dot3svc - ok
23:11:43.0210 5612 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
23:11:43.0213 5612 DPS - ok
23:11:43.0240 5612 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:11:43.0241 5612 drmkaud - ok
23:11:43.0282 5612 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:11:43.0288 5612 DXGKrnl - ok
23:11:43.0329 5612 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:11:43.0330 5612 EapHost - ok
23:11:43.0426 5612 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:11:43.0696 5612 ebdrv - ok
23:11:43.0747 5612 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:11:43.0750 5612 eeCtrl - ok
23:11:43.0780 5612 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
23:11:43.0782 5612 EFS - ok
23:11:43.0847 5612 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:11:43.0861 5612 ehRecvr - ok
23:11:43.0903 5612 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:11:43.0905 5612 ehSched - ok
23:11:43.0955 5612 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:11:43.0968 5612 elxstor - ok
23:11:44.0024 5612 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:11:44.0025 5612 EraserUtilRebootDrv - ok
23:11:44.0039 5612 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:11:44.0040 5612 ErrDev - ok
23:11:44.0086 5612 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:11:44.0090 5612 EventSystem - ok
23:11:44.0103 5612 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:11:44.0106 5612 exfat - ok
23:11:44.0121 5612 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:11:44.0123 5612 fastfat - ok
23:11:44.0167 5612 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
23:11:44.0180 5612 Fax - ok
23:11:44.0217 5612 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:11:44.0218 5612 fdc - ok
23:11:44.0248 5612 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:11:44.0249 5612 fdPHost - ok
23:11:44.0264 5612 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:11:44.0265 5612 FDResPub - ok
23:11:44.0281 5612 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:11:44.0282 5612 FileInfo - ok
23:11:44.0297 5612 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:11:44.0298 5612 Filetrace - ok
23:11:44.0305 5612 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:11:44.0306 5612 flpydisk - ok
23:11:44.0324 5612 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:11:44.0326 5612 FltMgr - ok
23:11:44.0372 5612 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
23:11:44.0397 5612 FontCache - ok
23:11:44.0477 5612 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:11:44.0479 5612 FontCache3.0.0.0 - ok
23:11:44.0515 5612 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:11:44.0517 5612 FsDepends - ok
23:11:44.0545 5612 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:11:44.0545 5612 Fs_Rec - ok
23:11:44.0588 5612 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:11:44.0590 5612 fvevol - ok
23:11:44.0610 5612 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:11:44.0612 5612 gagp30kx - ok
23:11:44.0655 5612 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
23:11:44.0670 5612 gpsvc - ok
23:11:44.0781 5612 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:11:44.0784 5612 gupdate - ok
23:11:44.0806 5612 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:11:44.0808 5612 gupdatem - ok
23:11:44.0838 5612 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:11:44.0841 5612 gusvc - ok
23:11:44.0869 5612 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:11:44.0870 5612 hcw85cir - ok
23:11:44.0896 5612 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:11:44.0898 5612 HDAudBus - ok
23:11:44.0909 5612 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:11:44.0911 5612 HidBatt - ok
23:11:44.0921 5612 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:11:44.0923 5612 HidBth - ok
23:11:44.0945 5612 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:11:44.0946 5612 HidIr - ok
23:11:44.0976 5612 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
23:11:44.0978 5612 hidserv - ok
23:11:45.0009 5612 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:11:45.0010 5612 HidUsb - ok
23:11:45.0049 5612 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:11:45.0050 5612 hkmsvc - ok
23:11:45.0063 5612 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:11:45.0066 5612 HomeGroupListener - ok
23:11:45.0099 5612 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:11:45.0101 5612 HomeGroupProvider - ok
23:11:45.0117 5612 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:11:45.0118 5612 HpSAMD - ok
23:11:45.0157 5612 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
23:11:45.0162 5612 HsfXAudioService - ok
23:11:45.0186 5612 [ 227C3BA25012752BB7450235392C719F ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:11:45.0213 5612 HSF_DPV - ok
23:11:45.0241 5612 [ 186C11D0CA0E53B1EE266633B9D8B393 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
23:11:45.0243 5612 HSXHWBS2 - ok
23:11:45.0276 5612 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:11:45.0290 5612 HTTP - ok
23:11:45.0321 5612 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:11:45.0322 5612 hwpolicy - ok
23:11:45.0364 5612 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:11:45.0366 5612 i8042prt - ok
23:11:45.0456 5612 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
23:11:45.0461 5612 IAANTMON - ok
23:11:45.0531 5612 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:11:45.0533 5612 iaStor - ok
23:11:45.0585 5612 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:11:45.0590 5612 iaStorV - ok
23:11:45.0649 5612 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:11:45.0674 5612 idsvc - ok
23:11:45.0778 5612 [ D0A4C9031B57295D6B1078E3CFA45DB4 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120831.001\IDSvix86.sys
23:11:45.0781 5612 IDSVix86 - ok
23:11:45.0959 5612 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
23:11:46.0136 5612 igfx - ok
23:11:46.0196 5612 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:11:46.0197 5612 iirsp - ok
23:11:46.0249 5612 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
23:11:46.0264 5612 IKEEXT - ok
23:11:46.0362 5612 [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:11:46.0379 5612 IntcAzAudAddService - ok
23:11:46.0406 5612 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:11:46.0407 5612 intelide - ok
23:11:46.0430 5612 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:11:46.0431 5612 intelppm - ok
23:11:46.0488 5612 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
23:11:46.0489 5612 IntuitUpdateService - ok
23:11:46.0573 5612 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
23:11:46.0574 5612 IntuitUpdateServiceV4 - ok
23:11:46.0606 5612 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:11:46.0609 5612 IPBusEnum - ok
23:11:46.0619 5612 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:11:46.0621 5612 IpFilterDriver - ok
23:11:46.0647 5612 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:11:46.0651 5612 iphlpsvc - ok
23:11:46.0683 5612 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:11:46.0685 5612 IPMIDRV - ok
23:11:46.0702 5612 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:11:46.0704 5612 IPNAT - ok
23:11:46.0727 5612 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:11:46.0728 5612 IRENUM - ok
23:11:46.0755 5612 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:11:46.0757 5612 isapnp - ok
23:11:46.0769 5612 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:11:46.0773 5612 iScsiPrt - ok
23:11:46.0810 5612 [ D7B5B5C5130B775EC7E32EDD780D737F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
23:11:46.0812 5612 JRAID - ok
23:11:46.0831 5612 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:11:46.0832 5612 kbdclass - ok
23:11:46.0848 5612 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:11:46.0849 5612 kbdhid - ok
23:11:46.0863 5612 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
23:11:46.0865 5612 KeyIso - ok
23:11:46.0902 5612 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:11:46.0903 5612 KSecDD - ok
23:11:46.0936 5612 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:11:46.0938 5612 KSecPkg - ok
23:11:46.0973 5612 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:11:46.0979 5612 KtmRm - ok
23:11:47.0032 5612 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
23:11:47.0037 5612 LanmanServer - ok
23:11:47.0070 5612 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:11:47.0073 5612 LanmanWorkstation - ok
23:11:47.0114 5612 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:11:47.0116 5612 lltdio - ok
23:11:47.0143 5612 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:11:47.0147 5612 lltdsvc - ok
23:11:47.0159 5612 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:11:47.0161 5612 lmhosts - ok
23:11:47.0181 5612 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:11:47.0182 5612 LSI_FC - ok
23:11:47.0194 5612 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:11:47.0195 5612 LSI_SAS - ok
23:11:47.0204 5612 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:11:47.0205 5612 LSI_SAS2 - ok
23:11:47.0216 5612 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:11:47.0218 5612 LSI_SCSI - ok
23:11:47.0236 5612 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:11:47.0237 5612 luafv - ok
23:11:47.0272 5612 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:11:47.0275 5612 Mcx2Svc - ok
23:11:47.0290 5612 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:11:47.0291 5612 mdmxsdk - ok
23:11:47.0306 5612 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:11:47.0307 5612 megasas - ok
23:11:47.0323 5612 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:11:47.0327 5612 MegaSR - ok
23:11:47.0351 5612 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:11:47.0353 5612 MMCSS - ok
23:11:47.0362 5612 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:11:47.0363 5612 Modem - ok
23:11:47.0382 5612 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:11:47.0383 5612 monitor - ok
23:11:47.0395 5612 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:11:47.0396 5612 mouclass - ok
23:11:47.0410 5612 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:11:47.0411 5612 mouhid - ok
23:11:47.0422 5612 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:11:47.0423 5612 mountmgr - ok
23:11:47.0484 5612 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:11:47.0486 5612 MozillaMaintenance - ok
23:11:47.0502 5612 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:11:47.0504 5612 mpio - ok
23:11:47.0523 5612 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:11:47.0524 5612 mpsdrv - ok
23:11:47.0559 5612 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
23:11:47.0575 5612 MpsSvc - ok
23:11:47.0593 5612 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:11:47.0596 5612 MRxDAV - ok
23:11:47.0636 5612 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:11:47.0638 5612 mrxsmb - ok
23:11:47.0675 5612 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:11:47.0678 5612 mrxsmb10 - ok
23:11:47.0692 5612 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:11:47.0694 5612 mrxsmb20 - ok
23:11:47.0710 5612 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:11:47.0711 5612 msahci - ok
23:11:47.0727 5612 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:11:47.0728 5612 msdsm - ok
23:11:47.0739 5612 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:11:47.0742 5612 MSDTC - ok
23:11:47.0765 5612 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:11:47.0766 5612 Msfs - ok
23:11:47.0778 5612 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:11:47.0779 5612 mshidkmdf - ok
23:11:47.0794 5612 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:11:47.0795 5612 msisadrv - ok
23:11:47.0823 5612 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:11:47.0825 5612 MSiSCSI - ok
23:11:47.0829 5612 msiserver - ok
23:11:47.0849 5612 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:11:47.0850 5612 MSKSSRV - ok
23:11:47.0866 5612 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:11:47.0867 5612 MSPCLOCK - ok
23:11:47.0884 5612 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:11:47.0885 5612 MSPQM - ok
23:11:47.0903 5612 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:11:47.0905 5612 MsRPC - ok
23:11:47.0915 5612 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:11:47.0916 5612 mssmbios - ok
23:11:47.0926 5612 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:11:47.0927 5612 MSTEE - ok
23:11:47.0937 5612 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:11:47.0938 5612 MTConfig - ok
23:11:47.0955 5612 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:11:47.0956 5612 Mup - ok
23:11:48.0050 5612 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
23:11:48.0052 5612 N360 - ok
23:11:48.0092 5612 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
23:11:48.0108 5612 napagent - ok
23:11:48.0142 5612 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:11:48.0146 5612 NativeWifiP - ok
23:11:48.0244 5612 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120902.007\NAVENG.SYS
23:11:48.0246 5612 NAVENG - ok
23:11:48.0303 5612 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120902.007\NAVEX15.SYS
23:11:48.0334 5612 NAVEX15 - ok
23:11:48.0401 5612 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:11:48.0416 5612 NDIS - ok
23:11:48.0431 5612 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:11:48.0432 5612 NdisCap - ok
23:11:48.0451 5612 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:11:48.0452 5612 NdisTapi - ok
23:11:48.0475 5612 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:11:48.0476 5612 Ndisuio - ok
23:11:48.0490 5612 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:11:48.0492 5612 NdisWan - ok
23:11:48.0500 5612 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:11:48.0501 5612 NDProxy - ok
23:11:48.0510 5612 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:11:48.0512 5612 NetBIOS - ok
23:11:48.0524 5612 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:11:48.0526 5612 NetBT - ok
23:11:48.0538 5612 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
23:11:48.0539 5612 Netlogon - ok
23:11:48.0589 5612 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:11:48.0593 5612 Netman - ok
23:11:48.0663 5612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:11:48.0680 5612 NetMsmqActivator - ok
23:11:48.0693 5612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:11:48.0695 5612 NetPipeActivator - ok
23:11:48.0736 5612 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:11:48.0741 5612 netprofm - ok
23:11:48.0751 5612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:11:48.0753 5612 NetTcpActivator - ok
23:11:48.0759 5612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:11:48.0761 5612 NetTcpPortSharing - ok
23:11:48.0817 5612 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:11:48.0818 5612 nfrd960 - ok
23:11:48.0851 5612 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
23:11:48.0855 5612 NlaSvc - ok
23:11:48.0867 5612 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:11:48.0868 5612 Npfs - ok
23:11:48.0904 5612 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:11:48.0905 5612 nsi - ok
23:11:48.0915 5612 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:11:48.0917 5612 nsiproxy - ok
23:11:48.0976 5612 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:11:49.0003 5612 Ntfs - ok
23:11:49.0032 5612 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:11:49.0033 5612 Null - ok
23:11:49.0080 5612 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:11:49.0083 5612 nvraid - ok
23:11:49.0127 5612 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:11:49.0130 5612 nvstor - ok
23:11:49.0141 5612 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:11:49.0143 5612 nv_agp - ok
23:11:49.0159 5612 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:11:49.0160 5612 ohci1394 - ok
23:11:49.0188 5612 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:11:49.0193 5612 p2pimsvc - ok
23:11:49.0233 5612 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:11:49.0239 5612 p2psvc - ok
23:11:49.0252 5612 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:11:49.0259 5612 Parport - ok
23:11:49.0312 5612 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:11:49.0313 5612 partmgr - ok
23:11:49.0322 5612 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:11:49.0324 5612 Parvdm - ok
23:11:49.0336 5612 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:11:49.0338 5612 PcaSvc - ok
23:11:49.0354 5612 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
23:11:49.0355 5612 pci - ok
23:11:49.0372 5612 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:11:49.0373 5612 pciide - ok
23:11:49.0389 5612 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:11:49.0392 5612 pcmcia - ok
23:11:49.0408 5612 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:11:49.0409 5612 pcw - ok
23:11:49.0432 5612 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:11:49.0445 5612 PEAUTH - ok
23:11:49.0538 5612 [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc C:\Windows\system32\drivers\pfc.sys
23:11:49.0539 5612 pfc - ok
23:11:49.0592 5612 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
23:11:49.0628 5612 pla - ok
23:11:49.0700 5612 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:11:49.0705 5612 PlugPlay - ok
23:11:49.0717 5612 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:11:49.0719 5612 PNRPAutoReg - ok
23:11:49.0737 5612 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:11:49.0740 5612 PNRPsvc - ok
23:11:49.0779 5612 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:11:49.0782 5612 PolicyAgent - ok
23:11:49.0831 5612 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
23:11:49.0833 5612 Power - ok
23:11:49.0871 5612 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:11:49.0873 5612 PptpMiniport - ok
23:11:49.0902 5612 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:11:49.0903 5612 Processor - ok
23:11:49.0937 5612 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
23:11:49.0939 5612 ProfSvc - ok
23:11:49.0954 5612 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:11:49.0956 5612 ProtectedStorage - ok
23:11:49.0981 5612 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:11:49.0982 5612 Psched - ok
23:11:50.0016 5612 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:11:50.0016 5612 PxHelp20 - ok
23:11:50.0057 5612 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:11:50.0099 5612 ql2300 - ok
23:11:50.0152 5612 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:11:50.0154 5612 ql40xx - ok
23:11:50.0223 5612 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:11:50.0228 5612 QWAVE - ok
23:11:50.0291 5612 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:11:50.0292 5612 QWAVEdrv - ok
23:11:50.0306 5612 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:11:50.0307 5612 RasAcd - ok
23:11:50.0341 5612 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:11:50.0342 5612 RasAgileVpn - ok
23:11:50.0355 5612 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:11:50.0359 5612 RasAuto - ok
23:11:50.0375 5612 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:11:50.0377 5612 Rasl2tp - ok
23:11:50.0396 5612 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
23:11:50.0400 5612 RasMan - ok
23:11:50.0411 5612 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:11:50.0413 5612 RasPppoe - ok
23:11:50.0433 5612 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:11:50.0434 5612 RasSstp - ok
23:11:50.0450 5612 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:11:50.0453 5612 rdbss - ok
23:11:50.0471 5612 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:11:50.0472 5612 rdpbus - ok
23:11:50.0486 5612 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:11:50.0487 5612 RDPCDD - ok
23:11:50.0510 5612 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:11:50.0510 5612 RDPENCDD - ok
23:11:50.0530 5612 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:11:50.0531 5612 RDPREFMP - ok
23:11:50.0562 5612 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:11:50.0565 5612 RDPWD - ok
23:11:50.0589 5612 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:11:50.0591 5612 rdyboost - ok
23:11:50.0620 5612 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:11:50.0624 5612 RemoteAccess - ok
23:11:50.0681 5612 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:11:50.0684 5612 RemoteRegistry - ok
23:11:50.0701 5612 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:11:50.0704 5612 RpcEptMapper - ok
23:11:50.0738 5612 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:11:50.0739 5612 RpcLocator - ok
23:11:50.0758 5612 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
23:11:50.0763 5612 RpcSs - ok
23:11:50.0798 5612 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:11:50.0800 5612 rspndr - ok
23:11:50.0830 5612 [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
23:11:50.0833 5612 RTL8167 - ok
23:11:50.0846 5612 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
23:11:50.0848 5612 SamSs - ok
23:11:50.0870 5612 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:11:50.0872 5612 sbp2port - ok
23:11:50.0907 5612 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:11:50.0912 5612 SCardSvr - ok
23:11:50.0926 5612 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:11:50.0927 5612 scfilter - ok
23:11:50.0969 5612 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
23:11:50.0995 5612 Schedule - ok
23:11:51.0006 5612 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:11:51.0007 5612 SCPolicySvc - ok
23:11:51.0021 5612 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:11:51.0025 5612 SDRSVC - ok
23:11:51.0042 5612 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:11:51.0043 5612 secdrv - ok
23:11:51.0057 5612 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:11:51.0060 5612 seclogon - ok
23:11:51.0074 5612 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
23:11:51.0076 5612 SENS - ok
23:11:51.0102 5612 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:11:51.0105 5612 SensrSvc - ok
23:11:51.0117 5612 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:11:51.0118 5612 Serenum - ok
23:11:51.0137 5612 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:11:51.0139 5612 Serial - ok
23:11:51.0152 5612 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:11:51.0154 5612 sermouse - ok
23:11:51.0177 5612 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
23:11:51.0179 5612 SessionEnv - ok
23:11:51.0194 5612 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:11:51.0194 5612 sffdisk - ok
23:11:51.0209 5612 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:11:51.0209 5612 sffp_mmc - ok
23:11:51.0222 5612 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:11:51.0223 5612 sffp_sd - ok
23:11:51.0238 5612 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:11:51.0239 5612 sfloppy - ok
23:11:51.0268 5612 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:11:51.0272 5612 SharedAccess - ok
23:11:51.0314 5612 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:11:51.0320 5612 ShellHWDetection - ok
23:11:51.0331 5612 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
23:11:51.0333 5612 sisagp - ok
23:11:51.0347 5612 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:11:51.0348 5612 SiSRaid2 - ok
23:11:51.0360 5612 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:11:51.0362 5612 SiSRaid4 - ok
23:11:51.0385 5612 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:11:51.0387 5612 Smb - ok
23:11:51.0407 5612 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:11:51.0409 5612 SNMPTRAP - ok
23:11:51.0418 5612 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:11:51.0418 5612 spldr - ok
23:11:51.0458 5612 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
23:11:51.0463 5612 Spooler - ok
23:11:51.0534 5612 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
23:11:51.0615 5612 sppsvc - ok
23:11:51.0636 5612 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:11:51.0640 5612 sppuinotify - ok
23:11:51.0703 5612 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\N360\0603000.00E\SRTSP.SYS
23:11:51.0719 5612 SRTSP - ok
23:11:51.0736 5612 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS
23:11:51.0737 5612 SRTSPX - ok
23:11:51.0779 5612 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:11:51.0783 5612 srv - ok
23:11:51.0802 5612 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:11:51.0806 5612 srv2 - ok
23:11:51.0837 5612 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:11:51.0839 5612 srvnet - ok
23:11:51.0850 5612 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:11:51.0854 5612 SSDPSRV - ok
23:11:51.0869 5612 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:11:51.0873 5612 SstpSvc - ok
23:11:51.0902 5612 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:11:51.0903 5612 stexstor - ok
23:11:51.0948 5612 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
23:11:51.0964 5612 StiSvc - ok
23:11:51.0999 5612 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:11:52.0001 5612 stllssvr - ok
23:11:52.0015 5612 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:11:52.0015 5612 swenum - ok
23:11:52.0053 5612 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:11:52.0058 5612 swprv - ok
23:11:52.0108 5612 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\N360\0603000.00E\SYMDS.SYS
23:11:52.0112 5612 SymDS - ok
23:11:52.0163 5612 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\N360\0603000.00E\SYMEFA.SYS
23:11:52.0189 5612 SymEFA - ok
23:11:52.0232 5612 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
23:11:52.0233 5612 SymEvent - ok
23:11:52.0279 5612 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS
23:11:52.0281 5612 SymIRON - ok
23:11:52.0298 5612 [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS C:\Windows\System32\Drivers\N360\0603000.00E\SYMNETS.SYS
23:11:52.0300 5612 SymNetS - ok
23:11:52.0348 5612 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
23:11:52.0385 5612 SysMain - ok
23:11:52.0399 5612 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:11:52.0403 5612 TabletInputService - ok
23:11:52.0419 5612 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
23:11:52.0424 5612 TapiSrv - ok
23:11:52.0461 5612 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:11:52.0464 5612 TBS - ok
23:11:52.0518 5612 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:11:52.0545 5612 Tcpip - ok
23:11:52.0577 5612 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:11:52.0583 5612 TCPIP6 - ok
23:11:52.0611 5612 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:11:52.0612 5612 tcpipreg - ok
23:11:52.0627 5612 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:11:52.0628 5612 TDPIPE - ok
23:11:52.0639 5612 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:11:52.0640 5612 TDTCP - ok
23:11:52.0653 5612 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:11:52.0654 5612 tdx - ok
23:11:52.0667 5612 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:11:52.0667 5612 TermDD - ok
23:11:52.0705 5612 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
23:11:52.0721 5612 TermService - ok
23:11:52.0741 5612 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:11:52.0744 5612 Themes - ok
23:11:52.0759 5612 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:11:52.0761 5612 THREADORDER - ok
23:11:52.0813 5612 [ 9154A8561A04ED54BE451395F7AAF53A ] TimesUpKidz C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe
23:11:52.0813 5612 TimesUpKidz - ok
23:11:52.0829 5612 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:11:52.0833 5612 TrkWks - ok
23:11:52.0901 5612 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:11:52.0904 5612 TrustedInstaller - ok
23:11:52.0920 5612 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:11:52.0922 5612 tssecsrv - ok
23:11:52.0959 5612 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:11:52.0960 5612 tunnel - ok
23:11:52.0975 5612 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:11:52.0976 5612 uagp35 - ok
23:11:52.0993 5612 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:11:52.0996 5612 udfs - ok
23:11:53.0010 5612 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:11:53.0012 5612 UI0Detect - ok
23:11:53.0031 5612 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:11:53.0032 5612 uliagpkx - ok
23:11:53.0045 5612 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:11:53.0046 5612 umbus - ok
23:11:53.0061 5612 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:11:53.0062 5612 UmPass - ok
23:11:53.0076 5612 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:11:53.0080 5612 upnphost - ok
23:11:53.0106 5612 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
23:11:53.0107 5612 usbccgp - ok
23:11:53.0117 5612 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:11:53.0118 5612 usbcir - ok
23:11:53.0151 5612 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:11:53.0152 5612 usbehci - ok
23:11:53.0177 5612 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:11:53.0180 5612 usbhub - ok
23:11:53.0194 5612 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:11:53.0196 5612 usbohci - ok
23:11:53.0223 5612 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:11:53.0225 5612 usbprint - ok
23:11:53.0257 5612 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:11:53.0258 5612 USBSTOR - ok
23:11:53.0270 5612 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:11:53.0271 5612 usbuhci - ok
23:11:53.0301 5612 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:11:53.0302 5612 UxSms - ok
23:11:53.0312 5612 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
23:11:53.0313 5612 VaultSvc - ok
23:11:53.0338 5612 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:11:53.0339 5612 vdrvroot - ok
23:11:53.0363 5612 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
23:11:53.0375 5612 vds - ok
23:11:53.0400 5612 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:11:53.0402 5612 vga - ok
23:11:53.0421 5612 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:11:53.0422 5612 VgaSave - ok
23:11:53.0442 5612 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:11:53.0445 5612 vhdmp - ok
23:11:53.0463 5612 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
23:11:53.0465 5612 viaagp - ok
23:11:53.0474 5612 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:11:53.0475 5612 ViaC7 - ok
23:11:53.0486 5612 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:11:53.0487 5612 viaide - ok
23:11:53.0498 5612 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:11:53.0498 5612 volmgr - ok
23:11:53.0512 5612 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:11:53.0515 5612 volmgrx - ok
23:11:53.0529 5612 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
23:11:53.0531 5612 volsnap - ok
23:11:53.0553 5612 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:11:53.0556 5612 vsmraid - ok
23:11:53.0598 5612 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
23:11:53.0630 5612 VSS - ok
23:11:53.0642 5612 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:11:53.0643 5612 vwifibus - ok
23:11:53.0655 5612 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:11:53.0660 5612 W32Time - ok
23:11:53.0674 5612 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:11:53.0676 5612 WacomPen - ok
23:11:53.0692 5612 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:11:53.0693 5612 WANARP - ok
23:11:53.0696 5612 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:11:53.0697 5612 Wanarpv6 - ok
23:11:53.0799 5612 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:11:53.0833 5612 WatAdminSvc - ok
23:11:53.0889 5612 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
23:11:53.0924 5612 wbengine - ok
23:11:53.0951 5612 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:11:53.0956 5612 WbioSrvc - ok
23:11:53.0990 5612 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:11:53.0996 5612 wcncsvc - ok
23:11:54.0013 5612 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:11:54.0017 5612 WcsPlugInService - ok
23:11:54.0050 5612 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:11:54.0051 5612 Wd - ok
23:11:54.0071 5612 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:11:54.0077 5612 Wdf01000 - ok
23:11:54.0089 5612 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:11:54.0092 5612 WdiServiceHost - ok
23:11:54.0096 5612 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:11:54.0099 5612 WdiSystemHost - ok
23:11:54.0132 5612 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
23:11:54.0137 5612 WebClient - ok
23:11:54.0155 5612 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:11:54.0160 5612 Wecsvc - ok
23:11:54.0170 5612 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:11:54.0172 5612 wercplsupport - ok
23:11:54.0195 5612 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:11:54.0197 5612 WerSvc - ok
23:11:54.0209 5612 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:11:54.0210 5612 WfpLwf - ok
23:11:54.0220 5612 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:11:54.0222 5612 WIMMount - ok
23:11:54.0248 5612 [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:11:54.0262 5612 winachsf - ok
23:11:54.0311 5612 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:11:54.0327 5612 WinDefend - ok
23:11:54.0335 5612 WinHttpAutoProxySvc - ok
23:11:54.0397 5612 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:11:54.0400 5612 Winmgmt - ok
23:11:54.0453 5612 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
23:11:54.0491 5612 WinRM - ok
23:11:54.0548 5612 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:11:54.0550 5612 WinUsb - ok
23:11:54.0600 5612 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:11:54.0631 5612 Wlansvc - ok
23:11:54.0713 5612 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:11:54.0763 5612 wlidsvc - ok
23:11:54.0800 5612 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:11:54.0801 5612 WmiAcpi - ok
23:11:54.0843 5612 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:11:54.0845 5612 wmiApSrv - ok
23:11:54.0910 5612 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:11:54.0946 5612 WMPNetworkSvc - ok
23:11:54.0978 5612 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:11:54.0982 5612 WPCSvc - ok
23:11:54.0997 5612 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:11:55.0000 5612 WPDBusEnum - ok
23:11:55.0012 5612 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:11:55.0013 5612 ws2ifsl - ok
23:11:55.0056 5612 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll
23:11:55.0058 5612 wscsvc - ok
23:11:55.0062 5612 WSearch - ok
23:11:55.0135 5612 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:11:55.0189 5612 wuauserv - ok
23:11:55.0228 5612 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:11:55.0230 5612 WudfPf - ok
23:11:55.0254 5612 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:11:55.0256 5612 WUDFRd - ok
23:11:55.0293 5612 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:11:55.0295 5612 wudfsvc - ok
23:11:55.0314 5612 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:11:55.0319 5612 WwanSvc - ok
23:11:55.0338 5612 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
23:11:55.0340 5612 XAudio - ok
23:11:55.0354 5612 ================ Scan global ===============================
23:11:55.0390 5612 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
23:11:55.0417 5612 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
23:11:55.0434 5612 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
23:11:55.0473 5612 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:11:55.0509 5612 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:11:55.0515 5612 [Global] - ok
23:11:55.0515 5612 ================ Scan MBR ==================================
23:11:55.0527 5612 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
23:11:55.0528 5612 Suspicious mbr (Forged): \Device\Harddisk0\DR0
23:11:55.0587 5612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
23:11:55.0587 5612 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
23:11:55.0588 5612 ================ Scan VBR ==================================
23:11:55.0591 5612 [ 9D19430D8B7AA3A7C4B810714BED685F ] \Device\Harddisk0\DR0\Partition1
23:11:55.0593 5612 \Device\Harddisk0\DR0\Partition1 - ok
23:11:55.0610 5612 [ 5D5D62D4EFF7793694CBB4CA282DC09E ] \Device\Harddisk0\DR0\Partition2
23:11:55.0612 5612 \Device\Harddisk0\DR0\Partition2 - ok
23:11:55.0612 5612 ============================================================
23:11:55.0612 5612 Scan finished
23:11:55.0612 5612 ============================================================
23:11:55.0623 5604 Detected object count: 1
23:11:55.0623 5604 Actual detected object count: 1
23:13:20.0928 5604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
23:13:20.0928 5604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
23:13:38.0083 5544 Deinitialize success
MBRCheck.log:
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Vostro 220 Series
Logical Drives Mask: 0x000001ec
Kernel Drivers (total 174):
0x82C3C000 \SystemRoot\system32\ntkrnlpa.exe
0x82C05000 \SystemRoot\system32\halmacpi.dll
0x87490000 \SystemRoot\system32\kdcom.dll
0x8322A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832A2000 \SystemRoot\system32\PSHED.dll
0x832B3000 \SystemRoot\system32\BOOTVID.dll
0x832BB000 \SystemRoot\system32\CLFS.SYS
0x832FD000 \SystemRoot\system32\CI.dll
0x8343F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x834B0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x834BE000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x83506000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8350F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x83517000 \SystemRoot\system32\DRIVERS\pci.sys
0x83541000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8354C000 \SystemRoot\System32\drivers\partmgr.sys
0x8355D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8356D000 \SystemRoot\System32\drivers\volmgrx.sys
0x835B8000 \SystemRoot\System32\drivers\mountmgr.sys
0x8362F000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x83709000 \SystemRoot\system32\drivers\amdxata.sys
0x83712000 \SystemRoot\system32\drivers\fltmgr.sys
0x83746000 \SystemRoot\system32\drivers\N360\0603000.00E\SYMDS.SYS
0x8379D000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B42C000 \SystemRoot\system32\drivers\N360\0603000.00E\SYMEFA.SYS
0x8B514000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B628000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B757000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B782000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B795000 \SystemRoot\System32\Drivers\cng.sys
0x8B7F2000 \SystemRoot\System32\drivers\pcw.sys
0x8B600000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B51E000 \SystemRoot\system32\drivers\ndis.sys
0x837AE000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B5D5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B813000 \SystemRoot\System32\drivers\tcpip.sys
0x8B95D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B98E000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B9CD000 \SystemRoot\System32\Drivers\spldr.sys
0x83600000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B9D5000 \SystemRoot\System32\Drivers\mup.sys
0x8B9E5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x835CE000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B9ED000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x90EF5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90F14000 \SystemRoot\system32\drivers\N360\0603000.00E\ccSetx86.sys
0x90F38000 \SystemRoot\system32\drivers\N360\0603000.00E\Ironx86.SYS
0x90F5F000 \SystemRoot\System32\Drivers\Null.SYS
0x90F66000 \SystemRoot\System32\Drivers\Beep.SYS
0x90F6D000 \SystemRoot\System32\drivers\vga.sys
0x90F79000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90F9A000 \SystemRoot\System32\drivers\watchdog.sys
0x90FA7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90FAF000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90FB7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x90FBF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90FCA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90FD8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90FEF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91C08000 \SystemRoot\system32\drivers\afd.sys
0x91C62000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91C94000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x91C9D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x91CA4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91CC3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91CD1000 \SystemRoot\system32\DRIVERS\serial.sys
0x91CEB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91CFE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91D0E000 \SystemRoot\System32\Drivers\N360\0603000.00E\SYMNETS.SYS
0x91D62000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x91D8C000 \SystemRoot\system32\drivers\N360\0603000.00E\SRTSPX.SYS
0x91D9C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91DDD000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91DE7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x93C29000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120831.001\IDSvix86.sys
0x93C8B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x93CEA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x93D08000 \SystemRoot\System32\drivers\discache.sys
0x93D14000 \SystemRoot\System32\Drivers\dfsc.sys
0x93D2C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x94A39000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120823.007\BHDrvx86.sys
0x94B05000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x94B26000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x95E17000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x96734000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x94B38000 \SystemRoot\System32\drivers\dxgmms1.sys
0x967EB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x94B71000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x95E00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x94BBC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x94A00000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x93D3A000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x93D86000 \SystemRoot\system32\DRIVERS\ks.sys
0x99E34000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x99F36000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x99FEB000 \SystemRoot\system32\drivers\modem.sys
0x99E00000 \SystemRoot\system32\DRIVERS\serenum.sys
0x99E0A000 \SystemRoot\system32\drivers\pfc.sys
0x99E0D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x99E1A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x94BDB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x94BF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x93DBA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x93DDC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x93C00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B609000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x94A2C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x93C17000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x99E2C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91DF1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x833A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x837EC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9A409000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9A649000 \SystemRoot\system32\drivers\portcls.sys
0x9A678000 \SystemRoot\system32\drivers\drmk.sys
0x9A691000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9A69E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9A778000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9DEC0000 \SystemRoot\System32\win32k.sys
0x9A789000 \SystemRoot\System32\drivers\Dxapi.sys
0x9A793000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9A79E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9A7B1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9A7B8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9A7BA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9A7C5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9A7DC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9A7E7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9A7F3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9E120000 \SystemRoot\System32\TSDDD.dll
0x9E150000 \SystemRoot\System32\cdd.dll
0x90E00000 \SystemRoot\system32\drivers\luafv.sys
0x90E1B000 \SystemRoot\system32\drivers\WudfPf.sys
0x90E35000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90E45000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x90E58000 \SystemRoot\system32\drivers\HTTP.sys
0x83400000 \SystemRoot\system32\DRIVERS\bowser.sys
0x90EDD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x83419000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB1814000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB184F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB1882000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB1886000 \SystemRoot\system32\drivers\peauth.sys
0xB191D000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB1927000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB1948000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB1955000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0xB195D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB19AC000 \SystemRoot\System32\DRIVERS\srv.sys
0x83200000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xBBE14000 \SystemRoot\System32\Drivers\fastfat.SYS
0x76E70000 \Windows\System32\ntdll.dll
0x47C10000 \Windows\System32\smss.exe
0x770B0000 \Windows\System32\apisetschema.dll
0x00860000 \Windows\System32\autochk.exe
0x77020000 \Windows\System32\comdlg32.dll
0x76CD0000 \Windows\System32\setupapi.dll
0x76B10000 \Windows\System32\iertutil.dll
0x76A70000 \Windows\System32\usp10.dll
0x77010000 \Windows\System32\lpk.dll
0x769D0000 \Windows\System32\advapi32.dll
0x768B0000 \Windows\System32\urlmon.dll
0x77000000 \Windows\System32\nsi.dll
0x76750000 \Windows\System32\ole32.dll
0x766A0000 \Windows\System32\rpcrt4.dll
0x765D0000 \Windows\System32\msctf.dll
0x76570000 \Windows\System32\difxapi.dll
0x76FE0000 \Windows\System32\sechost.dll
0x76520000 \Windows\System32\Wldap32.dll
0x76FD0000 \Windows\System32\normaliz.dll
0x76490000 \Windows\System32\oleaut32.dll
0x76460000 \Windows\System32\imagehlp.dll
0x76380000 \Windows\System32\kernel32.dll
Processes (total 57):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
452 csrss.exe
504 C:\Windows\System32\wininit.exe
516 csrss.exe
564 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\winlogon.exe
612 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\spoolsv.exe
1396 C:\Windows\System32\svchost.exe
1500 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1520 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
1556 C:\Windows\System32\svchost.exe
1644 C:\Program Files\Norton 360\Engine\6.3.0.14\ccsvchst.exe
1828 C:\Windows\System32\taskhost.exe
1852 C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe
1872 C:\Program Files\Norton 360\Engine\6.3.0.14\ccsvchst.exe
352 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
988 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1460 C:\Windows\System32\dwm.exe
1636 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2264 C:\Windows\explorer.exe
2576 C:\Windows\System32\svchost.exe
2620 WUDFHost.exe
2844 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2856 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2864 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
2872 C:\Windows\System32\igfxtray.exe
2884 C:\Windows\System32\hkcmd.exe
2896 C:\Windows\System32\igfxpers.exe
2940 C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
2968 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3112 C:\Windows\System32\svchost.exe
3164 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3172 C:\Users\sunshine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
3180 C:\Program Files\Digital Line Detect\DLG.exe
3868 C:\Windows\System32\SearchIndexer.exe
1660 C:\Program Files\Windows Media Player\wmpnetwk.exe
2980 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
3392 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
4436 C:\Windows\servicing\TrustedInstaller.exe
4796 C:\Windows\System32\wuauclt.exe
5364 C:\Windows\System32\audiodg.exe
3092 C:\Windows\System32\svchost.exe
5016 C:\Windows\System32\wuauclt.exe
5636 dllhost.exe
6116 dllhost.exe
5576 C:\Users\sunshine\Downloads\MBRCheck.exe
6128 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500AAJS-75M0A0, Rev: 02.03E02
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B
Done!
MBAM.log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.31.06
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Haataja :: SUNSHINE-DELLPC [administrator]
9/2/2012 11:23:41 PM
mbam-log-2012-09-02 (23-23-41).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 510244
Time elapsed: 1 hour(s), 17 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Here is the ComboFix log:
ComboFix 12-09-01.01 - sunshine 09/02/2012 19:53:16.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.1946 [GMT -5:00]
Running from: c:\users\sunshine\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\sunshine\AppData\Roaming\Duqa
c:\users\sunshine\AppData\Roaming\Duqa\gabio.ywg
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Nels\AppData\Local\temp
2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Homework\AppData\Local\temp
2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Brita\AppData\Local\temp
2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Aric\AppData\Local\temp
2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Allison\AppData\Local\temp
2012-08-31 18:06 . 2012-08-31 18:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-31 18:06 . 2012-08-31 18:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-30 04:03 . 2012-08-30 04:03 -------- d-----w- c:\program files\Common Files\Java
2012-08-30 04:02 . 2012-08-30 04:02 -------- d-----w- c:\program files\Oracle
2012-08-30 04:01 . 2012-08-30 04:00 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-17 18:12 . 2012-08-17 18:12 -------- d-----w- c:\users\Nels\AppData\Local\Macromedia
2012-08-15 18:07 . 2012-08-15 18:07 -------- d-----w- c:\users\Allison\AppData\Local\Macromedia
2012-08-15 17:47 . 2012-08-15 17:47 -------- d-----w- c:\users\Nels\AppData\Local\Intel
2012-08-15 12:36 . 2012-05-05 07:44 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 12:36 . 2012-07-18 17:10 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 12:36 . 2012-02-11 05:44 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 12:36 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 12:36 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 12:36 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 12:36 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 01:49 . 2012-08-15 18:50 -------- d-----w- c:\windows\system32\drivers\N360\0603000.00E
2012-08-14 23:06 . 2012-08-14 23:06 -------- d-----w- c:\users\Brita\AppData\Local\Macromedia
2012-08-14 22:22 . 2012-08-14 22:22 -------- d-----w- c:\users\Andrea\AppData\Local\Macromedia
2012-08-14 17:02 . 2012-08-14 17:02 -------- d-----w- c:\users\Aric\AppData\Local\Macromedia
2012-08-14 15:59 . 2012-08-14 15:59 -------- d-----w- c:\users\sunshine\AppData\Local\Macromedia
2012-08-13 16:46 . 2012-08-29 15:55 -------- d-----w- c:\users\Nicole.sunshine-DellPC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 12:50 . 2010-03-23 17:46 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-08-31 12:50 . 2010-05-21 23:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-08-14 15:56 . 2012-04-23 20:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 15:56 . 2011-05-17 14:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2011-12-01 04:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 05:09 . 2012-07-11 03:55 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09 . 2012-07-11 03:55 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-18 15:38 . 2012-04-04 18:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\users\sunshine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-12-26 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-23 7514656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-23 1266]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-12-12 50688]
TimesUpKidz Reminders.lnk - c:\windows\Installer\{837DA79C-B12B-4709-9B9B-16D1468E418A}\_E0FC1390CC082CEC4B7147.exe [2012-4-2 17542]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0603000.00E\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0603000.00E\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120823.007\BHDrvx86.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0603000.00E\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120831.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0603000.00E\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0603000.00E\SYMNETS.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [x]
S2 TimesUpKidz;TimesUpKidz;c:\program files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 18:56]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 18:56]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\users\sunshine\AppData\Roaming\Mozilla\Firefox\Profiles\dd8pwjtk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-MindTwister Math - c:\windows\unvise32.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1498416925-3057025073-3905950374-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1498416925-3057025073-3905950374-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-02 20:01:05
ComboFix-quarantined-files.txt 2012-09-03 01:01
.
Pre-Run: 170,247,692,288 bytes free
Post-Run: 170,547,814,400 bytes free
.
- - End Of File - - EE69BDD0BC248BE2000E30A748741540
-
Hello,
Something isn't right on my pc. Malwarebytes found Trojan.Agent.MRGGen a few days ago, but google is being redirected and the computer seems slow. Nothing is being found by scans now.
Thanks in advance for any help!
sunshine
Here is dds.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by sunshine at 23:00:45 on 2012-09-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.966 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\sunshine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.3.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.3.0.14\ips\IPSBHO.DLL
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.3.0.14\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [sansaDispatch] c:\users\sunshine\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\serviceManager.lnk"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\timesu~1.lnk - c:\windows\installer\{837da79c-b12b-4709-9b9b-16d1468e418a}\_E0FC1390CC082CEC4B7147.exe
mPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{F6DD09E8-37A6-4945-A7D9-F383575F0CC7} : DhcpNameServer = 192.168.254.254 192.168.254.254
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sunshine\appdata\roaming\mozilla\firefox\profiles\dd8pwjtk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0603000.00e\symds.sys [2012-8-14 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0603000.00e\symefa.sys [2012-8-14 924320]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\bashdefs\20120823.007\BHDrvx86.sys [2012-6-18 821920]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0603000.00e\ccsetx86.sys [2012-8-14 132768]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\ipsdefs\20120831.001\IDSvix86.sys [2012-9-1 386208]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0603000.00e\ironx86.sys [2012-8-14 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0603000.00e\symnets.sys [2012-8-14 318584]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-12-12 81920]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.3.0.14\ccsvchst.exe [2012-8-14 138272]
R2 TimesUpKidz;TimesUpKidz;c:\program files\rain city digital llc\timesupkidz\TimesUpKidzServer.exe [2011-10-22 11264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-13 106656]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-12 167936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-4 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-4 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-20 1343400]
.
=============== Created Last 30 ================
.
2012-09-02 02:19:43 -------- d-----w- c:\users\sunshine\appdata\local\{8F8A3217-CEC0-463C-A01F-CDB5B1139B8C}
2012-09-01 05:03:50 -------- d-----w- c:\users\sunshine\appdata\local\{13CC1283-17FF-4A6B-A455-E7C3EE1AE65D}
2012-08-31 18:06:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-31 18:06:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-31 12:47:04 -------- d-----w- c:\users\sunshine\appdata\local\{21FE5E6A-8310-48D9-946E-BD5BB55FD558}
2012-08-30 21:42:25 -------- d-----w- c:\users\sunshine\appdata\local\{C5A3361F-DC4E-440C-9BB9-DE60425FF329}
2012-08-30 13:56:36 -------- d-----w- c:\users\sunshine\appdata\local\{F3D190E4-27F3-473E-BBDE-515F1DDD04BC}
2012-08-30 04:02:20 -------- d-----w- c:\program files\Oracle
2012-08-30 04:01:52 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 01:47:34 -------- d-----w- c:\users\sunshine\appdata\local\{EEA465B6-8F9A-4D00-B5C3-35B2B459AD94}
2012-08-29 04:04:29 -------- d-----w- c:\users\sunshine\appdata\local\{69A64649-D452-4CD2-AFB7-6381DA79BEB5}
2012-08-28 16:04:19 -------- d-----w- c:\users\sunshine\appdata\local\{8AD34BD1-789F-4871-8B15-222248560809}
2012-08-28 03:17:09 -------- d-----w- c:\users\sunshine\appdata\local\{FA575EC8-FF51-4D76-800D-A38FABFA4BEB}
2012-08-28 01:22:25 -------- d-----w- c:\users\sunshine\appdata\local\{39B44D3F-C6DB-4DEC-81F4-DCBF84DA79CE}
2012-08-27 12:31:51 -------- d-----w- c:\users\sunshine\appdata\local\{428B09FC-40FC-4EBD-8B82-BAF1819AFC1F}
2012-08-25 16:15:15 -------- d-----w- c:\users\sunshine\appdata\local\{19FF0B00-B7CB-43C3-AB1C-872BAE901072}
2012-08-25 01:08:04 -------- d-----w- c:\users\sunshine\appdata\local\{1C5A0813-F497-42C9-9D4D-B177A853B094}
2012-08-24 13:07:41 -------- d-----w- c:\users\sunshine\appdata\local\{5A158B7E-EE9B-4D73-95E2-1AA6D5AFAA0C}
2012-08-23 15:12:21 -------- d-----w- c:\users\sunshine\appdata\local\{40560DCC-D8DB-4C72-9FFC-DC9A90F116AE}
2012-08-23 03:11:57 -------- d-----w- c:\users\sunshine\appdata\local\{50B177F5-AF5E-48CA-B9BD-9E5A00DB80AA}
2012-08-22 15:11:33 -------- d-----w- c:\users\sunshine\appdata\local\{84901692-5BBD-4495-920C-6939563A4041}
2012-08-22 03:11:03 -------- d-----w- c:\users\sunshine\appdata\local\{F1FA1F1E-4D58-4E0C-9BB2-9ECA8D265C11}
2012-08-21 15:10:44 -------- d-----w- c:\users\sunshine\appdata\local\{A393AC20-5F50-4A79-9A8A-870DC3731A58}
2012-08-21 03:10:21 -------- d-----w- c:\users\sunshine\appdata\local\{363EE151-3407-483E-8D06-07A1EE06D647}
2012-08-20 14:46:36 -------- d-----w- c:\users\sunshine\appdata\local\{C15AFFE7-4C14-47E1-8FB7-02B1E98049FC}
2012-08-20 02:46:13 -------- d-----w- c:\users\sunshine\appdata\local\{BF8EF281-3907-4486-952E-F4B825D5559F}
2012-08-19 14:36:22 -------- d-----w- c:\users\sunshine\appdata\local\{1B905ED5-268F-403C-93E8-EC93B2096E3F}
2012-08-18 15:01:23 -------- d-----w- c:\users\sunshine\appdata\local\{6DDCB6B8-627D-4811-A121-27C265F49176}
2012-08-18 15:01:12 -------- d-----w- c:\users\sunshine\appdata\local\{657C1AF6-3DDB-45AE-A7A3-00591DEC6958}
2012-08-17 16:41:09 -------- d-----w- c:\users\sunshine\appdata\local\{25BC6CC9-5B8F-4F2C-BF5F-7CC7D5A4967B}
2012-08-17 16:40:59 -------- d-----w- c:\users\sunshine\appdata\local\{A781BF95-2AE6-4C8F-AD9C-9697A0E95B24}
2012-08-16 17:23:54 -------- d-----w- c:\users\sunshine\appdata\local\{6FB6AFB5-02DD-4F55-9874-166D4E824754}
2012-08-16 17:23:44 -------- d-----w- c:\users\sunshine\appdata\local\{D33BC4F4-F2F3-4059-B5EE-062D509B8634}
2012-08-16 00:27:49 -------- d-----w- c:\users\sunshine\appdata\local\{7BAE8B9E-D167-4423-93D6-7A8E01DDBBD8}
2012-08-16 00:27:39 -------- d-----w- c:\users\sunshine\appdata\local\{DED0FEBF-9B90-4306-BB18-B7E3EF90A932}
2012-08-15 12:36:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 12:36:33 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 12:36:27 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 12:36:27 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 12:36:11 41472 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 12:36:10 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 12:36:06 768512 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 12:27:20 -------- d-----w- c:\users\sunshine\appdata\local\{D566B1FE-EB21-4572-965E-8C36E414646E}
2012-08-15 12:27:07 -------- d-----w- c:\users\sunshine\appdata\local\{FE09C6BC-8AD5-412E-B05D-5D69D9CD3CD8}
2012-08-15 01:49:44 924320 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\symefa.sys
2012-08-15 01:49:44 574112 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\srtsp.sys
2012-08-15 01:49:44 340088 ----a-r- c:\windows\system32\drivers\n360\0603000.00e\symds.sys
2012-08-15 01:49:44 32928 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\srtspx.sys
2012-08-15 01:49:44 318584 ----a-r- c:\windows\system32\drivers\n360\0603000.00e\symnets.sys
2012-08-15 01:49:44 149624 ----a-r- c:\windows\system32\drivers\n360\0603000.00e\ironx86.sys
2012-08-15 01:49:43 132768 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\ccsetx86.sys
2012-08-15 01:49:34 8942 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\symvtcer.dat
2012-08-15 01:49:34 -------- d-----w- c:\windows\system32\drivers\n360\0603000.00E
2012-08-14 15:59:35 -------- d-----w- c:\users\sunshine\appdata\local\Macromedia
2012-08-14 15:57:25 -------- d-----w- c:\users\sunshine\appdata\local\{650F26B6-B98F-48FF-A27C-1A5DA9CEE00E}
2012-08-14 15:57:16 -------- d-----w- c:\users\sunshine\appdata\local\{5E208F13-81A7-448D-8BF1-ABB5ADCC824D}
2012-08-14 01:09:41 -------- d-----w- c:\users\sunshine\appdata\local\{765891BD-9097-41AC-9B91-AF25FFD33083}
2012-08-14 01:09:31 -------- d-----w- c:\users\sunshine\appdata\local\{08FA2962-F79A-45BD-9516-D2E32412355E}
2012-08-13 13:09:19 -------- d-----w- c:\users\sunshine\appdata\local\{8D2DD3E8-72E1-4639-A06C-6382D033B7AB}
2012-08-13 13:09:10 -------- d-----w- c:\users\sunshine\appdata\local\{74DF024F-0CE0-48EB-8D3F-34DFC1A4EC02}
2012-08-08 12:52:07 -------- d-----w- c:\users\sunshine\appdata\local\{A9588C29-BCBB-4065-AFCE-4AE4B6B1EEA2}
2012-08-08 12:51:57 -------- d-----w- c:\users\sunshine\appdata\local\{41177C8E-39E3-4043-86FF-A542B3430111}
2012-08-07 15:36:36 -------- d-----w- c:\users\sunshine\appdata\local\{08923662-74D3-46ED-8B70-63174A265D35}
2012-08-07 15:36:17 -------- d-----w- c:\users\sunshine\appdata\local\{F2867B90-0D68-42E3-8B2D-F3BF941C1359}
2012-08-06 23:50:34 -------- d-----w- c:\users\sunshine\appdata\local\{EC123204-DC2A-4D83-B613-D92D145364F3}
2012-08-06 23:50:24 -------- d-----w- c:\users\sunshine\appdata\local\{D9E15243-264A-4F42-A23C-B4E6F8E95A08}
2012-08-06 11:50:13 -------- d-----w- c:\users\sunshine\appdata\local\{02E208FD-FE31-438D-B730-B098151F7280}
2012-08-06 11:50:03 -------- d-----w- c:\users\sunshine\appdata\local\{6010E461-649E-4C17-AD83-692A1524B9CC}
2012-08-05 02:57:22 -------- d-----w- c:\users\sunshine\appdata\local\{E406070D-EAC3-4E47-A65E-98D78C46D603}
2012-08-05 02:57:12 -------- d-----w- c:\users\sunshine\appdata\local\{C2D76630-8456-415F-BECB-4ABB74BC9835}
2012-08-04 14:56:49 -------- d-----w- c:\users\sunshine\appdata\local\{85372D11-D629-4C4B-8A61-927135E59C5A}
2012-08-04 14:56:38 -------- d-----w- c:\users\sunshine\appdata\local\{63275184-C267-4C4A-96E0-71ACA8841EC2}
2012-08-03 15:29:48 -------- d-----w- c:\users\sunshine\appdata\local\{D4D0CD89-B214-4D22-B942-3AE14CBE896F}
2012-08-03 15:29:35 -------- d-----w- c:\users\sunshine\appdata\local\{EF4F9D0E-67C1-45A2-AB9C-1D26C881A57D}
.
==================== Find3M ====================
.
2012-08-14 15:56:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 15:56:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-06 05:09:46 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- c:\windows\system32\msxml3.dll
.
============= FINISH: 23:01:22.96 ===============
Here is attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2010 11:26:12 AM
System Uptime: 9/1/2012 9:14:09 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0JJW8N
Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2928/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 158.632 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP263: 8/15/2012 8:49:39 AM - Scheduled Checkpoint
RP264: 8/16/2012 12:38:47 AM - Windows Update
RP265: 8/23/2012 12:19:26 PM - Scheduled Checkpoint
RP266: 8/29/2012 10:59:59 PM - Installed Java 7 Update 5
RP267: 8/29/2012 11:01:58 PM - Installed JavaFX 2.1.1
RP269: 8/31/2012 1:34:55 PM - Removed InstallShield Restore Point
.
==== Installed Programs ======================
.
.
Sansa Media Converter
Activity Center, Winnie the Pooh
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Angry Birds
Arthur's Thinking Games
Baby Smartronics
Beauty and the Beast Magical Ballroom
Blue's Art Time Activities
Cinderella's Dollhouse
Clifford Learning Activities
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Cool Timer 3.6
Coupon Printer for Windows
D3DX10
Dell Backup and Recovery Manager
Dell Edoc Viewer
Digital Line Detect
Edmark MindTwister Math
Google Chrome
Google Update Helper
Intel AppUp(SM) center
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java 6 Update 31
Java 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
Math Games - Multiplication 1.1
Mathboard Addition
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Money 2005
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
NetWaiting
NHL 2000
Norton 360
Norton Internet Security
OGA Notifier 2.0.0048.0
OverDrive Media Console
Picasa 3
PowerDVD DX
Putt-Putt Travels Through Time
QuickTime
Reader Rabbit's Math Ages 6-9
Reader Rabbit® I Can Read! With Phonics
Realtek High Definition Audio Driver
Rob's Maths
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Sansa Updater
Scholastic's I SPY Junior
Scrapbook Factory Deluxe 4.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Shutterfly Express Uploader
StarFlyers Royal Jewel Rescue
swMSM
The Ultimate Math Practicen 2.5.1
TimesUpKidz
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmniper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmniper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmniper
TurboTax 2011 wrapper
Tux Paint 0.9.21c
Tux Paint Stamps 2009-06-28
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
US State Finder
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Wisdom-soft Set up ScreenHunter 5.1 Free
.
==== Event Viewer Messages From Past Week ========
.
9/1/2012 9:41:40 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/1/2012 9:38:07 PM, Error: Service Control Manager [7011] - A timeout (60001 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
9/1/2012 9:38:07 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/1/2012 12:06:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
9/1/2012 12:06:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
9/1/2012 12:05:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
9/1/2012 12:05:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
9/1/2012 12:04:25 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/31/2012 8:56:35 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/31/2012 7:57:44 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/31/2012 7:57:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/31/2012 7:57:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/31/2012 7:57:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/31/2012 7:57:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/31/2012 7:57:29 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 discache eeCtrl IDSVix86 spldr SRTSPX SymIRON SymNetS Wanarpv6
8/31/2012 1:52:18 PM, Error: Service Control Manager [7011] - A timeout (60001 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/30/2012 9:14:06 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/30/2012 9:14:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/30/2012 9:14:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/30/2012 9:13:51 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_N360 DfsC discache eeCtrl IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
8/30/2012 9:13:47 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2012 9:13:47 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/30/2012 9:13:47 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/30/2012 9:13:47 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/30/2012 9:13:47 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/30/2012 9:13:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/30/2012 9:13:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2012 9:13:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2012 9:13:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2012 9:13:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2012 4:20:02 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.
8/29/2012 11:26:09 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
8/29/2012 11:26:09 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/29/2012 11:26:09 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/29/2012 11:26:09 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/29/2012 11:26:09 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/29/2012 11:26:09 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/29/2012 11:26:09 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/29/2012 11:26:08 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/29/2012 11:26:08 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/29/2012 11:26:08 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/29/2012 11:26:08 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/29/2012 11:26:08 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/29/2012 1:14:35 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
8/28/2012 11:10:23 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
8/28/2012 11:10:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "776" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
8/28/2012 10:50:27 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
8/28/2012 10:48:23 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
.
==== End Of File ===========================
OpenDNS dashboard said malware or botnet activity; nothing found with MB
in Resolved Malware Removal Logs
Posted
Thanks again. I appreciate it.