Jump to content

Trojan and Rootkit won't go Away


Drakma
 Share

Recommended Posts

Hello several weeks ago I had a rootkit problem and also a trojan problem, on two different occasions, that were affecting internet explorer with redirects,. I had downloaded the free MBAM and it resolved the issues I had.

Since about a week ago I started to get occasional redirects, I scanned with MBAM and got 2 threats called svchost. I clicked quarantine and retasrted but they kept coming up everytime I scanned, but the google redirects stopped. Over the last couple days, my laptop has been lagging out and becoming inresponsive, suddenly shutting down, and giving me blue crash screens.

I asked my girlfriend's dad since he works with PCs(the one who told me to download free MBAM when I first had an infection) if he knew anything and he told me to download ATF Clearner and TDSSkiller, ran both and the TDSS detected 3 threats, 2 ignored and 1 was a pihar something rootkit, I cured and everything worked for about a day and its back to madness. He told me to come here to forums to try and get help.

So here I am now hoping that someone will help me, I downloaded the dds, disabled anti-virus and turned off internet and disconnected all usbs and ran the program and saved both the logs to desktop.

DDS.txt

Attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Hi MC, thank for you responsing so quickly, I downloaded the program and first time I tried to run it, NORTON Sonar deleted because it said it was behaving suspiciously, so I disabled norton, re-downloaded it and ran it and it automatically started doing a scan and put files into the rk quarantine folder in desktop. I clicked on scan as instructed and here's the RK log in my desktop.

RKreport1.txt

Link to post
Share on other sites

MrC im posting the RK log contents here, not sure if you wanted me to post the logs as attachments or as text.

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Karas [Admin rights]

Mode : Scan -- Date : 08/31/2012 15:19:03

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] rpcld.exe -- C:\ProgramData\Rpcnet\Bin\rpcld.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤

[RUN][bLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[RUN][Rans.Gendarm] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Karas\AppData\Roaming\.minecraft\.minecraft\mijimxh.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM640JJ +++++

--- User ---

[MBR] da37218601abaff53bf7d17be7aaf861

[bSP] 4a4a752fd74ed9662f3015917337a540 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 589168 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1207025664 | Size: 21008 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

I downloaded, unzipped and ran the file, before I touched anything on it, RK said it stopped that rpcld.exe process. I hit the scan button, when it finished it again opened up internet explorer and took me to the french version of the RK webpage. Don't know if this helps but all the buttons and words in the program show in english but when the scan completes there is a flashing triangle that says rans. gendarm.

Here's the new log:

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Karas [Admin rights]

Mode : Scan -- Date : 08/31/2012 17:03:10

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] rpcld.exe -- C:\ProgramData\Rpcnet\Bin\rpcld.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 11 ¤¤¤

[RUN][bLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[RUN][Rans.Gendarm] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Karas\AppData\Roaming\.minecraft\.minecraft\mijimxh.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM640JJ +++++

--- User ---

[MBR] da37218601abaff53bf7d17be7aaf861

[bSP] 4a4a752fd74ed9662f3015917337a540 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 589168 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1207025664 | Size: 21008 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][bLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[RUN][Rans.Gendarm] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Karas\AppData\Roaming\.minecraft\.minecraft\mijimxh.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Then.............

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

Please read the directions carefully so you don't end up deleting something that is good!!

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Ok I ran RK again, hit Scan selected the 7 entries you listed and hit delete. Created a new restore point and ran TDSSKiller with those parameters and here's the log:

17:53:21.0167 6036 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

17:53:21.0494 6036 ============================================================

17:53:21.0494 6036 Current date / time: 2012/08/31 17:53:21.0494

17:53:21.0494 6036 SystemInfo:

17:53:21.0494 6036

17:53:21.0494 6036 OS Version: 6.1.7601 ServicePack: 1.0

17:53:21.0494 6036 Product type: Workstation

17:53:21.0494 6036 ComputerName: MUGETSU

17:53:21.0494 6036 UserName: Karas

17:53:21.0494 6036 Windows directory: C:\Windows

17:53:21.0494 6036 System windows directory: C:\Windows

17:53:21.0494 6036 Running under WOW64

17:53:21.0494 6036 Processor architecture: Intel x64

17:53:21.0494 6036 Number of processors: 8

17:53:21.0494 6036 Page size: 0x1000

17:53:21.0494 6036 Boot type: Normal boot

17:53:21.0494 6036 ============================================================

17:53:21.0728 6036 BG loaded

17:53:22.0071 6036 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:53:22.0087 6036 ============================================================

17:53:22.0087 6036 \Device\Harddisk0\DR0:

17:53:22.0087 6036 MBR partitions:

17:53:22.0087 6036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

17:53:22.0087 6036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x47EB8000

17:53:22.0087 6036 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x47F1C000, BlocksNum 0x2908000

17:53:22.0087 6036 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0

17:53:22.0087 6036 ============================================================

17:53:22.0181 6036 C: <-> \Device\Harddisk0\DR0\Partition2

17:53:22.0337 6036 D: <-> \Device\Harddisk0\DR0\Partition3

17:53:22.0352 6036 F: <-> \Device\Harddisk0\DR0\Partition4

17:53:22.0352 6036 ============================================================

17:53:22.0352 6036 Initialize success

17:53:22.0352 6036 ============================================================

17:54:16.0054 7636 ============================================================

17:54:16.0054 7636 Scan started

17:54:16.0054 7636 Mode: Manual; SigCheck; TDLFS;

17:54:16.0054 7636 ============================================================

17:54:16.0647 7636 ================ Scan system memory ========================

17:54:16.0647 7636 System memory - ok

17:54:16.0647 7636 ================ Scan services =============================

17:54:16.0803 7636 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

17:54:16.0943 7636 1394ohci - ok

17:54:17.0021 7636 [ 426E0E8127BAC7D5DDEE8251F104E053 ] AbsoluteNotifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

17:54:17.0037 7636 AbsoluteNotifier - ok

17:54:17.0115 7636 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys

17:54:17.0130 7636 Accelerometer - ok

17:54:17.0177 7636 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

17:54:17.0193 7636 ACPI - ok

17:54:17.0208 7636 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

17:54:17.0224 7636 AcpiPmi - ok

17:54:17.0333 7636 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

17:54:17.0349 7636 AdobeARMservice - ok

17:54:17.0489 7636 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

17:54:17.0520 7636 AdobeFlashPlayerUpdateSvc - ok

17:54:17.0583 7636 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

17:54:17.0614 7636 adp94xx - ok

17:54:17.0661 7636 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

17:54:17.0676 7636 adpahci - ok

17:54:17.0707 7636 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

17:54:17.0739 7636 adpu320 - ok

17:54:17.0754 7636 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

17:54:17.0785 7636 AeLookupSvc - ok

17:54:17.0910 7636 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

17:54:17.0941 7636 AESTFilters - ok

17:54:18.0004 7636 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

17:54:18.0035 7636 AFD - ok

17:54:18.0113 7636 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

17:54:18.0129 7636 agp440 - ok

17:54:18.0160 7636 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

17:54:18.0191 7636 ALG - ok

17:54:18.0207 7636 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

17:54:18.0222 7636 aliide - ok

17:54:18.0285 7636 [ 962227630779043B5C1D4CD157ABB912 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

17:54:18.0331 7636 AMD External Events Utility - ok

17:54:18.0363 7636 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

17:54:18.0378 7636 amdide - ok

17:54:18.0425 7636 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

17:54:18.0456 7636 AmdK8 - ok

17:54:18.0721 7636 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

17:54:18.0831 7636 amdkmdag - ok

17:54:18.0909 7636 [ 2D9005EA0BFD25C740E53C8DD3C069E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

17:54:18.0940 7636 amdkmdap - ok

17:54:19.0002 7636 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

17:54:19.0033 7636 AmdPPM - ok

17:54:19.0065 7636 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

17:54:19.0080 7636 amdsata - ok

17:54:19.0111 7636 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

17:54:19.0127 7636 amdsbs - ok

17:54:19.0143 7636 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

17:54:19.0143 7636 amdxata - ok

17:54:19.0189 7636 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

17:54:19.0221 7636 AppID - ok

17:54:19.0252 7636 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

17:54:19.0283 7636 AppIDSvc - ok

17:54:19.0314 7636 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

17:54:19.0361 7636 Appinfo - ok

17:54:19.0439 7636 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:54:19.0455 7636 Apple Mobile Device - ok

17:54:19.0486 7636 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

17:54:19.0501 7636 arc - ok

17:54:19.0533 7636 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

17:54:19.0564 7636 arcsas - ok

17:54:19.0689 7636 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

17:54:19.0720 7636 aspnet_state - ok

17:54:19.0767 7636 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

17:54:19.0813 7636 AsyncMac - ok

17:54:19.0860 7636 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

17:54:19.0891 7636 atapi - ok

17:54:19.0954 7636 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

17:54:19.0985 7636 AtiHdmiService - ok

17:54:20.0032 7636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:54:20.0094 7636 AudioEndpointBuilder - ok

17:54:20.0094 7636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

17:54:20.0125 7636 AudioSrv - ok

17:54:20.0157 7636 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

17:54:20.0172 7636 AxInstSV - ok

17:54:20.0235 7636 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

17:54:20.0250 7636 b06bdrv - ok

17:54:20.0266 7636 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

17:54:20.0281 7636 b57nd60a - ok

17:54:20.0375 7636 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

17:54:20.0406 7636 BBSvc - ok

17:54:20.0422 7636 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

17:54:20.0437 7636 BDESVC - ok

17:54:20.0453 7636 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

17:54:20.0484 7636 Beep - ok

17:54:20.0547 7636 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

17:54:20.0593 7636 BFE - ok

17:54:20.0781 7636 [ C8AB71A5102D0FC103F6DFC750005137 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120823.007\BHDrvx64.sys

17:54:20.0827 7636 BHDrvx64 - ok

17:54:20.0874 7636 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

17:54:20.0921 7636 BITS - ok

17:54:20.0952 7636 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

17:54:20.0952 7636 blbdrive - ok

17:54:20.0999 7636 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

17:54:21.0015 7636 Bonjour Service - ok

17:54:21.0061 7636 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

17:54:21.0093 7636 bowser - ok

17:54:21.0124 7636 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:54:21.0139 7636 BrFiltLo - ok

17:54:21.0155 7636 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:54:21.0171 7636 BrFiltUp - ok

17:54:21.0217 7636 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

17:54:21.0249 7636 Browser - ok

17:54:21.0264 7636 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

17:54:21.0280 7636 Brserid - ok

17:54:21.0295 7636 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

17:54:21.0311 7636 BrSerWdm - ok

17:54:21.0327 7636 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

17:54:21.0342 7636 BrUsbMdm - ok

17:54:21.0342 7636 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

17:54:21.0358 7636 BrUsbSer - ok

17:54:21.0405 7636 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

17:54:21.0420 7636 BthEnum - ok

17:54:21.0436 7636 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

17:54:21.0436 7636 BTHMODEM - ok

17:54:21.0467 7636 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

17:54:21.0483 7636 BthPan - ok

17:54:21.0498 7636 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

17:54:21.0514 7636 BTHPORT - ok

17:54:21.0545 7636 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

17:54:21.0576 7636 bthserv - ok

17:54:21.0592 7636 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

17:54:21.0607 7636 BTHUSB - ok

17:54:21.0639 7636 [ 59E3510784548C6939C1B3B985C232E3 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys

17:54:21.0654 7636 btwampfl - ok

17:54:21.0654 7636 [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

17:54:21.0670 7636 btwaudio - ok

17:54:21.0717 7636 [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys

17:54:21.0732 7636 btwavdt - ok

17:54:21.0779 7636 [ 8BA6E93A182126781952A7895EC1E4B2 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

17:54:21.0795 7636 btwdins - ok

17:54:21.0826 7636 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys

17:54:21.0826 7636 btwl2cap - ok

17:54:21.0857 7636 [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

17:54:21.0857 7636 btwrchid - ok

17:54:21.0951 7636 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys

17:54:21.0966 7636 ccSet_N360 - ok

17:54:22.0013 7636 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

17:54:22.0060 7636 cdfs - ok

17:54:22.0107 7636 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

17:54:22.0107 7636 cdrom - ok

17:54:22.0185 7636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

17:54:22.0216 7636 CertPropSvc - ok

17:54:22.0294 7636 [ EA3333DB9AB03106EEC0D6D9D487ED01 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

17:54:22.0325 7636 CinemaNow Service - ok

17:54:22.0356 7636 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

17:54:22.0372 7636 circlass - ok

17:54:22.0419 7636 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

17:54:22.0450 7636 CLFS - ok

17:54:22.0512 7636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:54:22.0543 7636 clr_optimization_v2.0.50727_32 - ok

17:54:22.0575 7636 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:54:22.0590 7636 clr_optimization_v2.0.50727_64 - ok

17:54:22.0653 7636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:54:22.0668 7636 clr_optimization_v4.0.30319_32 - ok

17:54:22.0684 7636 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:54:22.0699 7636 clr_optimization_v4.0.30319_64 - ok

17:54:22.0715 7636 [ 9573E8C7C3B3D1625FD941841FD0859C ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys

17:54:22.0731 7636 clwvd - ok

17:54:22.0746 7636 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

17:54:22.0762 7636 CmBatt - ok

17:54:22.0777 7636 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

17:54:22.0793 7636 cmdide - ok

17:54:22.0840 7636 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

17:54:22.0871 7636 CNG - ok

17:54:22.0902 7636 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

17:54:22.0902 7636 Compbatt - ok

17:54:22.0965 7636 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

17:54:22.0996 7636 CompositeBus - ok

17:54:23.0011 7636 COMSysApp - ok

17:54:23.0027 7636 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

17:54:23.0043 7636 crcdisk - ok

17:54:23.0105 7636 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

17:54:23.0136 7636 CryptSvc - ok

17:54:23.0183 7636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

17:54:23.0230 7636 DcomLaunch - ok

17:54:23.0261 7636 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

17:54:23.0292 7636 defragsvc - ok

17:54:23.0339 7636 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

17:54:23.0386 7636 DfsC - ok

17:54:23.0401 7636 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

17:54:23.0433 7636 Dhcp - ok

17:54:23.0464 7636 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

17:54:23.0495 7636 discache - ok

17:54:23.0542 7636 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

17:54:23.0542 7636 Disk - ok

17:54:23.0573 7636 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

17:54:23.0573 7636 Dnscache - ok

17:54:23.0620 7636 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

17:54:23.0651 7636 dot3svc - ok

17:54:23.0729 7636 [ EAC9D9868D37C8785D12475A9BB65A11 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe

17:54:23.0760 7636 DpHost - ok

17:54:23.0791 7636 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

17:54:23.0823 7636 DPS - ok

17:54:23.0838 7636 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

17:54:23.0854 7636 drmkaud - ok

17:54:23.0885 7636 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

17:54:23.0916 7636 DXGKrnl - ok

17:54:23.0947 7636 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

17:54:23.0979 7636 EapHost - ok

17:54:24.0025 7636 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

17:54:24.0072 7636 ebdrv - ok

17:54:24.0119 7636 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

17:54:24.0135 7636 eeCtrl - ok

17:54:24.0166 7636 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

17:54:24.0166 7636 EFS - ok

17:54:24.0259 7636 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

17:54:24.0306 7636 ehRecvr - ok

17:54:24.0353 7636 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

17:54:24.0369 7636 ehSched - ok

17:54:24.0431 7636 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

17:54:24.0462 7636 elxstor - ok

17:54:24.0493 7636 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

17:54:24.0509 7636 EraserUtilRebootDrv - ok

17:54:24.0525 7636 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

17:54:24.0540 7636 ErrDev - ok

17:54:24.0571 7636 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

17:54:24.0603 7636 EventSystem - ok

17:54:24.0712 7636 [ 1DB6BEC3D57C289F0107D7A34D5EF8F9 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

17:54:24.0743 7636 EvtEng - ok

17:54:24.0774 7636 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

17:54:24.0805 7636 exfat - ok

17:54:24.0821 7636 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

17:54:24.0852 7636 fastfat - ok

17:54:24.0883 7636 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

17:54:24.0899 7636 Fax - ok

17:54:24.0915 7636 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

17:54:24.0930 7636 fdc - ok

17:54:24.0977 7636 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

17:54:25.0008 7636 fdPHost - ok

17:54:25.0008 7636 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

17:54:25.0055 7636 FDResPub - ok

17:54:25.0071 7636 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

17:54:25.0086 7636 FileInfo - ok

17:54:25.0086 7636 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

17:54:25.0117 7636 Filetrace - ok

17:54:25.0149 7636 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

17:54:25.0164 7636 flpydisk - ok

17:54:25.0195 7636 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

17:54:25.0211 7636 FltMgr - ok

17:54:25.0258 7636 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

17:54:25.0289 7636 FontCache - ok

17:54:25.0336 7636 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:54:25.0367 7636 FontCache3.0.0.0 - ok

17:54:25.0398 7636 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

17:54:25.0398 7636 FsDepends - ok

17:54:25.0461 7636 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

17:54:25.0476 7636 Fs_Rec - ok

17:54:25.0507 7636 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

17:54:25.0539 7636 fvevol - ok

17:54:25.0570 7636 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

17:54:25.0585 7636 gagp30kx - ok

17:54:25.0663 7636 [ 551D463E4CCEB5240234DA6718C93A44 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

17:54:25.0695 7636 GameConsoleService - ok

17:54:25.0710 7636 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:54:25.0726 7636 GEARAspiWDM - ok

17:54:25.0788 7636 Giraffic - ok

17:54:25.0819 7636 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

17:54:25.0866 7636 gpsvc - ok

17:54:25.0913 7636 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

17:54:25.0929 7636 hcw85cir - ok

17:54:25.0975 7636 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:54:26.0007 7636 HdAudAddService - ok

17:54:26.0022 7636 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

17:54:26.0038 7636 HDAudBus - ok

17:54:26.0069 7636 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

17:54:26.0085 7636 HECIx64 - ok

17:54:26.0100 7636 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

17:54:26.0116 7636 HidBatt - ok

17:54:26.0131 7636 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

17:54:26.0147 7636 HidBth - ok

17:54:26.0163 7636 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

17:54:26.0178 7636 HidIr - ok

17:54:26.0225 7636 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

17:54:26.0272 7636 hidserv - ok

17:54:26.0303 7636 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

17:54:26.0334 7636 HidUsb - ok

17:54:26.0365 7636 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

17:54:26.0412 7636 hkmsvc - ok

17:54:26.0475 7636 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

17:54:26.0490 7636 HomeGroupListener - ok

17:54:26.0521 7636 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

17:54:26.0537 7636 HomeGroupProvider - ok

17:54:26.0646 7636 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

17:54:26.0662 7636 HP Support Assistant Service - ok

17:54:26.0724 7636 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

17:54:26.0740 7636 HP Wireless Assistant Service - ok

17:54:26.0771 7636 [ C958976C7DAAF47084A33EBBC6E28B84 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

17:54:26.0802 7636 HPDrvMntSvc.exe - ok

17:54:26.0833 7636 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys

17:54:26.0849 7636 hpdskflt - ok

17:54:26.0896 7636 [ 09FBD4C4DB2FD84B9AB1C5BFDCC95559 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

17:54:26.0927 7636 hpqwmiex - ok

17:54:26.0974 7636 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

17:54:27.0005 7636 HpSAMD - ok

17:54:27.0021 7636 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe

17:54:27.0036 7636 hpsrv - ok

17:54:27.0099 7636 [ 171000873EB522E5EA3DD4C4E0B689B2 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

17:54:27.0114 7636 HPWMISVC - ok

17:54:27.0177 7636 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

17:54:27.0223 7636 HTTP - ok

17:54:27.0255 7636 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

17:54:27.0270 7636 hwpolicy - ok

17:54:27.0301 7636 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

17:54:27.0301 7636 i8042prt - ok

17:54:27.0333 7636 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

17:54:27.0348 7636 iaStor - ok

17:54:27.0379 7636 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

17:54:27.0426 7636 iaStorV - ok

17:54:27.0473 7636 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:54:27.0504 7636 idsvc - ok

17:54:27.0598 7636 [ 82AB40147567DE48C405AFE570A2266F ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120830.001\IDSvia64.sys

17:54:27.0613 7636 IDSVia64 - ok

17:54:27.0738 7636 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

17:54:27.0801 7636 igfx - ok

17:54:27.0847 7636 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

17:54:27.0879 7636 iirsp - ok

17:54:27.0925 7636 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

17:54:27.0957 7636 IKEEXT - ok

17:54:27.0988 7636 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

17:54:28.0003 7636 intelide - ok

17:54:28.0035 7636 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

17:54:28.0050 7636 intelppm - ok

17:54:28.0081 7636 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

17:54:28.0128 7636 IPBusEnum - ok

17:54:28.0144 7636 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:54:28.0175 7636 IpFilterDriver - ok

17:54:28.0206 7636 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

17:54:28.0253 7636 iphlpsvc - ok

17:54:28.0269 7636 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

17:54:28.0284 7636 IPMIDRV - ok

17:54:28.0300 7636 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

17:54:28.0331 7636 IPNAT - ok

17:54:28.0378 7636 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

17:54:28.0393 7636 iPod Service - ok

17:54:28.0425 7636 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

17:54:28.0440 7636 IRENUM - ok

17:54:28.0456 7636 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

17:54:28.0471 7636 isapnp - ok

17:54:28.0487 7636 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

17:54:28.0503 7636 iScsiPrt - ok

17:54:28.0534 7636 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

17:54:28.0534 7636 kbdclass - ok

17:54:28.0565 7636 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

17:54:28.0565 7636 kbdhid - ok

17:54:28.0581 7636 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

17:54:28.0596 7636 KeyIso - ok

17:54:28.0627 7636 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

17:54:28.0643 7636 KSecDD - ok

17:54:28.0674 7636 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

17:54:28.0690 7636 KSecPkg - ok

17:54:28.0705 7636 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

17:54:28.0737 7636 ksthunk - ok

17:54:28.0752 7636 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

17:54:28.0783 7636 KtmRm - ok

17:54:28.0830 7636 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

17:54:28.0877 7636 LanmanServer - ok

17:54:28.0908 7636 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:54:28.0939 7636 LanmanWorkstation - ok

17:54:28.0955 7636 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

17:54:28.0986 7636 lltdio - ok

17:54:29.0002 7636 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

17:54:29.0033 7636 lltdsvc - ok

17:54:29.0049 7636 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

17:54:29.0080 7636 lmhosts - ok

17:54:29.0173 7636 [ 6D515466AB8BFE61184092B635AE6EB4 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

17:54:29.0189 7636 LMS - ok

17:54:29.0220 7636 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

17:54:29.0236 7636 LSI_FC - ok

17:54:29.0251 7636 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

17:54:29.0251 7636 LSI_SAS - ok

17:54:29.0298 7636 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:54:29.0298 7636 LSI_SAS2 - ok

17:54:29.0314 7636 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:54:29.0329 7636 LSI_SCSI - ok

17:54:29.0345 7636 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

17:54:29.0361 7636 luafv - ok

17:54:29.0423 7636 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

17:54:29.0439 7636 MBAMProtector - ok

17:54:29.0563 7636 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

17:54:29.0610 7636 MBAMService - ok

17:54:29.0641 7636 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

17:54:29.0673 7636 Mcx2Svc - ok

17:54:29.0688 7636 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

17:54:29.0704 7636 megasas - ok

17:54:29.0719 7636 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

17:54:29.0735 7636 MegaSR - ok

17:54:29.0751 7636 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

17:54:29.0782 7636 MMCSS - ok

17:54:29.0813 7636 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

17:54:29.0844 7636 Modem - ok

17:54:29.0860 7636 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

17:54:29.0875 7636 monitor - ok

17:54:29.0907 7636 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

17:54:29.0938 7636 mouclass - ok

17:54:29.0953 7636 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

17:54:29.0969 7636 mouhid - ok

17:54:30.0031 7636 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

17:54:30.0063 7636 mountmgr - ok

17:54:30.0078 7636 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

17:54:30.0094 7636 mpio - ok

17:54:30.0109 7636 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

17:54:30.0141 7636 mpsdrv - ok

17:54:30.0187 7636 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

17:54:30.0234 7636 MpsSvc - ok

17:54:30.0265 7636 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

17:54:30.0281 7636 MRxDAV - ok

17:54:30.0343 7636 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

17:54:30.0375 7636 mrxsmb - ok

17:54:30.0437 7636 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:54:30.0468 7636 mrxsmb10 - ok

17:54:30.0499 7636 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:54:30.0515 7636 mrxsmb20 - ok

17:54:30.0531 7636 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

17:54:30.0546 7636 msahci - ok

17:54:30.0562 7636 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

17:54:30.0577 7636 msdsm - ok

17:54:30.0593 7636 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

17:54:30.0609 7636 MSDTC - ok

17:54:30.0609 7636 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

17:54:30.0640 7636 Msfs - ok

17:54:30.0671 7636 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

17:54:30.0702 7636 mshidkmdf - ok

17:54:30.0749 7636 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

17:54:30.0749 7636 msisadrv - ok

17:54:30.0780 7636 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

17:54:30.0827 7636 MSiSCSI - ok

17:54:30.0827 7636 msiserver - ok

17:54:30.0843 7636 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

17:54:30.0874 7636 MSKSSRV - ok

17:54:30.0889 7636 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:54:30.0921 7636 MSPCLOCK - ok

17:54:30.0967 7636 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

17:54:31.0030 7636 MSPQM - ok

17:54:31.0061 7636 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

17:54:31.0077 7636 MsRPC - ok

17:54:31.0077 7636 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

17:54:31.0092 7636 mssmbios - ok

17:54:31.0108 7636 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

17:54:31.0139 7636 MSTEE - ok

17:54:31.0155 7636 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

17:54:31.0170 7636 MTConfig - ok

17:54:31.0186 7636 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

17:54:31.0201 7636 Mup - ok

17:54:31.0233 7636 [ 400E39127AED6AED73E564C7AAEDD14A ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

17:54:31.0264 7636 MyWiFiDHCPDNS - ok

17:54:31.0311 7636 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe

17:54:31.0311 7636 N360 - ok

17:54:31.0342 7636 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

17:54:31.0373 7636 napagent - ok

17:54:31.0404 7636 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

17:54:31.0420 7636 NativeWifiP - ok

17:54:31.0513 7636 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120831.002\ENG64.SYS

17:54:31.0529 7636 NAVENG - ok

17:54:31.0591 7636 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120831.002\EX64.SYS

17:54:31.0638 7636 NAVEX15 - ok

17:54:31.0701 7636 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

17:54:31.0732 7636 NDIS - ok

17:54:31.0763 7636 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

17:54:31.0810 7636 NdisCap - ok

17:54:31.0841 7636 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

17:54:31.0872 7636 NdisTapi - ok

17:54:31.0903 7636 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

17:54:31.0935 7636 Ndisuio - ok

17:54:31.0966 7636 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

17:54:31.0981 7636 NdisWan - ok

17:54:32.0013 7636 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

17:54:32.0044 7636 NDProxy - ok

17:54:32.0075 7636 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

17:54:32.0106 7636 NetBIOS - ok

17:54:32.0137 7636 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

17:54:32.0153 7636 NetBT - ok

17:54:32.0169 7636 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

17:54:32.0184 7636 Netlogon - ok

17:54:32.0247 7636 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

17:54:32.0278 7636 Netman - ok

17:54:32.0325 7636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:54:32.0340 7636 NetMsmqActivator - ok

17:54:32.0356 7636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:54:32.0371 7636 NetPipeActivator - ok

17:54:32.0403 7636 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

17:54:32.0449 7636 netprofm - ok

17:54:32.0449 7636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:54:32.0465 7636 NetTcpActivator - ok

17:54:32.0465 7636 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:54:32.0465 7636 NetTcpPortSharing - ok

17:54:32.0637 7636 [ 24F64343F14A119308456E1CA7507B26 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys

17:54:32.0715 7636 NETw5s64 - ok

17:54:32.0855 7636 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys

17:54:32.0917 7636 netw5v64 - ok

17:54:33.0073 7636 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys

17:54:33.0167 7636 NETwNs64 - ok

17:54:33.0183 7636 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

17:54:33.0198 7636 nfrd960 - ok

17:54:33.0245 7636 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

17:54:33.0292 7636 NlaSvc - ok

17:54:33.0370 7636 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

17:54:33.0432 7636 NOBU - ok

17:54:33.0448 7636 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

17:54:33.0479 7636 Npfs - ok

17:54:33.0495 7636 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

17:54:33.0526 7636 nsi - ok

17:54:33.0541 7636 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

17:54:33.0573 7636 nsiproxy - ok

17:54:33.0619 7636 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

17:54:33.0635 7636 Ntfs - ok

17:54:33.0651 7636 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

17:54:33.0682 7636 Null - ok

17:54:33.0697 7636 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

17:54:33.0713 7636 nvraid - ok

17:54:33.0729 7636 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

17:54:33.0744 7636 nvstor - ok

17:54:33.0791 7636 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

17:54:33.0822 7636 nv_agp - ok

17:54:33.0838 7636 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

17:54:33.0853 7636 ohci1394 - ok

17:54:33.0916 7636 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:54:33.0947 7636 ose - ok

17:54:34.0072 7636 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

17:54:34.0150 7636 osppsvc - ok

17:54:34.0165 7636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

17:54:34.0181 7636 p2pimsvc - ok

17:54:34.0197 7636 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

17:54:34.0212 7636 p2psvc - ok

17:54:34.0228 7636 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

17:54:34.0243 7636 Parport - ok

17:54:34.0275 7636 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

17:54:34.0275 7636 partmgr - ok

17:54:34.0290 7636 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

17:54:34.0306 7636 PcaSvc - ok

17:54:34.0337 7636 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

17:54:34.0353 7636 pci - ok

17:54:34.0368 7636 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

17:54:34.0384 7636 pciide - ok

17:54:34.0431 7636 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

17:54:34.0446 7636 pcmcia - ok

17:54:34.0477 7636 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

17:54:34.0493 7636 pcw - ok

17:54:34.0509 7636 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

17:54:34.0540 7636 PEAUTH - ok

17:54:34.0602 7636 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

17:54:34.0633 7636 PerfHost - ok

17:54:34.0696 7636 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

17:54:34.0758 7636 pla - ok

17:54:34.0789 7636 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

17:54:34.0805 7636 PlugPlay - ok

17:54:34.0821 7636 PnkBstrA - ok

17:54:34.0821 7636 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

17:54:34.0836 7636 PNRPAutoReg - ok

17:54:34.0852 7636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

17:54:34.0867 7636 PNRPsvc - ok

17:54:34.0914 7636 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

17:54:34.0945 7636 PolicyAgent - ok

17:54:34.0961 7636 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

17:54:34.0992 7636 Power - ok

17:54:35.0023 7636 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

17:54:35.0055 7636 PptpMiniport - ok

17:54:35.0086 7636 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

17:54:35.0101 7636 Processor - ok

17:54:35.0117 7636 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

17:54:35.0133 7636 ProfSvc - ok

17:54:35.0148 7636 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

17:54:35.0148 7636 ProtectedStorage - ok

17:54:35.0179 7636 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

17:54:35.0226 7636 Psched - ok

17:54:35.0273 7636 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

17:54:35.0304 7636 ql2300 - ok

17:54:35.0320 7636 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

17:54:35.0335 7636 ql40xx - ok

17:54:35.0382 7636 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

17:54:35.0429 7636 QWAVE - ok

17:54:35.0445 7636 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

17:54:35.0460 7636 QWAVEdrv - ok

17:54:35.0476 7636 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

17:54:35.0507 7636 RasAcd - ok

17:54:35.0523 7636 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

17:54:35.0554 7636 RasAgileVpn - ok

17:54:35.0569 7636 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

17:54:35.0601 7636 RasAuto - ok

17:54:35.0632 7636 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

17:54:35.0679 7636 Rasl2tp - ok

17:54:35.0694 7636 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

17:54:35.0741 7636 RasMan - ok

17:54:35.0757 7636 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

17:54:35.0788 7636 RasPppoe - ok

17:54:35.0803 7636 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

17:54:35.0819 7636 RasSstp - ok

17:54:35.0850 7636 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

17:54:35.0881 7636 rdbss - ok

17:54:35.0881 7636 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

17:54:35.0897 7636 rdpbus - ok

17:54:35.0928 7636 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

17:54:35.0959 7636 RDPCDD - ok

17:54:35.0975 7636 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

17:54:36.0006 7636 RDPENCDD - ok

17:54:36.0006 7636 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

17:54:36.0037 7636 RDPREFMP - ok

17:54:36.0069 7636 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

17:54:36.0084 7636 RDPWD - ok

17:54:36.0100 7636 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

17:54:36.0115 7636 rdyboost - ok

17:54:36.0240 7636 [ C8A442E4DCF89D03C4D7C7616CE293AE ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

17:54:36.0271 7636 RegSrvc - ok

17:54:36.0287 7636 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

17:54:36.0318 7636 RemoteAccess - ok

17:54:36.0349 7636 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

17:54:36.0381 7636 RemoteRegistry - ok

17:54:36.0459 7636 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

17:54:36.0490 7636 RFCOMM - ok

17:54:36.0490 7636 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

17:54:36.0521 7636 RpcEptMapper - ok

17:54:36.0583 7636 [ B1574DCB4AE3EFACC24AA87B4AE6FC55 ] rpcld C:\ProgramData\Rpcnet\Bin\rpcld.exe

17:54:36.0583 7636 Suspicious file (NoAccess): C:\ProgramData\Rpcnet\Bin\rpcld.exe. md5: B1574DCB4AE3EFACC24AA87B4AE6FC55

17:54:36.0583 7636 rpcld ( LockedFile.Multi.Generic ) - warning

17:54:36.0583 7636 rpcld - detected LockedFile.Multi.Generic (1)

17:54:36.0599 7636 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

17:54:36.0630 7636 RpcLocator - ok

17:54:36.0661 7636 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\SysWOW64\rpcnet.exe

17:54:36.0693 7636 rpcnet - ok

17:54:36.0708 7636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

17:54:36.0771 7636 RpcSs - ok

17:54:36.0786 7636 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

17:54:36.0817 7636 rspndr - ok

17:54:36.0849 7636 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

17:54:36.0864 7636 RSUSBSTOR - ok

17:54:36.0895 7636 [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

17:54:36.0911 7636 RTL8167 - ok

17:54:36.0911 7636 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

17:54:36.0927 7636 SamSs - ok

17:54:36.0942 7636 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

17:54:36.0958 7636 sbp2port - ok

17:54:36.0973 7636 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

17:54:37.0005 7636 SCardSvr - ok

17:54:37.0067 7636 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

17:54:37.0114 7636 scfilter - ok

17:54:37.0145 7636 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

17:54:37.0192 7636 Schedule - ok

17:54:37.0207 7636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

17:54:37.0239 7636 SCPolicySvc - ok

17:54:37.0285 7636 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

17:54:37.0301 7636 sdbus - ok

17:54:37.0332 7636 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

17:54:37.0348 7636 SDRSVC - ok

17:54:37.0410 7636 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

17:54:37.0441 7636 SeaPort - ok

17:54:37.0473 7636 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

17:54:37.0504 7636 secdrv - ok

17:54:37.0535 7636 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

17:54:37.0566 7636 seclogon - ok

17:54:37.0582 7636 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

17:54:37.0613 7636 SENS - ok

17:54:37.0644 7636 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

17:54:37.0660 7636 SensrSvc - ok

17:54:37.0675 7636 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

17:54:37.0691 7636 Serenum - ok

17:54:37.0707 7636 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

17:54:37.0722 7636 Serial - ok

17:54:37.0753 7636 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

17:54:37.0769 7636 sermouse - ok

17:54:37.0785 7636 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

17:54:37.0816 7636 SessionEnv - ok

17:54:37.0831 7636 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

17:54:37.0847 7636 sffdisk - ok

17:54:37.0863 7636 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

17:54:37.0878 7636 sffp_mmc - ok

17:54:37.0894 7636 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

17:54:37.0909 7636 sffp_sd - ok

17:54:37.0925 7636 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

17:54:37.0925 7636 sfloppy - ok

17:54:37.0941 7636 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

17:54:37.0987 7636 SharedAccess - ok

17:54:38.0019 7636 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:54:38.0050 7636 ShellHWDetection - ok

17:54:38.0065 7636 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:54:38.0081 7636 SiSRaid2 - ok

17:54:38.0097 7636 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

17:54:38.0097 7636 SiSRaid4 - ok

17:54:38.0128 7636 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

17:54:38.0159 7636 Smb - ok

17:54:38.0206 7636 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

17:54:38.0221 7636 SNMPTRAP - ok

17:54:38.0237 7636 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

17:54:38.0237 7636 spldr - ok

17:54:38.0284 7636 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

17:54:38.0315 7636 Spooler - ok

17:54:38.0424 7636 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

17:54:38.0487 7636 sppsvc - ok

17:54:38.0502 7636 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

17:54:38.0533 7636 sppuinotify - ok

17:54:38.0627 7636 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0603000.00E\SRTSP64.SYS

17:54:38.0643 7636 SRTSP - ok

17:54:38.0674 7636 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS

17:54:38.0674 7636 SRTSPX - ok

17:54:38.0721 7636 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

17:54:38.0736 7636 srv - ok

17:54:38.0767 7636 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

17:54:38.0783 7636 srv2 - ok

17:54:38.0814 7636 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

17:54:38.0830 7636 SrvHsfHDA - ok

17:54:38.0861 7636 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

17:54:38.0877 7636 SrvHsfV92 - ok

17:54:38.0908 7636 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

17:54:38.0923 7636 SrvHsfWinac - ok

17:54:38.0939 7636 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

17:54:38.0955 7636 srvnet - ok

17:54:38.0986 7636 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

17:54:39.0017 7636 SSDPSRV - ok

17:54:39.0033 7636 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

17:54:39.0064 7636 SstpSvc - ok

17:54:39.0173 7636 [ 463E33B1EA7AF1E6EB87B66B831DB41A ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

17:54:39.0204 7636 STacSV - ok

17:54:39.0251 7636 Steam Client Service - ok

17:54:39.0267 7636 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

17:54:39.0298 7636 stexstor - ok

17:54:39.0329 7636 [ 4304B75094E106FB5423A290C95841E5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

17:54:39.0345 7636 STHDA - ok

17:54:39.0376 7636 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

17:54:39.0407 7636 stisvc - ok

17:54:39.0423 7636 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

17:54:39.0438 7636 swenum - ok

17:54:39.0469 7636 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

17:54:39.0501 7636 swprv - ok

17:54:39.0532 7636 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS

17:54:39.0547 7636 SymDS - ok

17:54:39.0579 7636 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS

17:54:39.0610 7636 SymEFA - ok

17:54:39.0641 7636 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

17:54:39.0657 7636 SymEvent - ok

17:54:39.0688 7636 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS

17:54:39.0719 7636 SymIRON - ok

17:54:39.0735 7636 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS

17:54:39.0750 7636 SymNetS - ok

17:54:39.0828 7636 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

17:54:39.0859 7636 SynTP - ok

17:54:39.0922 7636 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

17:54:39.0953 7636 SysMain - ok

17:54:39.0984 7636 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:54:40.0000 7636 TabletInputService - ok

17:54:40.0031 7636 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

17:54:40.0062 7636 TapiSrv - ok

17:54:40.0093 7636 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

17:54:40.0125 7636 TBS - ok

17:54:40.0156 7636 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

17:54:40.0187 7636 Tcpip - ok

17:54:40.0218 7636 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

17:54:40.0249 7636 TCPIP6 - ok

17:54:40.0281 7636 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

17:54:40.0312 7636 tcpipreg - ok

17:54:40.0343 7636 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

17:54:40.0343 7636 TDPIPE - ok

17:54:40.0374 7636 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

17:54:40.0390 7636 TDTCP - ok

17:54:40.0405 7636 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

17:54:40.0437 7636 tdx - ok

17:54:40.0483 7636 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

17:54:40.0499 7636 TermDD - ok

17:54:40.0530 7636 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

17:54:40.0561 7636 TermService - ok

17:54:40.0577 7636 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

17:54:40.0593 7636 Themes - ok

17:54:40.0608 7636 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

17:54:40.0639 7636 THREADORDER - ok

17:54:40.0655 7636 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

17:54:40.0686 7636 TrkWks - ok

17:54:40.0717 7636 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:54:40.0749 7636 TrustedInstaller - ok

17:54:40.0780 7636 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

17:54:40.0795 7636 tssecsrv - ok

17:54:40.0842 7636 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

17:54:40.0858 7636 TsUsbFlt - ok

17:54:40.0936 7636 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

17:54:40.0983 7636 tunnel - ok

17:54:41.0014 7636 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

17:54:41.0029 7636 uagp35 - ok

17:54:41.0045 7636 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

17:54:41.0076 7636 udfs - ok

17:54:41.0107 7636 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

17:54:41.0123 7636 UI0Detect - ok

17:54:41.0139 7636 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

17:54:41.0154 7636 uliagpkx - ok

17:54:41.0201 7636 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

17:54:41.0232 7636 umbus - ok

17:54:41.0263 7636 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

17:54:41.0279 7636 UmPass - ok

17:54:41.0435 7636 [ 0FADD949576A164B4E51E716F46B6C33 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

17:54:41.0466 7636 UNS - ok

17:54:41.0482 7636 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

17:54:41.0513 7636 upnphost - ok

17:54:41.0544 7636 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

17:54:41.0560 7636 USBAAPL64 - ok

17:54:41.0591 7636 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

17:54:41.0607 7636 usbccgp - ok

17:54:41.0622 7636 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

17:54:41.0622 7636 usbcir - ok

17:54:41.0638 7636 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

17:54:41.0653 7636 usbehci - ok

17:54:41.0685 7636 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

17:54:41.0700 7636 usbhub - ok

17:54:41.0716 7636 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

17:54:41.0731 7636 usbohci - ok

17:54:41.0778 7636 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

17:54:41.0809 7636 usbprint - ok

17:54:41.0872 7636 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

17:54:41.0903 7636 usbscan - ok

17:54:41.0934 7636 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:54:41.0950 7636 USBSTOR - ok

17:54:41.0965 7636 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

17:54:41.0965 7636 usbuhci - ok

17:54:42.0012 7636 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

17:54:42.0043 7636 usbvideo - ok

17:54:42.0059 7636 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

17:54:42.0090 7636 UxSms - ok

17:54:42.0106 7636 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

17:54:42.0106 7636 VaultSvc - ok

17:54:42.0184 7636 [ 2662F24C7AEE2A32CEBDEC907A5366F1 ] vcsFPService C:\Windows\system32\vcsFPService.exe

17:54:42.0231 7636 vcsFPService - ok

17:54:42.0262 7636 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

17:54:42.0262 7636 vdrvroot - ok

17:54:42.0309 7636 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

17:54:42.0355 7636 vds - ok

17:54:42.0387 7636 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

17:54:42.0402 7636 vga - ok

17:54:42.0418 7636 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

17:54:42.0449 7636 VgaSave - ok

17:54:42.0465 7636 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

17:54:42.0480 7636 vhdmp - ok

17:54:42.0496 7636 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

17:54:42.0511 7636 viaide - ok

17:54:42.0527 7636 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

17:54:42.0543 7636 volmgr - ok

17:54:42.0589 7636 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

17:54:42.0605 7636 volmgrx - ok

17:54:42.0621 7636 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

17:54:42.0636 7636 volsnap - ok

17:54:42.0667 7636 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

17:54:42.0699 7636 vsmraid - ok

17:54:42.0745 7636 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

17:54:42.0808 7636 VSS - ok

17:54:42.0823 7636 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

17:54:42.0839 7636 vwifibus - ok

17:54:42.0855 7636 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

17:54:42.0870 7636 vwififlt - ok

17:54:42.0886 7636 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

17:54:42.0901 7636 vwifimp - ok

17:54:42.0933 7636 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

17:54:42.0979 7636 W32Time - ok

17:54:43.0011 7636 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

17:54:43.0011 7636 WacomPen - ok

17:54:43.0042 7636 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

17:54:43.0073 7636 WANARP - ok

17:54:43.0073 7636 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

17:54:43.0104 7636 Wanarpv6 - ok

17:54:43.0135 7636 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

17:54:43.0167 7636 WatAdminSvc - ok

17:54:43.0213 7636 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

17:54:43.0245 7636 wbengine - ok

17:54:43.0276 7636 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

17:54:43.0291 7636 WbioSrvc - ok

17:54:43.0323 7636 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

17:54:43.0338 7636 wcncsvc - ok

17:54:43.0354 7636 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:54:43.0369 7636 WcsPlugInService - ok

17:54:43.0385 7636 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

17:54:43.0401 7636 Wd - ok

17:54:43.0416 7636 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

17:54:43.0432 7636 Wdf01000 - ok

17:54:43.0447 7636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

17:54:43.0463 7636 WdiServiceHost - ok

17:54:43.0463 7636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

17:54:43.0494 7636 WdiSystemHost - ok

17:54:43.0541 7636 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

17:54:43.0572 7636 WebClient - ok

17:54:43.0603 7636 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

17:54:43.0635 7636 Wecsvc - ok

17:54:43.0650 7636 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

17:54:43.0681 7636 wercplsupport - ok

17:54:43.0697 7636 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

17:54:43.0728 7636 WerSvc - ok

17:54:43.0744 7636 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

17:54:43.0775 7636 WfpLwf - ok

17:54:43.0775 7636 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

17:54:43.0791 7636 WIMMount - ok

17:54:43.0806 7636 WinDefend - ok

17:54:43.0806 7636 WinHttpAutoProxySvc - ok

17:54:43.0853 7636 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

17:54:43.0884 7636 Winmgmt - ok

17:54:43.0947 7636 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

17:54:43.0993 7636 WinRM - ok

17:54:44.0040 7636 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys

17:54:44.0071 7636 WinUSB - ok

17:54:44.0103 7636 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

17:54:44.0134 7636 Wlansvc - ok

17:54:44.0243 7636 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:54:44.0274 7636 wlidsvc - ok

17:54:44.0290 7636 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

17:54:44.0305 7636 WmiAcpi - ok

17:54:44.0352 7636 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

17:54:44.0383 7636 wmiApSrv - ok

17:54:44.0399 7636 WMPNetworkSvc - ok

17:54:44.0415 7636 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

17:54:44.0430 7636 WPCSvc - ok

17:54:44.0461 7636 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

17:54:44.0461 7636 WPDBusEnum - ok

17:54:44.0493 7636 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

17:54:44.0524 7636 ws2ifsl - ok

17:54:44.0524 7636 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

17:54:44.0539 7636 wscsvc - ok

17:54:44.0555 7636 WSearch - ok

17:54:44.0602 7636 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

17:54:44.0649 7636 wuauserv - ok

17:54:44.0649 7636 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

17:54:44.0680 7636 WudfPf - ok

17:54:44.0727 7636 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

17:54:44.0758 7636 WUDFRd - ok

17:54:44.0789 7636 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

17:54:44.0820 7636 wudfsvc - ok

17:54:44.0836 7636 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

17:54:44.0851 7636 WwanSvc - ok

17:54:44.0883 7636 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

17:54:44.0883 7636 yukonw7 - ok

17:54:44.0914 7636 ================ Scan global ===============================

17:54:44.0929 7636 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

17:54:44.0945 7636 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

17:54:44.0961 7636 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

17:54:44.0992 7636 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

17:54:45.0023 7636 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

17:54:45.0039 7636 [Global] - ok

17:54:45.0039 7636 ================ Scan MBR ==================================

17:54:45.0039 7636 [ 4859C2B849AA16259B9779060FCB6D29 ] \Device\Harddisk0\DR0

17:54:45.0351 7636 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:54:45.0351 7636 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:54:45.0351 7636 ================ Scan VBR ==================================

17:54:45.0351 7636 [ 62E4793B456825A03B6E6E3ED6092CD8 ] \Device\Harddisk0\DR0\Partition1

17:54:45.0366 7636 \Device\Harddisk0\DR0\Partition1 - ok

17:54:45.0382 7636 [ 094670D5A7BD823253BF86DD4EBC82CC ] \Device\Harddisk0\DR0\Partition2

17:54:45.0382 7636 \Device\Harddisk0\DR0\Partition2 - ok

17:54:45.0429 7636 [ 604AE7CB98AEE4AD790BC8F911B9DCAA ] \Device\Harddisk0\DR0\Partition3

17:54:45.0429 7636 \Device\Harddisk0\DR0\Partition3 - ok

17:54:45.0444 7636 [ 0A9BB5CA9E8675840B993667F944EB04 ] \Device\Harddisk0\DR0\Partition4

17:54:45.0444 7636 \Device\Harddisk0\DR0\Partition4 - ok

17:54:45.0444 7636 ============================================================

17:54:45.0444 7636 Scan finished

17:54:45.0444 7636 ============================================================

17:54:45.0460 7792 Detected object count: 2

17:54:45.0460 7792 Actual detected object count: 2

17:55:12.0354 7792 rpcld ( LockedFile.Multi.Generic ) - skipped by user

17:55:12.0354 7792 rpcld ( LockedFile.Multi.Generic ) - User select action: Skip

17:55:12.0370 7792 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:55:12.0370 7792 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

17:55:17.0658 8084 Deinitialize success

Link to post
Share on other sites

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

17:55:12.0370 7792 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:55:12.0370 7792 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

....are you on a wireless network??

MrC

Link to post
Share on other sites

Ok I ran TDSSKiller again and selected delete on that 1 entry. When I hit the continue button the report said 1 file neutralized and 14 files quarantined, at the same time the report came up the Norton Sonar started again and said that some Trojan was detected and quarantined. I'll attach the TDSSKiller log just in case. Oh and yes I am using wireless internet connection in my home which is passworded and only me and my girlfriend use.

TDSSKiller.2.8.8.0_31.08.2012_18.50.09_log.txt

Link to post
Share on other sites

Sorry for the delay in the response boss, I had to go out and get some groceries and run a couple errands. I updated and ran Quick Scan with MBAM and NOTHING came up! Woot. I restarted the PC and ran RogueKiller and it still autoscanned and stopped that rpcld.exe process as a bad process. Oh by the way the laptop is already starting up about twice as fast as it was before.

MBAM Log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.01.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Karas :: MUGETSU [administrator]

Protection: Disabled

8/31/2012 10:09:58 PM

mbam-log-2012-08-31 (22-09-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196701

Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

RK Log:

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Karas [Admin rights]

Mode : Scan -- Date : 08/31/2012 22:44:33

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] rpcld.exe -- C:\ProgramData\Rpcnet\Bin\rpcld.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM640JJ +++++

--- User ---

[MBR] da37218601abaff53bf7d17be7aaf861

[bSP] 4a4a752fd74ed9662f3015917337a540 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 589168 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1207025664 | Size: 21008 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[5].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

Link to post
Share on other sites

Good Morning MrC, laptop is running fine, starting up quicker, internet explorer is faster at loading pages, no redirects so far or blue screens or random shutdowns but then again, I've barely used it since I made the first post here, I didn't want to mess things up while you were helping me.

Link to post
Share on other sites

Great!!

Lets check your computers security before you go:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

MrC

Link to post
Share on other sites

Here you go sir:

Results of screen317's Security Check version 0.99.49

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 31

Java version out of Date!

Adobe Flash Player 11.3.300.271 Flash Player out of Date!

Adobe Reader X (10.1.4)

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Symantec Norton Online Backup NOBuAgent.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Java™ 6 Update 31 <----uninstall from add/remove programs (install the latest version)

Java version out of Date!

Adobe Flash Player 11.3.300.271 Flash Player out of Date! <---update

You have out dated programs on the system which are vulnerable to malware.

Please update or delete them

Info on doing that can be found in my Preventive Maintenance below.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Ok back home and updated Java and Flash, and uinstalled the earlier versions. Thank you so much MrC, I'm also gonna try to switch my internet browser to google chrome as advised in your Preventive Maintenance page as well as buying the full version of MBAM to have alongside my Norton. I am curious though, what exactly did I have?? Trojan or Rootkit or both? Im wondering how I could have gotten them, the only questionable websites I visit are efukt and theync, is there a way I can check if these websites are safe or not?

Link to post
Share on other sites

I am curious though, what exactly did I have?? Trojan or Rootkit or both? Im wondering how I could have gotten them, the only questionable websites I visit are efukt and theync, is there a way I can check if these websites are safe or not?

Well here's the malware we found:

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤

[RUN][bLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[RUN][Rans.Gendarm] HKUS\S-1-5-20[...]\Run : Update (rundll32.exe "C:\Users\Karas\AppData\Roaming\.minecraft\.minecraft\mijimxh.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Chromium (rundll32.exe "C:\Users\Karas\AppData\Local\Electronic Arts\Chromium\txuivci.dll",DllRegisterServer) -> FOUND

17:55:12.0370 7792 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:55:12.0370 7792 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~~~~~~

Malware uses all kinds of methods to get into your system.

Fake program updates, exploits older versions of programs, etc.

is there a way I can check if these websites are safe or not?

I use WOT, it won't let you go to a know unsafe website:

http://www.mywot.com/

MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.