malware help...Malwarebytes found MRGgen but PC still not right

Sunshine2 · September 2, 2012

Hello,

Something isn't right on my pc. Malwarebytes found Trojan.Agent.MRGGen a few days ago, but google is being redirected and the computer seems slow. Nothing is being found by scans now.

Thanks in advance for any help!

sunshine

Here is dds.txt:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by sunshine at 23:00:45 on 2012-09-01

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.966 [GMT -5:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe

C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Users\sunshine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\svchost.exe -k netsvcs

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.3.0.14\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.3.0.14\ips\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.3.0.14\coIEPlg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [sansaDispatch] c:\users\sunshine\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\serviceManager.lnk"

mRun: [<NO NAME>]

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\timesu~1.lnk - c:\windows\installer\{837da79c-b12b-4709-9b9b-16d1468e418a}\_E0FC1390CC082CEC4B7147.exe

mPolicies-explorer: DisallowRun = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{F6DD09E8-37A6-4945-A7D9-F383575F0CC7} : DhcpNameServer = 192.168.254.254 192.168.254.254

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sunshine\appdata\roaming\mozilla\firefox\profiles\dd8pwjtk.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0603000.00e\symds.sys [2012-8-14 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0603000.00e\symefa.sys [2012-8-14 924320]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\bashdefs\20120823.007\BHDrvx86.sys [2012-6-18 821920]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0603000.00e\ccsetx86.sys [2012-8-14 132768]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.1.2\definitions\ipsdefs\20120831.001\IDSvix86.sys [2012-9-1 386208]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0603000.00e\ironx86.sys [2012-8-14 149624]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0603000.00e\symnets.sys [2012-8-14 318584]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-12-12 81920]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 N360;Norton 360;c:\program files\norton 360\engine\6.3.0.14\ccsvchst.exe [2012-8-14 138272]

R2 TimesUpKidz;TimesUpKidz;c:\program files\rain city digital llc\timesupkidz\TimesUpKidzServer.exe [2011-10-22 11264]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-13 106656]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-12 167936]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-4 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-4 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 113120]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-20 1343400]

.

=============== Created Last 30 ================

.

2012-09-02 02:19:43 -------- d-----w- c:\users\sunshine\appdata\local\{8F8A3217-CEC0-463C-A01F-CDB5B1139B8C}

2012-09-01 05:03:50 -------- d-----w- c:\users\sunshine\appdata\local\{13CC1283-17FF-4A6B-A455-E7C3EE1AE65D}

2012-08-31 18:06:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-08-31 18:06:01 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-08-31 12:47:04 -------- d-----w- c:\users\sunshine\appdata\local\{21FE5E6A-8310-48D9-946E-BD5BB55FD558}

2012-08-30 21:42:25 -------- d-----w- c:\users\sunshine\appdata\local\{C5A3361F-DC4E-440C-9BB9-DE60425FF329}

2012-08-30 13:56:36 -------- d-----w- c:\users\sunshine\appdata\local\{F3D190E4-27F3-473E-BBDE-515F1DDD04BC}

2012-08-30 04:02:20 -------- d-----w- c:\program files\Oracle

2012-08-30 04:01:52 772592 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-30 01:47:34 -------- d-----w- c:\users\sunshine\appdata\local\{EEA465B6-8F9A-4D00-B5C3-35B2B459AD94}

2012-08-29 04:04:29 -------- d-----w- c:\users\sunshine\appdata\local\{69A64649-D452-4CD2-AFB7-6381DA79BEB5}

2012-08-28 16:04:19 -------- d-----w- c:\users\sunshine\appdata\local\{8AD34BD1-789F-4871-8B15-222248560809}

2012-08-28 03:17:09 -------- d-----w- c:\users\sunshine\appdata\local\{FA575EC8-FF51-4D76-800D-A38FABFA4BEB}

2012-08-28 01:22:25 -------- d-----w- c:\users\sunshine\appdata\local\{39B44D3F-C6DB-4DEC-81F4-DCBF84DA79CE}

2012-08-27 12:31:51 -------- d-----w- c:\users\sunshine\appdata\local\{428B09FC-40FC-4EBD-8B82-BAF1819AFC1F}

2012-08-25 16:15:15 -------- d-----w- c:\users\sunshine\appdata\local\{19FF0B00-B7CB-43C3-AB1C-872BAE901072}

2012-08-25 01:08:04 -------- d-----w- c:\users\sunshine\appdata\local\{1C5A0813-F497-42C9-9D4D-B177A853B094}

2012-08-24 13:07:41 -------- d-----w- c:\users\sunshine\appdata\local\{5A158B7E-EE9B-4D73-95E2-1AA6D5AFAA0C}

2012-08-23 15:12:21 -------- d-----w- c:\users\sunshine\appdata\local\{40560DCC-D8DB-4C72-9FFC-DC9A90F116AE}

2012-08-23 03:11:57 -------- d-----w- c:\users\sunshine\appdata\local\{50B177F5-AF5E-48CA-B9BD-9E5A00DB80AA}

2012-08-22 15:11:33 -------- d-----w- c:\users\sunshine\appdata\local\{84901692-5BBD-4495-920C-6939563A4041}

2012-08-22 03:11:03 -------- d-----w- c:\users\sunshine\appdata\local\{F1FA1F1E-4D58-4E0C-9BB2-9ECA8D265C11}

2012-08-21 15:10:44 -------- d-----w- c:\users\sunshine\appdata\local\{A393AC20-5F50-4A79-9A8A-870DC3731A58}

2012-08-21 03:10:21 -------- d-----w- c:\users\sunshine\appdata\local\{363EE151-3407-483E-8D06-07A1EE06D647}

2012-08-20 14:46:36 -------- d-----w- c:\users\sunshine\appdata\local\{C15AFFE7-4C14-47E1-8FB7-02B1E98049FC}

2012-08-20 02:46:13 -------- d-----w- c:\users\sunshine\appdata\local\{BF8EF281-3907-4486-952E-F4B825D5559F}

2012-08-19 14:36:22 -------- d-----w- c:\users\sunshine\appdata\local\{1B905ED5-268F-403C-93E8-EC93B2096E3F}

2012-08-18 15:01:23 -------- d-----w- c:\users\sunshine\appdata\local\{6DDCB6B8-627D-4811-A121-27C265F49176}

2012-08-18 15:01:12 -------- d-----w- c:\users\sunshine\appdata\local\{657C1AF6-3DDB-45AE-A7A3-00591DEC6958}

2012-08-17 16:41:09 -------- d-----w- c:\users\sunshine\appdata\local\{25BC6CC9-5B8F-4F2C-BF5F-7CC7D5A4967B}

2012-08-17 16:40:59 -------- d-----w- c:\users\sunshine\appdata\local\{A781BF95-2AE6-4C8F-AD9C-9697A0E95B24}

2012-08-16 17:23:54 -------- d-----w- c:\users\sunshine\appdata\local\{6FB6AFB5-02DD-4F55-9874-166D4E824754}

2012-08-16 17:23:44 -------- d-----w- c:\users\sunshine\appdata\local\{D33BC4F4-F2F3-4059-B5EE-062D509B8634}

2012-08-16 00:27:49 -------- d-----w- c:\users\sunshine\appdata\local\{7BAE8B9E-D167-4423-93D6-7A8E01DDBBD8}

2012-08-16 00:27:39 -------- d-----w- c:\users\sunshine\appdata\local\{DED0FEBF-9B90-4306-BB18-B7E3EF90A932}

2012-08-15 12:36:46 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 12:36:33 2344448 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 12:36:27 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 12:36:27 316928 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 12:36:11 41472 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 12:36:10 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-15 12:36:06 768512 ----a-w- c:\windows\system32\localspl.dll

2012-08-15 12:27:20 -------- d-----w- c:\users\sunshine\appdata\local\{D566B1FE-EB21-4572-965E-8C36E414646E}

2012-08-15 12:27:07 -------- d-----w- c:\users\sunshine\appdata\local\{FE09C6BC-8AD5-412E-B05D-5D69D9CD3CD8}

2012-08-15 01:49:44 924320 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\symefa.sys

2012-08-15 01:49:44 574112 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\srtsp.sys

2012-08-15 01:49:44 340088 ----a-r- c:\windows\system32\drivers\n360\0603000.00e\symds.sys

2012-08-15 01:49:44 32928 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\srtspx.sys

2012-08-15 01:49:44 318584 ----a-r- c:\windows\system32\drivers\n360\0603000.00e\symnets.sys

2012-08-15 01:49:44 149624 ----a-r- c:\windows\system32\drivers\n360\0603000.00e\ironx86.sys

2012-08-15 01:49:43 132768 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\ccsetx86.sys

2012-08-15 01:49:34 8942 ----a-w- c:\windows\system32\drivers\n360\0603000.00e\symvtcer.dat

2012-08-15 01:49:34 -------- d-----w- c:\windows\system32\drivers\n360\0603000.00E

2012-08-14 15:59:35 -------- d-----w- c:\users\sunshine\appdata\local\Macromedia

2012-08-14 15:57:25 -------- d-----w- c:\users\sunshine\appdata\local\{650F26B6-B98F-48FF-A27C-1A5DA9CEE00E}

2012-08-14 15:57:16 -------- d-----w- c:\users\sunshine\appdata\local\{5E208F13-81A7-448D-8BF1-ABB5ADCC824D}

2012-08-14 01:09:41 -------- d-----w- c:\users\sunshine\appdata\local\{765891BD-9097-41AC-9B91-AF25FFD33083}

2012-08-14 01:09:31 -------- d-----w- c:\users\sunshine\appdata\local\{08FA2962-F79A-45BD-9516-D2E32412355E}

2012-08-13 13:09:19 -------- d-----w- c:\users\sunshine\appdata\local\{8D2DD3E8-72E1-4639-A06C-6382D033B7AB}

2012-08-13 13:09:10 -------- d-----w- c:\users\sunshine\appdata\local\{74DF024F-0CE0-48EB-8D3F-34DFC1A4EC02}

2012-08-08 12:52:07 -------- d-----w- c:\users\sunshine\appdata\local\{A9588C29-BCBB-4065-AFCE-4AE4B6B1EEA2}

2012-08-08 12:51:57 -------- d-----w- c:\users\sunshine\appdata\local\{41177C8E-39E3-4043-86FF-A542B3430111}

2012-08-07 15:36:36 -------- d-----w- c:\users\sunshine\appdata\local\{08923662-74D3-46ED-8B70-63174A265D35}

2012-08-07 15:36:17 -------- d-----w- c:\users\sunshine\appdata\local\{F2867B90-0D68-42E3-8B2D-F3BF941C1359}

2012-08-06 23:50:34 -------- d-----w- c:\users\sunshine\appdata\local\{EC123204-DC2A-4D83-B613-D92D145364F3}

2012-08-06 23:50:24 -------- d-----w- c:\users\sunshine\appdata\local\{D9E15243-264A-4F42-A23C-B4E6F8E95A08}

2012-08-06 11:50:13 -------- d-----w- c:\users\sunshine\appdata\local\{02E208FD-FE31-438D-B730-B098151F7280}

2012-08-06 11:50:03 -------- d-----w- c:\users\sunshine\appdata\local\{6010E461-649E-4C17-AD83-692A1524B9CC}

2012-08-05 02:57:22 -------- d-----w- c:\users\sunshine\appdata\local\{E406070D-EAC3-4E47-A65E-98D78C46D603}

2012-08-05 02:57:12 -------- d-----w- c:\users\sunshine\appdata\local\{C2D76630-8456-415F-BECB-4ABB74BC9835}

2012-08-04 14:56:49 -------- d-----w- c:\users\sunshine\appdata\local\{85372D11-D629-4C4B-8A61-927135E59C5A}

2012-08-04 14:56:38 -------- d-----w- c:\users\sunshine\appdata\local\{63275184-C267-4C4A-96E0-71ACA8841EC2}

2012-08-03 15:29:48 -------- d-----w- c:\users\sunshine\appdata\local\{D4D0CD89-B214-4D22-B942-3AE14CBE896F}

2012-08-03 15:29:35 -------- d-----w- c:\users\sunshine\appdata\local\{EF4F9D0E-67C1-45A2-AB9C-1D26C881A57D}

.

==================== Find3M ====================

.

2012-08-14 15:56:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-14 15:56:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-06 05:09:46 1389568 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:09:46 1236992 ----a-w- c:\windows\system32\msxml3.dll

.

============= FINISH: 23:01:22.96 ===============

Here is attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2/4/2010 11:26:12 AM

System Uptime: 9/1/2012 9:14:09 PM (2 hours ago)

.

Motherboard: Dell Inc. | | 0JJW8N

Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2928/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 158.632 GiB free.

D: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP263: 8/15/2012 8:49:39 AM - Scheduled Checkpoint

RP264: 8/16/2012 12:38:47 AM - Windows Update

RP265: 8/23/2012 12:19:26 PM - Scheduled Checkpoint

RP266: 8/29/2012 10:59:59 PM - Installed Java 7 Update 5

RP267: 8/29/2012 11:01:58 PM - Installed JavaFX 2.1.1

RP269: 8/31/2012 1:34:55 PM - Removed InstallShield Restore Point

.

==== Installed Programs ======================

.

Sansa Media Converter

Activity Center, Winnie the Pooh

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Angry Birds

Arthur's Thinking Games

Baby Smartronics

Beauty and the Beast Magical Ballroom

Blue's Art Time Activities

Cinderella's Dollhouse

Clifford Learning Activities

Compatibility Pack for the 2007 Office system

Conexant D850 PCI V.92 Modem

Cool Timer 3.6

Coupon Printer for Windows

D3DX10

Dell Backup and Recovery Manager

Dell Edoc Viewer

Digital Line Detect

Edmark MindTwister Math

Google Chrome

Google Update Helper

Intel AppUp(SM) center

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

Intel® Matrix Storage Manager

iSEEK AnswerWorks English Runtime

Java Auto Updater

Java 6 Update 31

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

Math Games - Multiplication 1.1

Mathboard Addition

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Money 2005

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

NetWaiting

NHL 2000

Norton 360

Norton Internet Security

OGA Notifier 2.0.0048.0

OverDrive Media Console

Picasa 3

PowerDVD DX

Putt-Putt Travels Through Time

QuickTime

Reader Rabbit's Math Ages 6-9

Reader Rabbit® I Can Read! With Phonics

Realtek High Definition Audio Driver

Rob's Maths

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Sansa Updater

Scholastic's I SPY Junior

Scrapbook Factory Deluxe 4.0

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Shutterfly Express Uploader

StarFlyers Royal Jewel Rescue

swMSM

The Ultimate Math Practicen 2.5.1

TimesUpKidz

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wmniper

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wmniper

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wmniper

TurboTax 2011 wrapper

Tux Paint 0.9.21c

Tux Paint Stamps 2009-06-28

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

US State Finder

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Wisdom-soft Set up ScreenHunter 5.1 Free

.

==== Event Viewer Messages From Past Week ========

.

9/1/2012 9:41:40 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/1/2012 9:39:40 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/1/2012 9:38:07 PM, Error: Service Control Manager [7011] - A timeout (60001 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

9/1/2012 9:38:07 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/1/2012 12:06:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

9/1/2012 12:06:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

9/1/2012 12:05:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

9/1/2012 12:05:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.

9/1/2012 12:04:25 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/31/2012 8:56:35 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/31/2012 7:57:44 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

8/31/2012 7:57:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/31/2012 7:57:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/31/2012 7:57:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/31/2012 7:57:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/31/2012 7:57:29 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 discache eeCtrl IDSVix86 spldr SRTSPX SymIRON SymNetS Wanarpv6

8/31/2012 1:52:18 PM, Error: Service Control Manager [7011] - A timeout (60001 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

8/30/2012 9:14:06 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/30/2012 9:14:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/30/2012 9:14:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/30/2012 9:13:51 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_N360 DfsC discache eeCtrl IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf

8/30/2012 9:13:47 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/30/2012 9:13:47 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/30/2012 9:13:47 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/30/2012 9:13:47 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/30/2012 9:13:47 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/30/2012 9:13:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/30/2012 9:13:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/30/2012 9:13:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/30/2012 9:13:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/30/2012 9:13:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/30/2012 4:20:02 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.

8/29/2012 11:26:09 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).

8/29/2012 11:26:09 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

8/29/2012 11:26:09 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

8/29/2012 11:26:09 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/29/2012 11:26:09 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/29/2012 11:26:09 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

8/29/2012 11:26:09 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

8/29/2012 11:26:08 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

8/29/2012 11:26:08 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

8/29/2012 11:26:08 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

8/29/2012 11:26:08 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

8/29/2012 11:26:08 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

8/29/2012 1:14:35 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.

8/28/2012 11:10:23 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

8/28/2012 11:10:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "776" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

8/28/2012 10:50:27 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

8/28/2012 10:48:23 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

.

==== End Of File ===========================

TheDarkKnight · September 2, 2012

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear.

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

Sunshine2 · September 3, 2012

Here is the ComboFix log:

ComboFix 12-09-01.01 - sunshine 09/02/2012 19:53:16.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.1946 [GMT -5:00]

Running from: c:\users\sunshine\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\sunshine\AppData\Roaming\Duqa

c:\users\sunshine\AppData\Roaming\Duqa\gabio.ywg

.

((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))

.

2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Nels\AppData\Local\temp

2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Homework\AppData\Local\temp

2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Brita\AppData\Local\temp

2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Aric\AppData\Local\temp

2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Andrea\AppData\Local\temp

2012-09-03 00:59 . 2012-09-03 00:59 -------- d-----w- c:\users\Allison\AppData\Local\temp

2012-08-31 18:06 . 2012-08-31 18:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-08-31 18:06 . 2012-08-31 18:33 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-08-30 04:03 . 2012-08-30 04:03 -------- d-----w- c:\program files\Common Files\Java

2012-08-30 04:02 . 2012-08-30 04:02 -------- d-----w- c:\program files\Oracle

2012-08-30 04:01 . 2012-08-30 04:00 772592 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-17 18:12 . 2012-08-17 18:12 -------- d-----w- c:\users\Nels\AppData\Local\Macromedia

2012-08-15 18:07 . 2012-08-15 18:07 -------- d-----w- c:\users\Allison\AppData\Local\Macromedia

2012-08-15 17:47 . 2012-08-15 17:47 -------- d-----w- c:\users\Nels\AppData\Local\Intel

2012-08-15 12:36 . 2012-05-05 07:44 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 12:36 . 2012-07-18 17:10 2344448 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 12:36 . 2012-02-11 05:44 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 12:36 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 12:36 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 12:36 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-15 12:36 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll

2012-08-15 01:49 . 2012-08-15 18:50 -------- d-----w- c:\windows\system32\drivers\N360\0603000.00E

2012-08-14 23:06 . 2012-08-14 23:06 -------- d-----w- c:\users\Brita\AppData\Local\Macromedia

2012-08-14 22:22 . 2012-08-14 22:22 -------- d-----w- c:\users\Andrea\AppData\Local\Macromedia

2012-08-14 17:02 . 2012-08-14 17:02 -------- d-----w- c:\users\Aric\AppData\Local\Macromedia

2012-08-14 15:59 . 2012-08-14 15:59 -------- d-----w- c:\users\sunshine\AppData\Local\Macromedia

2012-08-13 16:46 . 2012-08-29 15:55 -------- d-----w- c:\users\Nicole.sunshine-DellPC

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-31 12:50 . 2010-03-23 17:46 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-08-31 12:50 . 2010-05-21 23:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-08-14 15:56 . 2012-04-23 20:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-14 15:56 . 2011-05-17 14:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 18:46 . 2011-12-01 04:01 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-06 05:09 . 2012-07-11 03:55 1389568 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:09 . 2012-07-11 03:55 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-07-18 15:38 . 2012-04-04 18:09 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SansaDispatch"="c:\users\sunshine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-12-26 79872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-23 7514656]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]

"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-23 1266]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-12-12 50688]

TimesUpKidz Reminders.lnk - c:\windows\Installer\{837DA79C-B12B-4709-9B9B-16D1468E418A}\_E0FC1390CC082CEC4B7147.exe [2012-4-2 17542]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0603000.00E\SYMDS.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0603000.00E\SYMEFA.SYS [x]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120823.007\BHDrvx86.sys [x]

S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0603000.00E\ccSetx86.sys [x]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120831.001\IDSvix86.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0603000.00E\Ironx86.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0603000.00E\SYMNETS.SYS [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe [x]

S2 TimesUpKidz;TimesUpKidz;c:\program files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 18:56]

.

2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-04 18:56]

.

------- Supplementary Scan -------

.

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

FF - ProfilePath - c:\users\sunshine\AppData\Roaming\Mozilla\Firefox\Profiles\dd8pwjtk.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-MindTwister Math - c:\windows\unvise32.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1498416925-3057025073-3905950374-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1498416925-3057025073-3905950374-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-09-02 20:01:05

ComboFix-quarantined-files.txt 2012-09-03 01:01

.

Pre-Run: 170,247,692,288 bytes free

Post-Run: 170,547,814,400 bytes free

.

- - End Of File - - EE69BDD0BC248BE2000E30A748741540

TheDarkKnight · September 3, 2012

Hey Sunshine2.

Please download to your Desktop:

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

===========

Next, please download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.blee...al/MBRCheck.exe

http://www.kernelmod...fo/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

===========

Finally, please re-run MBAM and post its new log in your reply.

===========

In your reply please provide the following:

TDSSKiller log.
MBRCheck log.
MBAM log.

Sunshine2 · September 3, 2012

Hi again. I hope I'm doing this all right - it felt strange to click 'SKIP' when TDSSKiller found something.

TDSSKiller.log:

23:11:27.0461 5548 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

23:11:27.0863 5548 ============================================================

23:11:27.0863 5548 Current date / time: 2012/09/02 23:11:27.0863

23:11:27.0863 5548 SystemInfo:

23:11:27.0864 5548

23:11:27.0864 5548 OS Version: 6.1.7600 ServicePack: 0.0

23:11:27.0864 5548 Product type: Workstation

23:11:27.0864 5548 ComputerName: sunshine-DELLPC

23:11:27.0864 5548 UserName: sunshine

23:11:27.0864 5548 Windows directory: C:\Windows

23:11:27.0864 5548 System windows directory: C:\Windows

23:11:27.0864 5548 Processor architecture: Intel x86

23:11:27.0864 5548 Number of processors: 2

23:11:27.0864 5548 Page size: 0x1000

23:11:27.0864 5548 Boot type: Normal boot

23:11:27.0864 5548 ============================================================

23:11:29.0553 5548 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

23:11:29.0580 5548 ============================================================

23:11:29.0580 5548 \Device\Harddisk0\DR0:

23:11:29.0580 5548 MBR partitions:

23:11:29.0580 5548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

23:11:29.0580 5548 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B448CA2

23:11:29.0580 5548 ============================================================

23:11:29.0603 5548 C: <-> \Device\Harddisk0\DR0\Partition2

23:11:29.0603 5548 ============================================================

23:11:29.0603 5548 Initialize success

23:11:29.0603 5548 ============================================================

23:11:38.0270 5612 ============================================================

23:11:38.0270 5612 Scan started

23:11:38.0270 5612 Mode: Manual;

23:11:38.0270 5612 ============================================================

23:11:39.0712 5612 ================ Scan system memory ========================

23:11:39.0712 5612 System memory - ok

23:11:39.0712 5612 ================ Scan services =============================

23:11:39.0860 5612 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

23:11:39.0863 5612 1394ohci - ok

23:11:39.0892 5612 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

23:11:39.0896 5612 ACPI - ok

23:11:39.0916 5612 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

23:11:39.0916 5612 AcpiPmi - ok

23:11:40.0032 5612 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

23:11:40.0033 5612 AdobeARMservice - ok

23:11:40.0077 5612 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

23:11:40.0092 5612 adp94xx - ok

23:11:40.0118 5612 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

23:11:40.0122 5612 adpahci - ok

23:11:40.0158 5612 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

23:11:40.0160 5612 adpu320 - ok

23:11:40.0196 5612 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:11:40.0197 5612 AeLookupSvc - ok

23:11:40.0223 5612 [ 7A841462AD4749F8A07B27AE8E8947B8 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

23:11:40.0225 5612 AERTFilters - ok

23:11:40.0279 5612 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys

23:11:40.0283 5612 AFD - ok

23:11:40.0313 5612 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

23:11:40.0314 5612 agp440 - ok

23:11:40.0368 5612 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys

23:11:40.0370 5612 aic78xx - ok

23:11:40.0411 5612 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

23:11:40.0413 5612 ALG - ok

23:11:40.0451 5612 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

23:11:40.0452 5612 aliide - ok

23:11:40.0467 5612 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys

23:11:40.0468 5612 amdagp - ok

23:11:40.0510 5612 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys

23:11:40.0511 5612 amdide - ok

23:11:40.0537 5612 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

23:11:40.0539 5612 AmdK8 - ok

23:11:40.0572 5612 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

23:11:40.0574 5612 AmdPPM - ok

23:11:40.0616 5612 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:11:40.0618 5612 amdsata - ok

23:11:40.0654 5612 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

23:11:40.0657 5612 amdsbs - ok

23:11:40.0688 5612 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:11:40.0689 5612 amdxata - ok

23:11:40.0712 5612 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys

23:11:40.0713 5612 AppID - ok

23:11:40.0751 5612 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:11:40.0752 5612 AppIDSvc - ok

23:11:40.0780 5612 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll

23:11:40.0780 5612 Appinfo - ok

23:11:40.0840 5612 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys

23:11:40.0842 5612 arc - ok

23:11:40.0854 5612 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

23:11:40.0856 5612 arcsas - ok

23:11:40.0967 5612 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

23:11:41.0009 5612 aspnet_state - ok

23:11:41.0032 5612 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:11:41.0033 5612 AsyncMac - ok

23:11:41.0074 5612 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys

23:11:41.0075 5612 atapi - ok

23:11:41.0125 5612 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:11:41.0131 5612 AudioEndpointBuilder - ok

23:11:41.0150 5612 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll

23:11:41.0153 5612 Audiosrv - ok

23:11:41.0209 5612 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:11:41.0211 5612 AxInstSV - ok

23:11:41.0246 5612 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys

23:11:41.0252 5612 b06bdrv - ok

23:11:41.0289 5612 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

23:11:41.0293 5612 b57nd60x - ok

23:11:41.0319 5612 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

23:11:41.0320 5612 BDESVC - ok

23:11:41.0347 5612 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

23:11:41.0347 5612 Beep - ok

23:11:41.0416 5612 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll

23:11:41.0422 5612 BFE - ok

23:11:41.0654 5612 [ A9E111A358AC5F7EBA7AC61E43FC6725 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120823.007\BHDrvx86.sys

23:11:41.0661 5612 BHDrvx86 - ok

23:11:41.0704 5612 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll

23:11:41.0710 5612 BITS - ok

23:11:41.0746 5612 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

23:11:41.0747 5612 blbdrive - ok

23:11:41.0785 5612 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:11:41.0786 5612 bowser - ok

23:11:41.0820 5612 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:11:41.0821 5612 BrFiltLo - ok

23:11:41.0832 5612 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:11:41.0832 5612 BrFiltUp - ok

23:11:41.0861 5612 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

23:11:41.0862 5612 BridgeMP - ok

23:11:41.0899 5612 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll

23:11:41.0900 5612 Browser - ok

23:11:41.0934 5612 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:11:41.0938 5612 Brserid - ok

23:11:41.0948 5612 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:11:41.0950 5612 BrSerWdm - ok

23:11:41.0965 5612 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:11:41.0966 5612 BrUsbMdm - ok

23:11:41.0982 5612 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:11:41.0983 5612 BrUsbSer - ok

23:11:41.0997 5612 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

23:11:41.0998 5612 BTHMODEM - ok

23:11:42.0049 5612 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

23:11:42.0050 5612 bthserv - ok

23:11:42.0157 5612 catchme - ok

23:11:42.0241 5612 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys

23:11:42.0242 5612 ccSet_N360 - ok

23:11:42.0263 5612 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:11:42.0265 5612 cdfs - ok

23:11:42.0308 5612 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

23:11:42.0310 5612 cdrom - ok

23:11:42.0348 5612 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll

23:11:42.0350 5612 CertPropSvc - ok

23:11:42.0366 5612 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

23:11:42.0368 5612 circlass - ok

23:11:42.0415 5612 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

23:11:42.0418 5612 CLFS - ok

23:11:42.0485 5612 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:11:42.0487 5612 clr_optimization_v2.0.50727_32 - ok

23:11:42.0560 5612 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:11:42.0652 5612 clr_optimization_v4.0.30319_32 - ok

23:11:42.0687 5612 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:11:42.0689 5612 CmBatt - ok

23:11:42.0704 5612 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

23:11:42.0705 5612 cmdide - ok

23:11:42.0737 5612 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys

23:11:42.0741 5612 CNG - ok

23:11:42.0770 5612 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:11:42.0771 5612 Compbatt - ok

23:11:42.0798 5612 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

23:11:42.0799 5612 CompositeBus - ok

23:11:42.0812 5612 COMSysApp - ok

23:11:42.0830 5612 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

23:11:42.0831 5612 crcdisk - ok

23:11:42.0887 5612 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:11:42.0889 5612 CryptSvc - ok

23:11:42.0926 5612 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll

23:11:42.0932 5612 DcomLaunch - ok

23:11:42.0976 5612 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

23:11:42.0980 5612 defragsvc - ok

23:11:43.0008 5612 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:11:43.0009 5612 DfsC - ok

23:11:43.0065 5612 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll

23:11:43.0068 5612 Dhcp - ok

23:11:43.0082 5612 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

23:11:43.0083 5612 discache - ok

23:11:43.0119 5612 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys

23:11:43.0120 5612 Disk - ok

23:11:43.0156 5612 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:11:43.0159 5612 Dnscache - ok

23:11:43.0191 5612 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll

23:11:43.0194 5612 dot3svc - ok

23:11:43.0210 5612 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll

23:11:43.0213 5612 DPS - ok

23:11:43.0240 5612 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:11:43.0241 5612 drmkaud - ok

23:11:43.0282 5612 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:11:43.0288 5612 DXGKrnl - ok

23:11:43.0329 5612 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

23:11:43.0330 5612 EapHost - ok

23:11:43.0426 5612 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys

23:11:43.0696 5612 ebdrv - ok

23:11:43.0747 5612 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

23:11:43.0750 5612 eeCtrl - ok

23:11:43.0780 5612 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe

23:11:43.0782 5612 EFS - ok

23:11:43.0847 5612 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:11:43.0861 5612 ehRecvr - ok

23:11:43.0903 5612 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

23:11:43.0905 5612 ehSched - ok

23:11:43.0955 5612 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

23:11:43.0968 5612 elxstor - ok

23:11:44.0024 5612 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

23:11:44.0025 5612 EraserUtilRebootDrv - ok

23:11:44.0039 5612 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

23:11:44.0040 5612 ErrDev - ok

23:11:44.0086 5612 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

23:11:44.0090 5612 EventSystem - ok

23:11:44.0103 5612 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

23:11:44.0106 5612 exfat - ok

23:11:44.0121 5612 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:11:44.0123 5612 fastfat - ok

23:11:44.0167 5612 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe

23:11:44.0180 5612 Fax - ok

23:11:44.0217 5612 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:11:44.0218 5612 fdc - ok

23:11:44.0248 5612 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

23:11:44.0249 5612 fdPHost - ok

23:11:44.0264 5612 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

23:11:44.0265 5612 FDResPub - ok

23:11:44.0281 5612 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:11:44.0282 5612 FileInfo - ok

23:11:44.0297 5612 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:11:44.0298 5612 Filetrace - ok

23:11:44.0305 5612 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:11:44.0306 5612 flpydisk - ok

23:11:44.0324 5612 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:11:44.0326 5612 FltMgr - ok

23:11:44.0372 5612 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll

23:11:44.0397 5612 FontCache - ok

23:11:44.0477 5612 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

23:11:44.0479 5612 FontCache3.0.0.0 - ok

23:11:44.0515 5612 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:11:44.0517 5612 FsDepends - ok

23:11:44.0545 5612 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:11:44.0545 5612 Fs_Rec - ok

23:11:44.0588 5612 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:11:44.0590 5612 fvevol - ok

23:11:44.0610 5612 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

23:11:44.0612 5612 gagp30kx - ok

23:11:44.0655 5612 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll

23:11:44.0670 5612 gpsvc - ok

23:11:44.0781 5612 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

23:11:44.0784 5612 gupdate - ok

23:11:44.0806 5612 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

23:11:44.0808 5612 gupdatem - ok

23:11:44.0838 5612 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

23:11:44.0841 5612 gusvc - ok

23:11:44.0869 5612 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:11:44.0870 5612 hcw85cir - ok

23:11:44.0896 5612 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

23:11:44.0898 5612 HDAudBus - ok

23:11:44.0909 5612 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

23:11:44.0911 5612 HidBatt - ok

23:11:44.0921 5612 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

23:11:44.0923 5612 HidBth - ok

23:11:44.0945 5612 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

23:11:44.0946 5612 HidIr - ok

23:11:44.0976 5612 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll

23:11:44.0978 5612 hidserv - ok

23:11:45.0009 5612 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

23:11:45.0010 5612 HidUsb - ok

23:11:45.0049 5612 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:11:45.0050 5612 hkmsvc - ok

23:11:45.0063 5612 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:11:45.0066 5612 HomeGroupListener - ok

23:11:45.0099 5612 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:11:45.0101 5612 HomeGroupProvider - ok

23:11:45.0117 5612 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

23:11:45.0118 5612 HpSAMD - ok

23:11:45.0157 5612 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll

23:11:45.0162 5612 HsfXAudioService - ok

23:11:45.0186 5612 [ 227C3BA25012752BB7450235392C719F ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys

23:11:45.0213 5612 HSF_DPV - ok

23:11:45.0241 5612 [ 186C11D0CA0E53B1EE266633B9D8B393 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys

23:11:45.0243 5612 HSXHWBS2 - ok

23:11:45.0276 5612 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:11:45.0290 5612 HTTP - ok

23:11:45.0321 5612 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:11:45.0322 5612 hwpolicy - ok

23:11:45.0364 5612 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

23:11:45.0366 5612 i8042prt - ok

23:11:45.0456 5612 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

23:11:45.0461 5612 IAANTMON - ok

23:11:45.0531 5612 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

23:11:45.0533 5612 iaStor - ok

23:11:45.0585 5612 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:11:45.0590 5612 iaStorV - ok

23:11:45.0649 5612 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

23:11:45.0674 5612 idsvc - ok

23:11:45.0778 5612 [ D0A4C9031B57295D6B1078E3CFA45DB4 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120831.001\IDSvix86.sys

23:11:45.0781 5612 IDSVix86 - ok

23:11:45.0959 5612 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

23:11:46.0136 5612 igfx - ok

23:11:46.0196 5612 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

23:11:46.0197 5612 iirsp - ok

23:11:46.0249 5612 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll

23:11:46.0264 5612 IKEEXT - ok

23:11:46.0362 5612 [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

23:11:46.0379 5612 IntcAzAudAddService - ok

23:11:46.0406 5612 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys

23:11:46.0407 5612 intelide - ok

23:11:46.0430 5612 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:11:46.0431 5612 intelppm - ok

23:11:46.0488 5612 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

23:11:46.0489 5612 IntuitUpdateService - ok

23:11:46.0573 5612 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

23:11:46.0574 5612 IntuitUpdateServiceV4 - ok

23:11:46.0606 5612 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:11:46.0609 5612 IPBusEnum - ok

23:11:46.0619 5612 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:11:46.0621 5612 IpFilterDriver - ok

23:11:46.0647 5612 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:11:46.0651 5612 iphlpsvc - ok

23:11:46.0683 5612 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

23:11:46.0685 5612 IPMIDRV - ok

23:11:46.0702 5612 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:11:46.0704 5612 IPNAT - ok

23:11:46.0727 5612 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:11:46.0728 5612 IRENUM - ok

23:11:46.0755 5612 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

23:11:46.0757 5612 isapnp - ok

23:11:46.0769 5612 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

23:11:46.0773 5612 iScsiPrt - ok

23:11:46.0810 5612 [ D7B5B5C5130B775EC7E32EDD780D737F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

23:11:46.0812 5612 JRAID - ok

23:11:46.0831 5612 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

23:11:46.0832 5612 kbdclass - ok

23:11:46.0848 5612 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

23:11:46.0849 5612 kbdhid - ok

23:11:46.0863 5612 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe

23:11:46.0865 5612 KeyIso - ok

23:11:46.0902 5612 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:11:46.0903 5612 KSecDD - ok

23:11:46.0936 5612 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:11:46.0938 5612 KSecPkg - ok

23:11:46.0973 5612 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

23:11:46.0979 5612 KtmRm - ok

23:11:47.0032 5612 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll

23:11:47.0037 5612 LanmanServer - ok

23:11:47.0070 5612 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:11:47.0073 5612 LanmanWorkstation - ok

23:11:47.0114 5612 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:11:47.0116 5612 lltdio - ok

23:11:47.0143 5612 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:11:47.0147 5612 lltdsvc - ok

23:11:47.0159 5612 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

23:11:47.0161 5612 lmhosts - ok

23:11:47.0181 5612 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

23:11:47.0182 5612 LSI_FC - ok

23:11:47.0194 5612 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

23:11:47.0195 5612 LSI_SAS - ok

23:11:47.0204 5612 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:11:47.0205 5612 LSI_SAS2 - ok

23:11:47.0216 5612 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:11:47.0218 5612 LSI_SCSI - ok

23:11:47.0236 5612 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

23:11:47.0237 5612 luafv - ok

23:11:47.0272 5612 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:11:47.0275 5612 Mcx2Svc - ok

23:11:47.0290 5612 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

23:11:47.0291 5612 mdmxsdk - ok

23:11:47.0306 5612 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

23:11:47.0307 5612 megasas - ok

23:11:47.0323 5612 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

23:11:47.0327 5612 MegaSR - ok

23:11:47.0351 5612 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

23:11:47.0353 5612 MMCSS - ok

23:11:47.0362 5612 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

23:11:47.0363 5612 Modem - ok

23:11:47.0382 5612 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:11:47.0383 5612 monitor - ok

23:11:47.0395 5612 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

23:11:47.0396 5612 mouclass - ok

23:11:47.0410 5612 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:11:47.0411 5612 mouhid - ok

23:11:47.0422 5612 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:11:47.0423 5612 mountmgr - ok

23:11:47.0484 5612 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

23:11:47.0486 5612 MozillaMaintenance - ok

23:11:47.0502 5612 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys

23:11:47.0504 5612 mpio - ok

23:11:47.0523 5612 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:11:47.0524 5612 mpsdrv - ok

23:11:47.0559 5612 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll

23:11:47.0575 5612 MpsSvc - ok

23:11:47.0593 5612 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:11:47.0596 5612 MRxDAV - ok

23:11:47.0636 5612 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:11:47.0638 5612 mrxsmb - ok

23:11:47.0675 5612 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:11:47.0678 5612 mrxsmb10 - ok

23:11:47.0692 5612 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:11:47.0694 5612 mrxsmb20 - ok

23:11:47.0710 5612 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

23:11:47.0711 5612 msahci - ok

23:11:47.0727 5612 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

23:11:47.0728 5612 msdsm - ok

23:11:47.0739 5612 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

23:11:47.0742 5612 MSDTC - ok

23:11:47.0765 5612 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:11:47.0766 5612 Msfs - ok

23:11:47.0778 5612 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:11:47.0779 5612 mshidkmdf - ok

23:11:47.0794 5612 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

23:11:47.0795 5612 msisadrv - ok

23:11:47.0823 5612 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:11:47.0825 5612 MSiSCSI - ok

23:11:47.0829 5612 msiserver - ok

23:11:47.0849 5612 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:11:47.0850 5612 MSKSSRV - ok

23:11:47.0866 5612 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:11:47.0867 5612 MSPCLOCK - ok

23:11:47.0884 5612 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:11:47.0885 5612 MSPQM - ok

23:11:47.0903 5612 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:11:47.0905 5612 MsRPC - ok

23:11:47.0915 5612 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

23:11:47.0916 5612 mssmbios - ok

23:11:47.0926 5612 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:11:47.0927 5612 MSTEE - ok

23:11:47.0937 5612 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

23:11:47.0938 5612 MTConfig - ok

23:11:47.0955 5612 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

23:11:47.0956 5612 Mup - ok

23:11:48.0050 5612 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe

23:11:48.0052 5612 N360 - ok

23:11:48.0092 5612 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll

23:11:48.0108 5612 napagent - ok

23:11:48.0142 5612 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:11:48.0146 5612 NativeWifiP - ok

23:11:48.0244 5612 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120902.007\NAVENG.SYS

23:11:48.0246 5612 NAVENG - ok

23:11:48.0303 5612 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120902.007\NAVEX15.SYS

23:11:48.0334 5612 NAVEX15 - ok

23:11:48.0401 5612 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys

23:11:48.0416 5612 NDIS - ok

23:11:48.0431 5612 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:11:48.0432 5612 NdisCap - ok

23:11:48.0451 5612 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:11:48.0452 5612 NdisTapi - ok

23:11:48.0475 5612 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:11:48.0476 5612 Ndisuio - ok

23:11:48.0490 5612 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:11:48.0492 5612 NdisWan - ok

23:11:48.0500 5612 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:11:48.0501 5612 NDProxy - ok

23:11:48.0510 5612 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:11:48.0512 5612 NetBIOS - ok

23:11:48.0524 5612 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:11:48.0526 5612 NetBT - ok

23:11:48.0538 5612 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe

23:11:48.0539 5612 Netlogon - ok

23:11:48.0589 5612 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

23:11:48.0593 5612 Netman - ok

23:11:48.0663 5612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

23:11:48.0680 5612 NetMsmqActivator - ok

23:11:48.0693 5612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

23:11:48.0695 5612 NetPipeActivator - ok

23:11:48.0736 5612 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

23:11:48.0741 5612 netprofm - ok

23:11:48.0751 5612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

23:11:48.0753 5612 NetTcpActivator - ok

23:11:48.0759 5612 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

23:11:48.0761 5612 NetTcpPortSharing - ok

23:11:48.0817 5612 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

23:11:48.0818 5612 nfrd960 - ok

23:11:48.0851 5612 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll

23:11:48.0855 5612 NlaSvc - ok

23:11:48.0867 5612 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:11:48.0868 5612 Npfs - ok

23:11:48.0904 5612 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

23:11:48.0905 5612 nsi - ok

23:11:48.0915 5612 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:11:48.0917 5612 nsiproxy - ok

23:11:48.0976 5612 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:11:49.0003 5612 Ntfs - ok

23:11:49.0032 5612 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

23:11:49.0033 5612 Null - ok

23:11:49.0080 5612 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:11:49.0083 5612 nvraid - ok

23:11:49.0127 5612 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:11:49.0130 5612 nvstor - ok

23:11:49.0141 5612 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

23:11:49.0143 5612 nv_agp - ok

23:11:49.0159 5612 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

23:11:49.0160 5612 ohci1394 - ok

23:11:49.0188 5612 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:11:49.0193 5612 p2pimsvc - ok

23:11:49.0233 5612 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

23:11:49.0239 5612 p2psvc - ok

23:11:49.0252 5612 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

23:11:49.0259 5612 Parport - ok

23:11:49.0312 5612 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:11:49.0313 5612 partmgr - ok

23:11:49.0322 5612 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

23:11:49.0324 5612 Parvdm - ok

23:11:49.0336 5612 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:11:49.0338 5612 PcaSvc - ok

23:11:49.0354 5612 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys

23:11:49.0355 5612 pci - ok

23:11:49.0372 5612 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys

23:11:49.0373 5612 pciide - ok

23:11:49.0389 5612 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

23:11:49.0392 5612 pcmcia - ok

23:11:49.0408 5612 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

23:11:49.0409 5612 pcw - ok

23:11:49.0432 5612 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:11:49.0445 5612 PEAUTH - ok

23:11:49.0538 5612 [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc C:\Windows\system32\drivers\pfc.sys

23:11:49.0539 5612 pfc - ok

23:11:49.0592 5612 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll

23:11:49.0628 5612 pla - ok

23:11:49.0700 5612 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:11:49.0705 5612 PlugPlay - ok

23:11:49.0717 5612 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:11:49.0719 5612 PNRPAutoReg - ok

23:11:49.0737 5612 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:11:49.0740 5612 PNRPsvc - ok

23:11:49.0779 5612 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:11:49.0782 5612 PolicyAgent - ok

23:11:49.0831 5612 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll

23:11:49.0833 5612 Power - ok

23:11:49.0871 5612 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:11:49.0873 5612 PptpMiniport - ok

23:11:49.0902 5612 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys

23:11:49.0903 5612 Processor - ok

23:11:49.0937 5612 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll

23:11:49.0939 5612 ProfSvc - ok

23:11:49.0954 5612 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:11:49.0956 5612 ProtectedStorage - ok

23:11:49.0981 5612 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:11:49.0982 5612 Psched - ok

23:11:50.0016 5612 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys

23:11:50.0016 5612 PxHelp20 - ok

23:11:50.0057 5612 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

23:11:50.0099 5612 ql2300 - ok

23:11:50.0152 5612 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

23:11:50.0154 5612 ql40xx - ok

23:11:50.0223 5612 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

23:11:50.0228 5612 QWAVE - ok

23:11:50.0291 5612 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:11:50.0292 5612 QWAVEdrv - ok

23:11:50.0306 5612 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:11:50.0307 5612 RasAcd - ok

23:11:50.0341 5612 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:11:50.0342 5612 RasAgileVpn - ok

23:11:50.0355 5612 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

23:11:50.0359 5612 RasAuto - ok

23:11:50.0375 5612 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:11:50.0377 5612 Rasl2tp - ok

23:11:50.0396 5612 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll

23:11:50.0400 5612 RasMan - ok

23:11:50.0411 5612 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:11:50.0413 5612 RasPppoe - ok

23:11:50.0433 5612 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:11:50.0434 5612 RasSstp - ok

23:11:50.0450 5612 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:11:50.0453 5612 rdbss - ok

23:11:50.0471 5612 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

23:11:50.0472 5612 rdpbus - ok

23:11:50.0486 5612 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:11:50.0487 5612 RDPCDD - ok

23:11:50.0510 5612 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:11:50.0510 5612 RDPENCDD - ok

23:11:50.0530 5612 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:11:50.0531 5612 RDPREFMP - ok

23:11:50.0562 5612 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:11:50.0565 5612 RDPWD - ok

23:11:50.0589 5612 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:11:50.0591 5612 rdyboost - ok

23:11:50.0620 5612 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

23:11:50.0624 5612 RemoteAccess - ok

23:11:50.0681 5612 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:11:50.0684 5612 RemoteRegistry - ok

23:11:50.0701 5612 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:11:50.0704 5612 RpcEptMapper - ok

23:11:50.0738 5612 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

23:11:50.0739 5612 RpcLocator - ok

23:11:50.0758 5612 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll

23:11:50.0763 5612 RpcSs - ok

23:11:50.0798 5612 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:11:50.0800 5612 rspndr - ok

23:11:50.0830 5612 [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys

23:11:50.0833 5612 RTL8167 - ok

23:11:50.0846 5612 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe

23:11:50.0848 5612 SamSs - ok

23:11:50.0870 5612 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

23:11:50.0872 5612 sbp2port - ok

23:11:50.0907 5612 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:11:50.0912 5612 SCardSvr - ok

23:11:50.0926 5612 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:11:50.0927 5612 scfilter - ok

23:11:50.0969 5612 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll

23:11:50.0995 5612 Schedule - ok

23:11:51.0006 5612 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll

23:11:51.0007 5612 SCPolicySvc - ok

23:11:51.0021 5612 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:11:51.0025 5612 SDRSVC - ok

23:11:51.0042 5612 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:11:51.0043 5612 secdrv - ok

23:11:51.0057 5612 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

23:11:51.0060 5612 seclogon - ok

23:11:51.0074 5612 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll

23:11:51.0076 5612 SENS - ok

23:11:51.0102 5612 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:11:51.0105 5612 SensrSvc - ok

23:11:51.0117 5612 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

23:11:51.0118 5612 Serenum - ok

23:11:51.0137 5612 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

23:11:51.0139 5612 Serial - ok

23:11:51.0152 5612 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

23:11:51.0154 5612 sermouse - ok

23:11:51.0177 5612 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll

23:11:51.0179 5612 SessionEnv - ok

23:11:51.0194 5612 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

23:11:51.0194 5612 sffdisk - ok

23:11:51.0209 5612 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

23:11:51.0209 5612 sffp_mmc - ok

23:11:51.0222 5612 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

23:11:51.0223 5612 sffp_sd - ok

23:11:51.0238 5612 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

23:11:51.0239 5612 sfloppy - ok

23:11:51.0268 5612 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:11:51.0272 5612 SharedAccess - ok

23:11:51.0314 5612 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:11:51.0320 5612 ShellHWDetection - ok

23:11:51.0331 5612 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys

23:11:51.0333 5612 sisagp - ok

23:11:51.0347 5612 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:11:51.0348 5612 SiSRaid2 - ok

23:11:51.0360 5612 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

23:11:51.0362 5612 SiSRaid4 - ok

23:11:51.0385 5612 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:11:51.0387 5612 Smb - ok

23:11:51.0407 5612 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:11:51.0409 5612 SNMPTRAP - ok

23:11:51.0418 5612 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

23:11:51.0418 5612 spldr - ok

23:11:51.0458 5612 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe

23:11:51.0463 5612 Spooler - ok

23:11:51.0534 5612 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe

23:11:51.0615 5612 sppsvc - ok

23:11:51.0636 5612 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:11:51.0640 5612 sppuinotify - ok

23:11:51.0703 5612 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\N360\0603000.00E\SRTSP.SYS

23:11:51.0719 5612 SRTSP - ok

23:11:51.0736 5612 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS

23:11:51.0737 5612 SRTSPX - ok

23:11:51.0779 5612 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys

23:11:51.0783 5612 srv - ok

23:11:51.0802 5612 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:11:51.0806 5612 srv2 - ok

23:11:51.0837 5612 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:11:51.0839 5612 srvnet - ok

23:11:51.0850 5612 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:11:51.0854 5612 SSDPSRV - ok

23:11:51.0869 5612 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:11:51.0873 5612 SstpSvc - ok

23:11:51.0902 5612 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

23:11:51.0903 5612 stexstor - ok

23:11:51.0948 5612 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll

23:11:51.0964 5612 StiSvc - ok

23:11:51.0999 5612 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

23:11:52.0001 5612 stllssvr - ok

23:11:52.0015 5612 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

23:11:52.0015 5612 swenum - ok

23:11:52.0053 5612 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

23:11:52.0058 5612 swprv - ok

23:11:52.0108 5612 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\N360\0603000.00E\SYMDS.SYS

23:11:52.0112 5612 SymDS - ok

23:11:52.0163 5612 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\N360\0603000.00E\SYMEFA.SYS

23:11:52.0189 5612 SymEFA - ok

23:11:52.0232 5612 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS

23:11:52.0233 5612 SymEvent - ok

23:11:52.0279 5612 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS

23:11:52.0281 5612 SymIRON - ok

23:11:52.0298 5612 [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS C:\Windows\System32\Drivers\N360\0603000.00E\SYMNETS.SYS

23:11:52.0300 5612 SymNetS - ok

23:11:52.0348 5612 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll

23:11:52.0385 5612 SysMain - ok

23:11:52.0399 5612 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:11:52.0403 5612 TabletInputService - ok

23:11:52.0419 5612 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll

23:11:52.0424 5612 TapiSrv - ok

23:11:52.0461 5612 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

23:11:52.0464 5612 TBS - ok

23:11:52.0518 5612 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:11:52.0545 5612 Tcpip - ok

23:11:52.0577 5612 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:11:52.0583 5612 TCPIP6 - ok

23:11:52.0611 5612 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:11:52.0612 5612 tcpipreg - ok

23:11:52.0627 5612 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:11:52.0628 5612 TDPIPE - ok

23:11:52.0639 5612 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:11:52.0640 5612 TDTCP - ok

23:11:52.0653 5612 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:11:52.0654 5612 tdx - ok

23:11:52.0667 5612 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

23:11:52.0667 5612 TermDD - ok

23:11:52.0705 5612 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll

23:11:52.0721 5612 TermService - ok

23:11:52.0741 5612 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

23:11:52.0744 5612 Themes - ok

23:11:52.0759 5612 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

23:11:52.0761 5612 THREADORDER - ok

23:11:52.0813 5612 [ 9154A8561A04ED54BE451395F7AAF53A ] TimesUpKidz C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe

23:11:52.0813 5612 TimesUpKidz - ok

23:11:52.0829 5612 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

23:11:52.0833 5612 TrkWks - ok

23:11:52.0901 5612 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:11:52.0904 5612 TrustedInstaller - ok

23:11:52.0920 5612 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:11:52.0922 5612 tssecsrv - ok

23:11:52.0959 5612 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:11:52.0960 5612 tunnel - ok

23:11:52.0975 5612 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

23:11:52.0976 5612 uagp35 - ok

23:11:52.0993 5612 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:11:52.0996 5612 udfs - ok

23:11:53.0010 5612 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:11:53.0012 5612 UI0Detect - ok

23:11:53.0031 5612 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

23:11:53.0032 5612 uliagpkx - ok

23:11:53.0045 5612 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys

23:11:53.0046 5612 umbus - ok

23:11:53.0061 5612 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

23:11:53.0062 5612 UmPass - ok

23:11:53.0076 5612 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

23:11:53.0080 5612 upnphost - ok

23:11:53.0106 5612 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys

23:11:53.0107 5612 usbccgp - ok

23:11:53.0117 5612 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

23:11:53.0118 5612 usbcir - ok

23:11:53.0151 5612 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

23:11:53.0152 5612 usbehci - ok

23:11:53.0177 5612 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:11:53.0180 5612 usbhub - ok

23:11:53.0194 5612 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys

23:11:53.0196 5612 usbohci - ok

23:11:53.0223 5612 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:11:53.0225 5612 usbprint - ok

23:11:53.0257 5612 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:11:53.0258 5612 USBSTOR - ok

23:11:53.0270 5612 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

23:11:53.0271 5612 usbuhci - ok

23:11:53.0301 5612 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

23:11:53.0302 5612 UxSms - ok

23:11:53.0312 5612 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe

23:11:53.0313 5612 VaultSvc - ok

23:11:53.0338 5612 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

23:11:53.0339 5612 vdrvroot - ok

23:11:53.0363 5612 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe

23:11:53.0375 5612 vds - ok

23:11:53.0400 5612 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:11:53.0402 5612 vga - ok

23:11:53.0421 5612 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

23:11:53.0422 5612 VgaSave - ok

23:11:53.0442 5612 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

23:11:53.0445 5612 vhdmp - ok

23:11:53.0463 5612 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys

23:11:53.0465 5612 viaagp - ok

23:11:53.0474 5612 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys

23:11:53.0475 5612 ViaC7 - ok

23:11:53.0486 5612 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys

23:11:53.0487 5612 viaide - ok

23:11:53.0498 5612 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

23:11:53.0498 5612 volmgr - ok

23:11:53.0512 5612 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:11:53.0515 5612 volmgrx - ok

23:11:53.0529 5612 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

23:11:53.0531 5612 volsnap - ok

23:11:53.0553 5612 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

23:11:53.0556 5612 vsmraid - ok

23:11:53.0598 5612 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe

23:11:53.0630 5612 VSS - ok

23:11:53.0642 5612 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

23:11:53.0643 5612 vwifibus - ok

23:11:53.0655 5612 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

23:11:53.0660 5612 W32Time - ok

23:11:53.0674 5612 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

23:11:53.0676 5612 WacomPen - ok

23:11:53.0692 5612 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:11:53.0693 5612 WANARP - ok

23:11:53.0696 5612 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:11:53.0697 5612 Wanarpv6 - ok

23:11:53.0799 5612 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:11:53.0833 5612 WatAdminSvc - ok

23:11:53.0889 5612 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe

23:11:53.0924 5612 wbengine - ok

23:11:53.0951 5612 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:11:53.0956 5612 WbioSrvc - ok

23:11:53.0990 5612 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:11:53.0996 5612 wcncsvc - ok

23:11:54.0013 5612 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:11:54.0017 5612 WcsPlugInService - ok

23:11:54.0050 5612 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys

23:11:54.0051 5612 Wd - ok

23:11:54.0071 5612 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:11:54.0077 5612 Wdf01000 - ok

23:11:54.0089 5612 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:11:54.0092 5612 WdiServiceHost - ok

23:11:54.0096 5612 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:11:54.0099 5612 WdiSystemHost - ok

23:11:54.0132 5612 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll

23:11:54.0137 5612 WebClient - ok

23:11:54.0155 5612 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:11:54.0160 5612 Wecsvc - ok

23:11:54.0170 5612 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:11:54.0172 5612 wercplsupport - ok

23:11:54.0195 5612 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

23:11:54.0197 5612 WerSvc - ok

23:11:54.0209 5612 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:11:54.0210 5612 WfpLwf - ok

23:11:54.0220 5612 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:11:54.0222 5612 WIMMount - ok

23:11:54.0248 5612 [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys

23:11:54.0262 5612 winachsf - ok

23:11:54.0311 5612 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

23:11:54.0327 5612 WinDefend - ok

23:11:54.0335 5612 WinHttpAutoProxySvc - ok

23:11:54.0397 5612 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:11:54.0400 5612 Winmgmt - ok

23:11:54.0453 5612 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll

23:11:54.0491 5612 WinRM - ok

23:11:54.0548 5612 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

23:11:54.0550 5612 WinUsb - ok

23:11:54.0600 5612 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

23:11:54.0631 5612 Wlansvc - ok

23:11:54.0713 5612 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:11:54.0763 5612 wlidsvc - ok

23:11:54.0800 5612 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

23:11:54.0801 5612 WmiAcpi - ok

23:11:54.0843 5612 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:11:54.0845 5612 wmiApSrv - ok

23:11:54.0910 5612 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

23:11:54.0946 5612 WMPNetworkSvc - ok

23:11:54.0978 5612 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:11:54.0982 5612 WPCSvc - ok

23:11:54.0997 5612 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:11:55.0000 5612 WPDBusEnum - ok

23:11:55.0012 5612 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:11:55.0013 5612 ws2ifsl - ok

23:11:55.0056 5612 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll

23:11:55.0058 5612 wscsvc - ok

23:11:55.0062 5612 WSearch - ok

23:11:55.0135 5612 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

23:11:55.0189 5612 wuauserv - ok

23:11:55.0228 5612 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:11:55.0230 5612 WudfPf - ok

23:11:55.0254 5612 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:11:55.0256 5612 WUDFRd - ok

23:11:55.0293 5612 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:11:55.0295 5612 wudfsvc - ok

23:11:55.0314 5612 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll

23:11:55.0319 5612 WwanSvc - ok

23:11:55.0338 5612 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys

23:11:55.0340 5612 XAudio - ok

23:11:55.0354 5612 ================ Scan global ===============================

23:11:55.0390 5612 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll

23:11:55.0417 5612 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll

23:11:55.0434 5612 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll

23:11:55.0473 5612 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

23:11:55.0509 5612 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

23:11:55.0515 5612 [Global] - ok

23:11:55.0515 5612 ================ Scan MBR ==================================

23:11:55.0527 5612 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0

23:11:55.0528 5612 Suspicious mbr (Forged): \Device\Harddisk0\DR0

23:11:55.0587 5612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

23:11:55.0587 5612 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

23:11:55.0588 5612 ================ Scan VBR ==================================

23:11:55.0591 5612 [ 9D19430D8B7AA3A7C4B810714BED685F ] \Device\Harddisk0\DR0\Partition1

23:11:55.0593 5612 \Device\Harddisk0\DR0\Partition1 - ok

23:11:55.0610 5612 [ 5D5D62D4EFF7793694CBB4CA282DC09E ] \Device\Harddisk0\DR0\Partition2

23:11:55.0612 5612 \Device\Harddisk0\DR0\Partition2 - ok

23:11:55.0612 5612 ============================================================

23:11:55.0612 5612 Scan finished

23:11:55.0612 5612 ============================================================

23:11:55.0623 5604 Detected object count: 1

23:11:55.0623 5604 Actual detected object count: 1

23:13:20.0928 5604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user

23:13:20.0928 5604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

23:13:38.0083 5544 Deinitialize success

MBRCheck.log:

MBRCheck, version 1.2.3

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: Vostro 220 Series

Logical Drives Mask: 0x000001ec

Kernel Drivers (total 174):

0x82C3C000 \SystemRoot\system32\ntkrnlpa.exe

0x82C05000 \SystemRoot\system32\halmacpi.dll

0x87490000 \SystemRoot\system32\kdcom.dll

0x8322A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x832A2000 \SystemRoot\system32\PSHED.dll

0x832B3000 \SystemRoot\system32\BOOTVID.dll

0x832BB000 \SystemRoot\system32\CLFS.SYS

0x832FD000 \SystemRoot\system32\CI.dll

0x8343F000 \SystemRoot\system32\drivers\Wdf01000.sys

0x834B0000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x834BE000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x83506000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x8350F000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x83517000 \SystemRoot\system32\DRIVERS\pci.sys

0x83541000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x8354C000 \SystemRoot\System32\drivers\partmgr.sys

0x8355D000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x8356D000 \SystemRoot\System32\drivers\volmgrx.sys

0x835B8000 \SystemRoot\System32\drivers\mountmgr.sys

0x8362F000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x83709000 \SystemRoot\system32\drivers\amdxata.sys

0x83712000 \SystemRoot\system32\drivers\fltmgr.sys

0x83746000 \SystemRoot\system32\drivers\N360\0603000.00E\SYMDS.SYS

0x8379D000 \SystemRoot\system32\drivers\fileinfo.sys

0x8B42C000 \SystemRoot\system32\drivers\N360\0603000.00E\SYMEFA.SYS

0x8B514000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x8B628000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8B757000 \SystemRoot\System32\Drivers\msrpc.sys

0x8B782000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8B795000 \SystemRoot\System32\Drivers\cng.sys

0x8B7F2000 \SystemRoot\System32\drivers\pcw.sys

0x8B600000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8B51E000 \SystemRoot\system32\drivers\ndis.sys

0x837AE000 \SystemRoot\system32\drivers\NETIO.SYS

0x8B5D5000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8B813000 \SystemRoot\System32\drivers\tcpip.sys

0x8B95D000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8B98E000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x8B9CD000 \SystemRoot\System32\Drivers\spldr.sys

0x83600000 \SystemRoot\System32\drivers\rdyboost.sys

0x8B9D5000 \SystemRoot\System32\Drivers\mup.sys

0x8B9E5000 \SystemRoot\System32\drivers\hwpolicy.sys

0x835CE000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8B9ED000 \SystemRoot\system32\DRIVERS\disk.sys

0x8B400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x90EF5000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x90F14000 \SystemRoot\system32\drivers\N360\0603000.00E\ccSetx86.sys

0x90F38000 \SystemRoot\system32\drivers\N360\0603000.00E\Ironx86.SYS

0x90F5F000 \SystemRoot\System32\Drivers\Null.SYS

0x90F66000 \SystemRoot\System32\Drivers\Beep.SYS

0x90F6D000 \SystemRoot\System32\drivers\vga.sys

0x90F79000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x90F9A000 \SystemRoot\System32\drivers\watchdog.sys

0x90FA7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x90FAF000 \SystemRoot\system32\drivers\rdpencdd.sys

0x90FB7000 \SystemRoot\system32\drivers\rdprefmp.sys

0x90FBF000 \SystemRoot\System32\Drivers\Msfs.SYS

0x90FCA000 \SystemRoot\System32\Drivers\Npfs.SYS

0x90FD8000 \SystemRoot\system32\DRIVERS\tdx.sys

0x90FEF000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x91C08000 \SystemRoot\system32\drivers\afd.sys

0x91C62000 \SystemRoot\System32\DRIVERS\netbt.sys

0x91C94000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x91C9D000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x91CA4000 \SystemRoot\system32\DRIVERS\pacer.sys

0x91CC3000 \SystemRoot\system32\DRIVERS\netbios.sys

0x91CD1000 \SystemRoot\system32\DRIVERS\serial.sys

0x91CEB000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x91CFE000 \SystemRoot\system32\DRIVERS\termdd.sys

0x91D0E000 \SystemRoot\System32\Drivers\N360\0603000.00E\SYMNETS.SYS

0x91D62000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS

0x91D8C000 \SystemRoot\system32\drivers\N360\0603000.00E\SRTSPX.SYS

0x91D9C000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x91DDD000 \SystemRoot\system32\drivers\nsiproxy.sys

0x91DE7000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x93C29000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120831.001\IDSvix86.sys

0x93C8B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

0x93CEA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x93D08000 \SystemRoot\System32\drivers\discache.sys

0x93D14000 \SystemRoot\System32\Drivers\dfsc.sys

0x93D2C000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x94A39000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120823.007\BHDrvx86.sys

0x94B05000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x94B26000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x95E17000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x96734000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x94B38000 \SystemRoot\System32\drivers\dxgmms1.sys

0x967EB000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x94B71000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x95E00000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x94BBC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x94A00000 \SystemRoot\system32\DRIVERS\Rt86win7.sys

0x93D3A000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys

0x93D86000 \SystemRoot\system32\DRIVERS\ks.sys

0x99E34000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys

0x99F36000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys

0x99FEB000 \SystemRoot\system32\drivers\modem.sys

0x99E00000 \SystemRoot\system32\DRIVERS\serenum.sys

0x99E0A000 \SystemRoot\system32\drivers\pfc.sys

0x99E0D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x99E1A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x94BDB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x94BF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x93DBA000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x93DDC000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x93C00000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8B609000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x94A2C000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x93C17000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x99E2C000 \SystemRoot\system32\DRIVERS\swenum.sys

0x91DF1000 \SystemRoot\system32\DRIVERS\umbus.sys

0x833A8000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x837EC000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x9A409000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x9A649000 \SystemRoot\system32\drivers\portcls.sys

0x9A678000 \SystemRoot\system32\drivers\drmk.sys

0x9A691000 \SystemRoot\System32\Drivers\crashdmp.sys

0x9A69E000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x9A778000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x9DEC0000 \SystemRoot\System32\win32k.sys

0x9A789000 \SystemRoot\System32\drivers\Dxapi.sys

0x9A793000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x9A79E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x9A7B1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x9A7B8000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x9A7BA000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x9A7C5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x9A7DC000 \SystemRoot\system32\DRIVERS\usbprint.sys

0x9A7E7000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x9A7F3000 \SystemRoot\system32\DRIVERS\monitor.sys

0x9E120000 \SystemRoot\System32\TSDDD.dll

0x9E150000 \SystemRoot\System32\cdd.dll

0x90E00000 \SystemRoot\system32\drivers\luafv.sys

0x90E1B000 \SystemRoot\system32\drivers\WudfPf.sys

0x90E35000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x90E45000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x90E58000 \SystemRoot\system32\drivers\HTTP.sys

0x83400000 \SystemRoot\system32\DRIVERS\bowser.sys

0x90EDD000 \SystemRoot\System32\drivers\mpsdrv.sys

0x83419000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB1814000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0xB184F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0xB1882000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xB1886000 \SystemRoot\system32\drivers\peauth.sys

0xB191D000 \SystemRoot\System32\Drivers\secdrv.SYS

0xB1927000 \SystemRoot\System32\DRIVERS\srvnet.sys

0xB1948000 \SystemRoot\System32\drivers\tcpipreg.sys

0xB1955000 \SystemRoot\system32\DRIVERS\XAudio32.sys

0xB195D000 \SystemRoot\System32\DRIVERS\srv2.sys

0xB19AC000 \SystemRoot\System32\DRIVERS\srv.sys

0x83200000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0xBBE14000 \SystemRoot\System32\Drivers\fastfat.SYS

0x76E70000 \Windows\System32\ntdll.dll

0x47C10000 \Windows\System32\smss.exe

0x770B0000 \Windows\System32\apisetschema.dll

0x00860000 \Windows\System32\autochk.exe

0x77020000 \Windows\System32\comdlg32.dll

0x76CD0000 \Windows\System32\setupapi.dll

0x76B10000 \Windows\System32\iertutil.dll

0x76A70000 \Windows\System32\usp10.dll

0x77010000 \Windows\System32\lpk.dll

0x769D0000 \Windows\System32\advapi32.dll

0x768B0000 \Windows\System32\urlmon.dll

0x77000000 \Windows\System32\nsi.dll

0x76750000 \Windows\System32\ole32.dll

0x766A0000 \Windows\System32\rpcrt4.dll

0x765D0000 \Windows\System32\msctf.dll

0x76570000 \Windows\System32\difxapi.dll

0x76FE0000 \Windows\System32\sechost.dll

0x76520000 \Windows\System32\Wldap32.dll

0x76FD0000 \Windows\System32\normaliz.dll

0x76490000 \Windows\System32\oleaut32.dll

0x76460000 \Windows\System32\imagehlp.dll

0x76380000 \Windows\System32\kernel32.dll

Processes (total 57):

0 System Idle Process

4 System

328 C:\Windows\System32\smss.exe

452 csrss.exe

504 C:\Windows\System32\wininit.exe

516 csrss.exe

564 C:\Windows\System32\services.exe

596 C:\Windows\System32\lsass.exe

604 C:\Windows\System32\winlogon.exe

612 C:\Windows\System32\lsm.exe

748 C:\Windows\System32\svchost.exe

828 C:\Windows\System32\svchost.exe

928 C:\Windows\System32\svchost.exe

968 C:\Windows\System32\svchost.exe

1144 C:\Windows\System32\svchost.exe

1248 C:\Windows\System32\svchost.exe

1360 C:\Windows\System32\spoolsv.exe

1396 C:\Windows\System32\svchost.exe

1500 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

1520 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

1556 C:\Windows\System32\svchost.exe

1644 C:\Program Files\Norton 360\Engine\6.3.0.14\ccsvchst.exe

1828 C:\Windows\System32\taskhost.exe

1852 C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe

1872 C:\Program Files\Norton 360\Engine\6.3.0.14\ccsvchst.exe

352 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

988 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

1460 C:\Windows\System32\dwm.exe

1636 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

2264 C:\Windows\explorer.exe

2576 C:\Windows\System32\svchost.exe

2620 WUDFHost.exe

2844 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

2856 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

2864 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

2872 C:\Windows\System32\igfxtray.exe

2884 C:\Windows\System32\hkcmd.exe

2896 C:\Windows\System32\igfxpers.exe

2940 C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe

2968 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

3112 C:\Windows\System32\svchost.exe

3164 C:\Program Files\Common Files\Java\Java Update\jusched.exe

3172 C:\Users\sunshine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

3180 C:\Program Files\Digital Line Detect\DLG.exe

3868 C:\Windows\System32\SearchIndexer.exe

1660 C:\Program Files\Windows Media Player\wmpnetwk.exe

2980 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

3392 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

4436 C:\Windows\servicing\TrustedInstaller.exe

4796 C:\Windows\System32\wuauclt.exe

5364 C:\Windows\System32\audiodg.exe

3092 C:\Windows\System32\svchost.exe

5016 C:\Windows\System32\wuauclt.exe

5636 dllhost.exe

6116 dllhost.exe

5576 C:\Users\sunshine\Downloads\MBRCheck.exe

6128 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500AAJS-75M0A0, Rev: 02.03E02

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected

SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B

Done!

MBAM.log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.31.06

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Haataja :: SUNSHINE-DELLPC [administrator]

9/2/2012 11:23:41 PM

mbam-log-2012-09-02 (23-23-41).txt

Scan type: Full scan (C:\|)

Scan options disabled: P2P

Objects scanned: 510244

Time elapsed: 1 hour(s), 17 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

TheDarkKnight · September 3, 2012

Hello Sunshine2.

I hope I'm doing this all right - it felt strange to click 'SKIP' when TDSSKiller found something.

Sometimes TDSSKiller finds things that if you fix could cause damage to your computer, so that is why I always ask for a log first.

Please re-run TDSSKiller.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure. Click on Continue
If a suspicious file is detected, the default action will be Skip. Click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

Sunshine2 · September 4, 2012

That makes sense. The PC did reboot and re-ran the scan finding nothing. Here is the log where it cured the infected file:

08:54:29.0900 3956 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

08:54:31.0901 3956 ============================================================

08:54:31.0901 3956 Current date / time: 2012/09/04 08:54:31.0901

08:54:31.0901 3956 SystemInfo:

08:54:31.0901 3956

08:54:31.0901 3956 OS Version: 6.1.7600 ServicePack: 0.0

08:54:31.0901 3956 Product type: Workstation

08:54:31.0901 3956 ComputerName: sunshine-DELLPC

08:54:31.0901 3956 UserName: sunshine

08:54:31.0901 3956 Windows directory: C:\Windows

08:54:31.0901 3956 System windows directory: C:\Windows

08:54:31.0901 3956 Processor architecture: Intel x86

08:54:31.0901 3956 Number of processors: 2

08:54:31.0901 3956 Page size: 0x1000

08:54:31.0901 3956 Boot type: Normal boot

08:54:31.0901 3956 ============================================================

08:54:32.0446 3956 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:54:32.0486 3956 ============================================================

08:54:32.0486 3956 \Device\Harddisk0\DR0:

08:54:32.0486 3956 MBR partitions:

08:54:32.0486 3956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

08:54:32.0486 3956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B448CA2

08:54:32.0486 3956 ============================================================

08:54:32.0506 3956 C: <-> \Device\Harddisk0\DR0\Partition2

08:54:32.0506 3956 ============================================================

08:54:32.0506 3956 Initialize success

08:54:32.0506 3956 ============================================================

08:54:34.0526 5776 ============================================================

08:54:34.0526 5776 Scan started

08:54:34.0526 5776 Mode: Manual;

08:54:34.0526 5776 ============================================================

08:54:37.0330 5776 ================ Scan system memory ========================

08:54:37.0330 5776 System memory - ok

08:54:37.0330 5776 ================ Scan services =============================

08:54:37.0470 5776 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

08:54:37.0488 5776 1394ohci - ok

08:54:37.0535 5776 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

08:54:37.0538 5776 ACPI - ok

08:54:37.0559 5776 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

08:54:37.0561 5776 AcpiPmi - ok

08:54:37.0675 5776 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

08:54:37.0693 5776 AdobeARMservice - ok

08:54:37.0753 5776 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

08:54:37.0774 5776 adp94xx - ok

08:54:37.0803 5776 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

08:54:37.0808 5776 adpahci - ok

08:54:37.0893 5776 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

08:54:37.0895 5776 adpu320 - ok

08:54:37.0964 5776 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

08:54:37.0965 5776 AeLookupSvc - ok

08:54:37.0991 5776 [ 7A841462AD4749F8A07B27AE8E8947B8 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

08:54:37.0994 5776 AERTFilters - ok

08:54:38.0054 5776 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys

08:54:38.0069 5776 AFD - ok

08:54:38.0097 5776 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

08:54:38.0114 5776 agp440 - ok

08:54:38.0153 5776 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys

08:54:38.0154 5776 aic78xx - ok

08:54:38.0237 5776 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

08:54:38.0251 5776 ALG - ok

08:54:38.0303 5776 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

08:54:38.0304 5776 aliide - ok

08:54:38.0318 5776 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys

08:54:38.0319 5776 amdagp - ok

08:54:38.0353 5776 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys

08:54:38.0354 5776 amdide - ok

08:54:38.0372 5776 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

08:54:38.0374 5776 AmdK8 - ok

08:54:38.0408 5776 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

08:54:38.0424 5776 AmdPPM - ok

08:54:38.0469 5776 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys

08:54:38.0482 5776 amdsata - ok

08:54:38.0523 5776 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

08:54:38.0525 5776 amdsbs - ok

08:54:38.0557 5776 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys

08:54:38.0558 5776 amdxata - ok

08:54:38.0581 5776 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys

08:54:38.0583 5776 AppID - ok

08:54:38.0653 5776 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

08:54:38.0661 5776 AppIDSvc - ok

08:54:38.0699 5776 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll

08:54:38.0699 5776 Appinfo - ok

08:54:38.0810 5776 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys

08:54:38.0828 5776 arc - ok

08:54:38.0848 5776 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

08:54:38.0850 5776 arcsas - ok

08:54:38.0970 5776 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

08:54:39.0022 5776 aspnet_state - ok

08:54:39.0059 5776 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

08:54:39.0061 5776 AsyncMac - ok

08:54:39.0110 5776 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys

08:54:39.0111 5776 atapi - ok

08:54:39.0160 5776 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

08:54:39.0165 5776 AudioEndpointBuilder - ok

08:54:39.0176 5776 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll

08:54:39.0179 5776 Audiosrv - ok

08:54:39.0219 5776 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll

08:54:39.0230 5776 AxInstSV - ok

08:54:39.0265 5776 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys

08:54:39.0283 5776 b06bdrv - ok

08:54:39.0325 5776 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

08:54:39.0328 5776 b57nd60x - ok

08:54:39.0396 5776 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

08:54:39.0414 5776 BDESVC - ok

08:54:39.0441 5776 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

08:54:39.0442 5776 Beep - ok

08:54:39.0493 5776 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll

08:54:39.0499 5776 BFE - ok

08:54:39.0789 5776 [ A9E111A358AC5F7EBA7AC61E43FC6725 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120823.007\BHDrvx86.sys

08:54:39.0798 5776 BHDrvx86 - ok

08:54:39.0867 5776 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll

08:54:40.0032 5776 BITS - ok

08:54:40.0124 5776 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

08:54:40.0125 5776 blbdrive - ok

08:54:40.0196 5776 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

08:54:40.0197 5776 bowser - ok

08:54:40.0231 5776 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:54:40.0248 5776 BrFiltLo - ok

08:54:40.0267 5776 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:54:40.0268 5776 BrFiltUp - ok

08:54:40.0297 5776 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

08:54:40.0298 5776 BridgeMP - ok

08:54:40.0335 5776 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll

08:54:40.0336 5776 Browser - ok

08:54:40.0378 5776 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

08:54:40.0394 5776 Brserid - ok

08:54:40.0450 5776 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

08:54:40.0452 5776 BrSerWdm - ok

08:54:40.0459 5776 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

08:54:40.0460 5776 BrUsbMdm - ok

08:54:40.0518 5776 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

08:54:40.0519 5776 BrUsbSer - ok

08:54:40.0533 5776 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

08:54:40.0534 5776 BTHMODEM - ok

08:54:40.0576 5776 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

08:54:40.0578 5776 bthserv - ok

08:54:40.0736 5776 catchme - ok

08:54:40.0851 5776 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\Windows\system32\drivers\N360\0603000.00E\ccSetx86.sys

08:54:40.0853 5776 ccSet_N360 - ok

08:54:40.0924 5776 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

08:54:40.0947 5776 cdfs - ok

08:54:41.0010 5776 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

08:54:41.0012 5776 cdrom - ok

08:54:41.0050 5776 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll

08:54:41.0052 5776 CertPropSvc - ok

08:54:41.0077 5776 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

08:54:41.0078 5776 circlass - ok

08:54:41.0167 5776 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

08:54:41.0169 5776 CLFS - ok

08:54:41.0245 5776 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:54:41.0247 5776 clr_optimization_v2.0.50727_32 - ok

08:54:41.0346 5776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:54:41.0658 5776 clr_optimization_v4.0.30319_32 - ok

08:54:41.0808 5776 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

08:54:41.0828 5776 CmBatt - ok

08:54:41.0848 5776 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

08:54:41.0848 5776 cmdide - ok

08:54:41.0878 5776 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys

08:54:41.0878 5776 CNG - ok

08:54:41.0938 5776 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

08:54:41.0958 5776 Compbatt - ok

08:54:41.0988 5776 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

08:54:41.0988 5776 CompositeBus - ok

08:54:41.0998 5776 COMSysApp - ok

08:54:42.0018 5776 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

08:54:42.0018 5776 crcdisk - ok

08:54:42.0058 5776 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll

08:54:42.0058 5776 CryptSvc - ok

08:54:42.0098 5776 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll

08:54:42.0098 5776 DcomLaunch - ok

08:54:42.0138 5776 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

08:54:42.0148 5776 defragsvc - ok

08:54:42.0208 5776 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

08:54:42.0208 5776 DfsC - ok

08:54:42.0248 5776 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll

08:54:42.0248 5776 Dhcp - ok

08:54:42.0258 5776 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

08:54:42.0268 5776 discache - ok

08:54:42.0298 5776 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys

08:54:42.0298 5776 Disk - ok

08:54:42.0338 5776 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll

08:54:42.0338 5776 Dnscache - ok

08:54:42.0388 5776 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll

08:54:42.0388 5776 dot3svc - ok

08:54:42.0408 5776 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll

08:54:42.0408 5776 DPS - ok

08:54:42.0448 5776 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

08:54:42.0468 5776 drmkaud - ok

08:54:42.0498 5776 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

08:54:42.0518 5776 DXGKrnl - ok

08:54:42.0548 5776 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

08:54:42.0548 5776 EapHost - ok

08:54:42.0638 5776 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys

08:54:42.0808 5776 ebdrv - ok

08:54:42.0858 5776 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

08:54:42.0878 5776 eeCtrl - ok

08:54:42.0898 5776 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe

08:54:42.0908 5776 EFS - ok

08:54:42.0998 5776 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe

08:54:43.0018 5776 ehRecvr - ok

08:54:43.0048 5776 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

08:54:43.0048 5776 ehSched - ok

08:54:43.0098 5776 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

08:54:43.0108 5776 elxstor - ok

08:54:43.0158 5776 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

08:54:43.0158 5776 EraserUtilRebootDrv - ok

08:54:43.0188 5776 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

08:54:43.0198 5776 ErrDev - ok

08:54:43.0278 5776 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

08:54:43.0288 5776 EventSystem - ok

08:54:43.0298 5776 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

08:54:43.0298 5776 exfat - ok

08:54:43.0318 5776 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

08:54:43.0318 5776 fastfat - ok

08:54:43.0368 5776 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe

08:54:43.0398 5776 Fax - ok

08:54:43.0518 5776 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

08:54:43.0518 5776 fdc - ok

08:54:43.0638 5776 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

08:54:43.0638 5776 fdPHost - ok

08:54:43.0668 5776 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

08:54:43.0668 5776 FDResPub - ok

08:54:43.0718 5776 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

08:54:43.0718 5776 FileInfo - ok

08:54:43.0828 5776 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

08:54:43.0868 5776 Filetrace - ok

08:54:43.0938 5776 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

08:54:43.0938 5776 flpydisk - ok

08:54:43.0958 5776 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

08:54:43.0988 5776 FltMgr - ok

08:54:44.0048 5776 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll

08:54:44.0088 5776 FontCache - ok

08:54:44.0228 5776 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

08:54:44.0228 5776 FontCache3.0.0.0 - ok

08:54:44.0568 5776 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

08:54:44.0568 5776 FsDepends - ok

08:54:44.0688 5776 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

08:54:44.0718 5776 Fs_Rec - ok

08:54:44.0788 5776 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

08:54:44.0828 5776 fvevol - ok

08:54:44.0878 5776 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

08:54:44.0878 5776 gagp30kx - ok

08:54:44.0938 5776 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll

08:54:44.0938 5776 gpsvc - ok

08:54:45.0108 5776 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

08:54:45.0118 5776 gupdate - ok

08:54:45.0148 5776 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

08:54:45.0148 5776 gupdatem - ok

08:54:45.0248 5776 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

08:54:45.0258 5776 gusvc - ok

08:54:45.0358 5776 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

08:54:45.0408 5776 hcw85cir - ok

08:54:45.0448 5776 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

08:54:45.0458 5776 HDAudBus - ok

08:54:45.0488 5776 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

08:54:45.0488 5776 HidBatt - ok

08:54:45.0548 5776 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

08:54:45.0548 5776 HidBth - ok

08:54:45.0588 5776 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

08:54:45.0588 5776 HidIr - ok

08:54:45.0728 5776 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll

08:54:45.0738 5776 hidserv - ok

08:54:45.0818 5776 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

08:54:45.0828 5776 HidUsb - ok

08:54:45.0968 5776 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll

08:54:45.0968 5776 hkmsvc - ok

08:54:46.0028 5776 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

08:54:46.0138 5776 HomeGroupListener - ok

08:54:46.0168 5776 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

08:54:46.0178 5776 HomeGroupProvider - ok

08:54:46.0348 5776 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

08:54:46.0348 5776 HpSAMD - ok

08:54:46.0428 5776 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll

08:54:46.0438 5776 HsfXAudioService - ok

08:54:46.0458 5776 [ 227C3BA25012752BB7450235392C719F ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys

08:54:46.0558 5776 HSF_DPV - ok

08:54:46.0628 5776 [ 186C11D0CA0E53B1EE266633B9D8B393 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys

08:54:46.0628 5776 HSXHWBS2 - ok

08:54:46.0668 5776 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys

08:54:46.0678 5776 HTTP - ok

08:54:46.0768 5776 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

08:54:46.0768 5776 hwpolicy - ok

08:54:46.0968 5776 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

08:54:46.0968 5776 i8042prt - ok

08:54:47.0588 5776 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

08:54:47.0658 5776 IAANTMON - ok

08:54:47.0768 5776 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

08:54:47.0768 5776 iaStor - ok

08:54:47.0898 5776 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

08:54:47.0898 5776 iaStorV - ok

08:54:48.0138 5776 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:54:48.0598 5776 idsvc - ok

08:54:49.0128 5776 [ D0A4C9031B57295D6B1078E3CFA45DB4 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120831.001\IDSvix86.sys

08:54:49.0148 5776 IDSVix86 - ok

08:54:49.0378 5776 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

08:54:49.0548 5776 igfx - ok

08:54:49.0588 5776 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

08:54:49.0608 5776 iirsp - ok

08:54:49.0658 5776 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll

08:54:49.0678 5776 IKEEXT - ok

08:54:49.0778 5776 [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

08:54:49.0788 5776 IntcAzAudAddService - ok

08:54:49.0808 5776 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys

08:54:49.0818 5776 intelide - ok

08:54:49.0838 5776 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

08:54:49.0838 5776 intelppm - ok

08:54:49.0898 5776 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

08:54:49.0898 5776 IntuitUpdateService - ok

08:54:49.0958 5776 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

08:54:49.0968 5776 IntuitUpdateServiceV4 - ok

08:54:49.0998 5776 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

08:54:50.0018 5776 IPBusEnum - ok

08:54:50.0028 5776 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:54:50.0038 5776 IpFilterDriver - ok

08:54:50.0058 5776 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

08:54:50.0068 5776 iphlpsvc - ok

08:54:50.0118 5776 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

08:54:50.0118 5776 IPMIDRV - ok

08:54:50.0128 5776 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

08:54:50.0138 5776 IPNAT - ok

08:54:50.0158 5776 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

08:54:50.0158 5776 IRENUM - ok

08:54:50.0188 5776 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

08:54:50.0198 5776 isapnp - ok

08:54:50.0228 5776 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

08:54:50.0258 5776 iScsiPrt - ok

08:54:50.0328 5776 [ D7B5B5C5130B775EC7E32EDD780D737F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

08:54:50.0338 5776 JRAID - ok

08:54:50.0358 5776 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

08:54:50.0358 5776 kbdclass - ok

08:54:50.0378 5776 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

08:54:50.0378 5776 kbdhid - ok

08:54:50.0398 5776 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe

08:54:50.0398 5776 KeyIso - ok

08:54:50.0428 5776 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

08:54:50.0438 5776 KSecDD - ok

08:54:50.0468 5776 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

08:54:50.0498 5776 KSecPkg - ok

08:54:50.0528 5776 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

08:54:50.0538 5776 KtmRm - ok

08:54:50.0608 5776 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll

08:54:50.0618 5776 LanmanServer - ok

08:54:50.0638 5776 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

08:54:50.0648 5776 LanmanWorkstation - ok

08:54:50.0718 5776 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

08:54:50.0718 5776 lltdio - ok

08:54:50.0758 5776 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

08:54:50.0758 5776 lltdsvc - ok

08:54:50.0768 5776 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

08:54:50.0778 5776 lmhosts - ok

08:54:50.0848 5776 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

08:54:50.0848 5776 LSI_FC - ok

08:54:50.0858 5776 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

08:54:50.0868 5776 LSI_SAS - ok

08:54:50.0888 5776 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:54:50.0898 5776 LSI_SAS2 - ok

08:54:50.0908 5776 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:54:50.0908 5776 LSI_SCSI - ok

08:54:50.0928 5776 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

08:54:50.0928 5776 luafv - ok

08:54:50.0948 5776 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

08:54:50.0958 5776 Mcx2Svc - ok

08:54:50.0968 5776 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

08:54:50.0968 5776 mdmxsdk - ok

08:54:50.0988 5776 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

08:54:50.0988 5776 megasas - ok

08:54:51.0008 5776 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

08:54:51.0008 5776 MegaSR - ok

08:54:51.0028 5776 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

08:54:51.0028 5776 MMCSS - ok

08:54:51.0088 5776 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

08:54:51.0098 5776 Modem - ok

08:54:51.0108 5776 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

08:54:51.0118 5776 monitor - ok

08:54:51.0138 5776 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

08:54:51.0138 5776 mouclass - ok

08:54:51.0218 5776 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

08:54:51.0218 5776 mouhid - ok

08:54:51.0228 5776 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

08:54:51.0228 5776 mountmgr - ok

08:54:51.0318 5776 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

08:54:51.0328 5776 MozillaMaintenance - ok

08:54:51.0368 5776 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys

08:54:51.0368 5776 mpio - ok

08:54:51.0378 5776 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

08:54:51.0378 5776 mpsdrv - ok

08:54:51.0418 5776 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll

08:54:51.0428 5776 MpsSvc - ok

08:54:51.0448 5776 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

08:54:51.0448 5776 MRxDAV - ok

08:54:51.0488 5776 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

08:54:51.0488 5776 mrxsmb - ok

08:54:51.0518 5776 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:54:51.0528 5776 mrxsmb10 - ok

08:54:51.0538 5776 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:54:51.0538 5776 mrxsmb20 - ok

08:54:51.0568 5776 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

08:54:51.0568 5776 msahci - ok

08:54:51.0598 5776 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

08:54:51.0618 5776 msdsm - ok

08:54:51.0638 5776 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

08:54:51.0638 5776 MSDTC - ok

08:54:51.0668 5776 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

08:54:51.0668 5776 Msfs - ok

08:54:51.0718 5776 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

08:54:51.0718 5776 mshidkmdf - ok

08:54:51.0728 5776 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

08:54:51.0738 5776 msisadrv - ok

08:54:51.0798 5776 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

08:54:51.0798 5776 MSiSCSI - ok

08:54:51.0798 5776 msiserver - ok

08:54:51.0838 5776 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

08:54:51.0848 5776 MSKSSRV - ok

08:54:51.0908 5776 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

08:54:51.0908 5776 MSPCLOCK - ok

08:54:51.0968 5776 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

08:54:51.0978 5776 MSPQM - ok

08:54:51.0998 5776 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

08:54:52.0008 5776 MsRPC - ok

08:54:52.0018 5776 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

08:54:52.0018 5776 mssmbios - ok

08:54:52.0038 5776 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

08:54:52.0038 5776 MSTEE - ok

08:54:52.0048 5776 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

08:54:52.0048 5776 MTConfig - ok

08:54:52.0068 5776 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

08:54:52.0068 5776 Mup - ok

08:54:52.0158 5776 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.3.0.14\ccSvcHst.exe

08:54:52.0168 5776 N360 - ok

08:54:52.0208 5776 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll

08:54:52.0208 5776 napagent - ok

08:54:52.0248 5776 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

08:54:52.0258 5776 NativeWifiP - ok

08:54:52.0368 5776 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120902.007\NAVENG.SYS

08:54:52.0378 5776 NAVENG - ok

08:54:52.0438 5776 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120902.007\NAVEX15.SYS

08:54:52.0468 5776 NAVEX15 - ok

08:54:52.0558 5776 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys

08:54:52.0568 5776 NDIS - ok

08:54:52.0648 5776 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

08:54:52.0658 5776 NdisCap - ok

08:54:52.0668 5776 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

08:54:52.0678 5776 NdisTapi - ok

08:54:52.0728 5776 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

08:54:52.0728 5776 Ndisuio - ok

08:54:52.0758 5776 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

08:54:52.0758 5776 NdisWan - ok

08:54:52.0768 5776 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

08:54:52.0768 5776 NDProxy - ok

08:54:52.0788 5776 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

08:54:52.0788 5776 NetBIOS - ok

08:54:52.0808 5776 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

08:54:52.0808 5776 NetBT - ok

08:54:52.0868 5776 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe

08:54:52.0868 5776 Netlogon - ok

08:54:52.0948 5776 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

08:54:52.0948 5776 Netman - ok

08:54:53.0038 5776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:54:53.0098 5776 NetMsmqActivator - ok

08:54:53.0118 5776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:54:53.0118 5776 NetPipeActivator - ok

08:54:53.0148 5776 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

08:54:53.0158 5776 netprofm - ok

08:54:53.0168 5776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:54:53.0168 5776 NetTcpActivator - ok

08:54:53.0168 5776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

08:54:53.0178 5776 NetTcpPortSharing - ok

08:54:53.0218 5776 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

08:54:53.0228 5776 nfrd960 - ok

08:54:53.0258 5776 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll

08:54:53.0258 5776 NlaSvc - ok

08:54:53.0268 5776 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

08:54:53.0278 5776 Npfs - ok

08:54:53.0308 5776 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

08:54:53.0308 5776 nsi - ok

08:54:53.0368 5776 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

08:54:53.0368 5776 nsiproxy - ok

08:54:53.0458 5776 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

08:54:53.0478 5776 Ntfs - ok

08:54:53.0508 5776 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

08:54:53.0508 5776 Null - ok

08:54:53.0548 5776 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys

08:54:53.0568 5776 nvraid - ok

08:54:53.0668 5776 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys

08:54:53.0698 5776 nvstor - ok

08:54:53.0708 5776 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

08:54:53.0718 5776 nv_agp - ok

08:54:53.0728 5776 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

08:54:53.0748 5776 ohci1394 - ok

08:54:53.0788 5776 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

08:54:53.0788 5776 p2pimsvc - ok

08:54:53.0838 5776 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

08:54:53.0848 5776 p2psvc - ok

08:54:53.0888 5776 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

08:54:53.0888 5776 Parport - ok

08:54:53.0928 5776 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys

08:54:53.0928 5776 partmgr - ok

08:54:53.0948 5776 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

08:54:53.0948 5776 Parvdm - ok

08:54:53.0968 5776 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

08:54:53.0968 5776 PcaSvc - ok

08:54:53.0988 5776 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys

08:54:53.0998 5776 pci - ok

08:54:54.0008 5776 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys

08:54:54.0008 5776 pciide - ok

08:54:54.0068 5776 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

08:54:54.0068 5776 pcmcia - ok

08:54:54.0138 5776 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

08:54:54.0138 5776 pcw - ok

08:54:54.0158 5776 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

08:54:54.0178 5776 PEAUTH - ok

08:54:54.0248 5776 [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc C:\Windows\system32\drivers\pfc.sys

08:54:54.0258 5776 pfc - ok

08:54:54.0308 5776 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll

08:54:54.0378 5776 pla - ok

08:54:54.0458 5776 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

08:54:54.0458 5776 PlugPlay - ok

08:54:54.0488 5776 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

08:54:54.0488 5776 PNRPAutoReg - ok

08:54:54.0528 5776 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

08:54:54.0528 5776 PNRPsvc - ok

08:54:54.0608 5776 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

08:54:54.0618 5776 PolicyAgent - ok

08:54:54.0748 5776 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll

08:54:54.0748 5776 Power - ok

08:54:54.0788 5776 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

08:54:54.0788 5776 PptpMiniport - ok

08:54:54.0858 5776 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys

08:54:54.0858 5776 Processor - ok

08:54:54.0888 5776 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll

08:54:54.0898 5776 ProfSvc - ok

08:54:54.0908 5776 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe

08:54:54.0908 5776 ProtectedStorage - ok

08:54:54.0938 5776 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

08:54:54.0938 5776 Psched - ok

08:54:54.0978 5776 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys

08:54:54.0978 5776 PxHelp20 - ok

08:54:55.0058 5776 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

08:54:55.0328 5776 ql2300 - ok

08:54:55.0418 5776 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

08:54:55.0418 5776 ql40xx - ok

08:54:55.0488 5776 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

08:54:55.0498 5776 QWAVE - ok

08:54:55.0538 5776 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

08:54:55.0538 5776 QWAVEdrv - ok

08:54:55.0598 5776 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

08:54:55.0598 5776 RasAcd - ok

08:54:55.0658 5776 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

08:54:55.0658 5776 RasAgileVpn - ok

08:54:55.0758 5776 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

08:54:55.0818 5776 RasAuto - ok

08:54:55.0928 5776 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

08:54:55.0928 5776 Rasl2tp - ok

08:54:55.0978 5776 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll

08:54:55.0978 5776 RasMan - ok

08:54:55.0998 5776 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

08:54:55.0998 5776 RasPppoe - ok

08:54:56.0068 5776 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

08:54:56.0068 5776 RasSstp - ok

08:54:56.0078 5776 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

08:54:56.0098 5776 rdbss - ok

08:54:56.0158 5776 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

08:54:56.0158 5776 rdpbus - ok

08:54:56.0178 5776 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

08:54:56.0178 5776 RDPCDD - ok

08:54:56.0198 5776 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

08:54:56.0198 5776 RDPENCDD - ok

08:54:56.0218 5776 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

08:54:56.0218 5776 RDPREFMP - ok

08:54:56.0248 5776 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

08:54:56.0258 5776 RDPWD - ok

08:54:56.0298 5776 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

08:54:56.0298 5776 rdyboost - ok

08:54:56.0348 5776 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

08:54:56.0358 5776 RemoteAccess - ok

08:54:56.0418 5776 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

08:54:56.0418 5776 RemoteRegistry - ok

08:54:56.0438 5776 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

08:54:56.0438 5776 RpcEptMapper - ok

08:54:56.0478 5776 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

08:54:56.0548 5776 RpcLocator - ok

08:54:56.0558 5776 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll

08:54:56.0568 5776 RpcSs - ok

08:54:56.0608 5776 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

08:54:56.0618 5776 rspndr - ok

08:54:56.0648 5776 [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys

08:54:56.0648 5776 RTL8167 - ok

08:54:56.0658 5776 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe

08:54:56.0658 5776 SamSs - ok

08:54:56.0688 5776 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

08:54:56.0728 5776 sbp2port - ok

08:54:56.0758 5776 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

08:54:56.0768 5776 SCardSvr - ok

08:54:56.0858 5776 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

08:54:56.0858 5776 scfilter - ok

08:54:56.0898 5776 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll

08:54:56.0998 5776 Schedule - ok

08:54:57.0048 5776 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll

08:54:57.0058 5776 SCPolicySvc - ok

08:54:57.0088 5776 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll

08:54:57.0098 5776 SDRSVC - ok

08:54:57.0138 5776 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

08:54:57.0158 5776 secdrv - ok

08:54:57.0188 5776 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

08:54:57.0188 5776 seclogon - ok

08:54:57.0208 5776 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll

08:54:57.0208 5776 SENS - ok

08:54:57.0278 5776 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

08:54:57.0278 5776 SensrSvc - ok

08:54:57.0288 5776 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

08:54:57.0288 5776 Serenum - ok

08:54:57.0328 5776 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

08:54:57.0328 5776 Serial - ok

08:54:57.0338 5776 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

08:54:57.0338 5776 sermouse - ok

08:54:57.0378 5776 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll

08:54:57.0398 5776 SessionEnv - ok

08:54:57.0428 5776 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

08:54:57.0428 5776 sffdisk - ok

08:54:57.0438 5776 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

08:54:57.0438 5776 sffp_mmc - ok

08:54:57.0448 5776 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

08:54:57.0468 5776 sffp_sd - ok

08:54:57.0488 5776 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

08:54:57.0488 5776 sfloppy - ok

08:54:57.0568 5776 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

08:54:57.0568 5776 SharedAccess - ok

08:54:57.0598 5776 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

08:54:57.0608 5776 ShellHWDetection - ok

08:54:57.0678 5776 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys

08:54:57.0698 5776 sisagp - ok

08:54:57.0728 5776 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:54:57.0728 5776 SiSRaid2 - ok

08:54:57.0748 5776 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

08:54:57.0748 5776 SiSRaid4 - ok

08:54:57.0778 5776 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

08:54:57.0778 5776 Smb - ok

08:54:57.0818 5776 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

08:54:57.0828 5776 SNMPTRAP - ok

08:54:57.0868 5776 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

08:54:57.0878 5776 spldr - ok

08:54:57.0918 5776 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe

08:54:57.0918 5776 Spooler - ok

08:54:58.0038 5776 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe

08:54:58.0138 5776 sppsvc - ok

08:54:58.0188 5776 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll

08:54:58.0238 5776 sppuinotify - ok

08:54:58.0288 5776 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\N360\0603000.00E\SRTSP.SYS

08:54:58.0298 5776 SRTSP - ok

08:54:58.0318 5776 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\N360\0603000.00E\SRTSPX.SYS

08:54:58.0328 5776 SRTSPX - ok

08:54:58.0368 5776 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys

08:54:58.0368 5776 srv - ok

08:54:58.0438 5776 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

08:54:58.0448 5776 srv2 - ok

08:54:58.0478 5776 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

08:54:58.0478 5776 srvnet - ok

08:54:58.0668 5776 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

08:54:58.0698 5776 SSDPSRV - ok

08:54:58.0718 5776 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

08:54:58.0718 5776 SstpSvc - ok

08:54:58.0778 5776 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

08:54:58.0788 5776 stexstor - ok

08:54:58.0848 5776 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll

08:54:58.0858 5776 StiSvc - ok

08:54:58.0928 5776 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

08:54:58.0948 5776 stllssvr - ok

08:54:58.0968 5776 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

08:54:58.0968 5776 swenum - ok

08:54:59.0078 5776 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

08:54:59.0078 5776 swprv - ok

08:54:59.0138 5776 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\N360\0603000.00E\SYMDS.SYS

08:54:59.0138 5776 SymDS - ok

08:54:59.0188 5776 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\N360\0603000.00E\SYMEFA.SYS

08:54:59.0358 5776 SymEFA - ok

08:54:59.0468 5776 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS

08:54:59.0468 5776 SymEvent - ok

08:54:59.0518 5776 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\N360\0603000.00E\Ironx86.SYS

08:54:59.0518 5776 SymIRON - ok

08:54:59.0548 5776 [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS C:\Windows\System32\Drivers\N360\0603000.00E\SYMNETS.SYS

08:54:59.0548 5776 SymNetS - ok

08:54:59.0598 5776 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll

08:54:59.0628 5776 SysMain - ok

08:54:59.0688 5776 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll

08:54:59.0718 5776 TabletInputService - ok

08:54:59.0738 5776 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll

08:54:59.0748 5776 TapiSrv - ok

08:54:59.0778 5776 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

08:54:59.0798 5776 TBS - ok

08:54:59.0858 5776 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys

08:54:59.0908 5776 Tcpip - ok

08:54:59.0958 5776 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

08:54:59.0958 5776 TCPIP6 - ok

08:54:59.0988 5776 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

08:54:59.0988 5776 tcpipreg - ok

08:55:00.0008 5776 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

08:55:00.0008 5776 TDPIPE - ok

08:55:00.0038 5776 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

08:55:00.0048 5776 TDTCP - ok

08:55:00.0058 5776 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

08:55:00.0068 5776 tdx - ok

08:55:00.0098 5776 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

08:55:00.0098 5776 TermDD - ok

08:55:00.0138 5776 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll

08:55:00.0158 5776 TermService - ok

08:55:00.0188 5776 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

08:55:00.0188 5776 Themes - ok

08:55:00.0198 5776 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

08:55:00.0198 5776 THREADORDER - ok

08:55:00.0248 5776 [ 9154A8561A04ED54BE451395F7AAF53A ] TimesUpKidz C:\Program Files\Rain City Digital LLC\TimesUpKidz\TimesUpKidzServer.exe

08:55:00.0248 5776 TimesUpKidz - ok

08:55:00.0268 5776 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

08:55:00.0268 5776 TrkWks - ok

08:55:00.0338 5776 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

08:55:00.0358 5776 TrustedInstaller - ok

08:55:00.0378 5776 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

08:55:00.0378 5776 tssecsrv - ok

08:55:00.0418 5776 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

08:55:00.0428 5776 tunnel - ok

08:55:00.0438 5776 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

08:55:00.0438 5776 uagp35 - ok

08:55:00.0458 5776 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys

08:55:00.0458 5776 udfs - ok

08:55:00.0518 5776 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

08:55:00.0518 5776 UI0Detect - ok

08:55:00.0608 5776 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

08:55:00.0628 5776 uliagpkx - ok

08:55:00.0658 5776 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys

08:55:00.0658 5776 umbus - ok

08:55:00.0678 5776 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

08:55:00.0698 5776 UmPass - ok

08:55:00.0738 5776 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

08:55:00.0758 5776 upnphost - ok

08:55:00.0818 5776 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys

08:55:00.0828 5776 usbccgp - ok

08:55:00.0868 5776 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

08:55:00.0888 5776 usbcir - ok

08:55:00.0918 5776 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

08:55:00.0938 5776 usbehci - ok

08:55:00.0988 5776 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

08:55:00.0998 5776 usbhub - ok

08:55:01.0048 5776 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys

08:55:01.0068 5776 usbohci - ok

08:55:01.0108 5776 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

08:55:01.0128 5776 usbprint - ok

08:55:01.0158 5776 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:55:01.0158 5776 USBSTOR - ok

08:55:01.0168 5776 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

08:55:01.0178 5776 usbuhci - ok

08:55:01.0208 5776 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

08:55:01.0208 5776 UxSms - ok

08:55:01.0218 5776 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe

08:55:01.0218 5776 VaultSvc - ok

08:55:01.0258 5776 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

08:55:01.0268 5776 vdrvroot - ok

08:55:01.0298 5776 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe

08:55:01.0438 5776 vds - ok

08:55:01.0528 5776 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

08:55:01.0548 5776 vga - ok

08:55:01.0568 5776 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

08:55:01.0568 5776 VgaSave - ok

08:55:01.0588 5776 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

08:55:01.0588 5776 vhdmp - ok

08:55:01.0628 5776 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys

08:55:01.0628 5776 viaagp - ok

08:55:01.0638 5776 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys

08:55:01.0638 5776 ViaC7 - ok

08:55:01.0648 5776 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys

08:55:01.0648 5776 viaide - ok

08:55:01.0668 5776 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

08:55:01.0688 5776 volmgr - ok

08:55:01.0728 5776 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

08:55:01.0728 5776 volmgrx - ok

08:55:01.0788 5776 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

08:55:01.0788 5776 volsnap - ok

08:55:01.0808 5776 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

08:55:01.0818 5776 vsmraid - ok

08:55:01.0858 5776 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe

08:55:01.0888 5776 VSS - ok

08:55:01.0958 5776 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

08:55:01.0958 5776 vwifibus - ok

08:55:01.0978 5776 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

08:55:01.0988 5776 W32Time - ok

08:55:02.0028 5776 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

08:55:02.0048 5776 WacomPen - ok

08:55:02.0078 5776 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

08:55:02.0098 5776 WANARP - ok

08:55:02.0108 5776 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

08:55:02.0108 5776 Wanarpv6 - ok

08:55:02.0228 5776 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

08:55:02.0298 5776 WatAdminSvc - ok

08:55:02.0388 5776 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe

08:55:02.0408 5776 wbengine - ok

08:55:02.0458 5776 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

08:55:02.0458 5776 WbioSrvc - ok

08:55:02.0488 5776 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll

08:55:02.0488 5776 wcncsvc - ok

08:55:02.0618 5776 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

08:55:02.0648 5776 WcsPlugInService - ok

08:55:02.0678 5776 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys

08:55:02.0718 5776 Wd - ok

08:55:02.0738 5776 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

08:55:02.0738 5776 Wdf01000 - ok

08:55:02.0798 5776 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

08:55:02.0801 5776 WdiServiceHost - ok

08:55:02.0805 5776 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

08:55:02.0807 5776 WdiSystemHost - ok

08:55:02.0874 5776 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll

08:55:02.0891 5776 WebClient - ok

08:55:02.0956 5776 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

08:55:02.0976 5776 Wecsvc - ok

08:55:03.0063 5776 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

08:55:03.0066 5776 wercplsupport - ok

08:55:03.0105 5776 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

08:55:03.0107 5776 WerSvc - ok

08:55:03.0144 5776 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

08:55:03.0161 5776 WfpLwf - ok

08:55:03.0180 5776 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

08:55:03.0181 5776 WIMMount - ok

08:55:03.0258 5776 [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys

08:55:03.0272 5776 winachsf - ok

08:55:03.0404 5776 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

08:55:03.0508 5776 WinDefend - ok

08:55:03.0514 5776 WinHttpAutoProxySvc - ok

08:55:03.0607 5776 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

08:55:03.0608 5776 Winmgmt - ok

08:55:03.0652 5776 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll

08:55:03.0703 5776 WinRM - ok

08:55:03.0775 5776 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

08:55:03.0782 5776 WinUsb - ok

08:55:03.0825 5776 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

08:55:03.0867 5776 Wlansvc - ok

08:55:04.0040 5776 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:55:04.0070 5776 wlidsvc - ok

08:55:04.0101 5776 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

08:55:04.0103 5776 WmiAcpi - ok

08:55:04.0137 5776 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

08:55:04.0139 5776 wmiApSrv - ok

08:55:04.0218 5776 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

08:55:04.0244 5776 WMPNetworkSvc - ok

08:55:04.0305 5776 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

08:55:04.0317 5776 WPCSvc - ok

08:55:04.0331 5776 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

08:55:04.0334 5776 WPDBusEnum - ok

08:55:04.0397 5776 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

08:55:04.0398 5776 ws2ifsl - ok

08:55:04.0440 5776 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll

08:55:04.0443 5776 wscsvc - ok

08:55:04.0448 5776 WSearch - ok

08:55:04.0599 5776 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

08:55:04.0850 5776 wuauserv - ok

08:55:04.0888 5776 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

08:55:04.0890 5776 WudfPf - ok

08:55:04.0913 5776 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

08:55:04.0915 5776 WUDFRd - ok

08:55:05.0011 5776 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

08:55:05.0014 5776 wudfsvc - ok

08:55:05.0048 5776 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll

08:55:05.0064 5776 WwanSvc - ok

08:55:05.0090 5776 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys

08:55:05.0091 5776 XAudio - ok

08:55:05.0105 5776 ================ Scan global ===============================

08:55:05.0158 5776 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll

08:55:05.0202 5776 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll

08:55:05.0221 5776 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll

08:55:05.0257 5776 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

08:55:05.0302 5776 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

08:55:05.0306 5776 [Global] - ok

08:55:05.0307 5776 ================ Scan MBR ==================================

08:55:05.0320 5776 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0

08:55:05.0321 5776 Suspicious mbr (Forged): \Device\Harddisk0\DR0

08:55:05.0380 5776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

08:55:05.0380 5776 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

08:55:05.0380 5776 ================ Scan VBR ==================================

08:55:05.0383 5776 [ 9D19430D8B7AA3A7C4B810714BED685F ] \Device\Harddisk0\DR0\Partition1

08:55:05.0384 5776 \Device\Harddisk0\DR0\Partition1 - ok

08:55:05.0444 5776 [ 5D5D62D4EFF7793694CBB4CA282DC09E ] \Device\Harddisk0\DR0\Partition2

08:55:05.0446 5776 \Device\Harddisk0\DR0\Partition2 - ok

08:55:05.0446 5776 ============================================================

08:55:05.0446 5776 Scan finished

08:55:05.0446 5776 ============================================================

08:55:05.0457 3664 Detected object count: 1

08:55:05.0457 3664 Actual detected object count: 1

08:55:13.0024 3664 \Device\Harddisk0\DR0\# - copied to quarantine

08:55:13.0046 3664 \Device\Harddisk0\DR0 - copied to quarantine

08:55:13.0118 3664 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

08:55:13.0141 3664 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

08:55:13.0145 3664 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

08:55:13.0151 3664 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

08:55:13.0156 3664 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

08:55:13.0169 3664 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

08:55:13.0176 3664 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

08:55:13.0178 3664 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

08:55:13.0180 3664 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

08:55:13.0184 3664 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

08:55:13.0187 3664 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

08:55:13.0192 3664 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

08:55:13.0195 3664 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

08:55:13.0197 3664 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

08:55:13.0207 3664 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

08:55:13.0271 3664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

08:55:13.0273 3664 \Device\Harddisk0\DR0 - ok

08:55:13.0310 3664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

08:55:22.0382 3036 Deinitialize success

TheDarkKnight · September 4, 2012

Hey Sunshine2.

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start.
When asked, allow the ActiveX control to install.
Click Start.
Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
Click Scan.
Wait for the scan to finish.
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

===========

Next, please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===========

Please provide log.txt and checkup.txt in your next post, along with a description of any remaining issues on your computer.

Sunshine2 · September 5, 2012

OK, here is log.txt:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=96e8bb531958f44dbdb058d69d0adfb5

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-05 12:57:45

# local_time=2012-09-04 07:57:45 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=3589 16777213 100 74 0 97379627 0 0

# compatibility_mode=5893 16776574 66 85 98334522 98348322 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=169249

# found=11

# cleaned=0

# scan_time=3133

C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NP trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I

C:\TDSSKiller_Quarantine\04.09.2012_08.54.31\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan (unable to clean) 00000000000000000000000000000000 I

C:\Users\sunshine\Downloads\cnet2_Romaco Timeout 3_1_2_0 Installer_msi.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I

C:\Users\sunshine\Downloads\couponprinter(4).exe probably a variant of Win32/Adware.Softomate.AD application (unable to clean) 00000000000000000000000000000000 I

Here is checkup.txt:

Results of screen317's Security Check version 0.99.50

Windows 7 x86 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton 360

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Scholastic's I SPY Junior

Malwarebytes Anti-Malware version 1.62.0.1300

JavaFX 2.1.1

Java 6 Update 31

Java 7 Update 5

Java version out of Date!

Adobe Flash Player 11.3.300.270

Adobe Reader X 10.1.3 Adobe Reader out of Date!

Mozilla Firefox (14.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 5%

````````````````````End of Log``````````````````````

Things seem to be running a lot smoother now. Google goes where it supposed to, and the PC is faster. Something changed the permissions to some of the folders - I couldn't save to the Desktop and possibly other places. Now it looks like I can. Can I just adjust those manually? I haven't wanted to do too much - feels like things are vulnerable until everything is clear. Thank you for helping. This is not fun, but I am glad I can try some things myself.

Sunshine

Sunshine2 · September 5, 2012

Oh, Firefox was asking me to update add-ons/plug-ins. I was trying to check Windows Update sometime when I realized this was going on, so I'm not sure where I am with that. I haven't followed too many other logs to the end - are there clean up things besides uninstalling ComboFix I'll have to do later?

TheDarkKnight · September 5, 2012

Good afternoon Sunshine2.

Please navigate to these files and delete them (if present):

C:\Users\sunshine\Downloads\cnet2_Romaco Timeout 3_1_2_0 Installer_msi.exe

C:\Users\sunshine\Downloads\couponprinter(4).exe

Can I just adjust those manually?

Please see this link for a description on how to:

http://www.raymond.c...-open-location/

I haven't followed too many other logs to the end - are there clean up things besides uninstalling ComboFix I'll have to do later?

Yep. Generally in the order: updates>cleanup of tools>advice.

===========

Please do the following updates. Your Windows and Internet Explorer are out of date and by updating to the latest Service Packs you will minimise the risk of future infections through these security patches and fixes.

Service Pack 1 (SP1) is an extremely important update for Vista and Windows 7 and will help reduce the chance of an infection through security patches. I strongly recommend you install this update.

Please open Internet Explorer and follow the instructions below to update Windows:

Go to this link: Windows Update
Download all the Critical updates, making sure you have selected SP1.
Once it has been installed, please revisit Windows Update and select any further Critical updates.

Note:

It will be necessary for you to restart the computer during the updates, and return to the Windows Update site several times before all critical updates are installed.

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections.

Next, your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:

Please go to the below link and download the latest Windows 7 version:

http://www.java.com/...load/manual.jsp

Save it to your Desktop.
Please go to Start>Control Panel >Programs and Features>Programs.
Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them:
Select Remove.
Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

Finally, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

Please go to Start>All Programs>Adobe Reader.
Open Adobe Reader and navigate to Help>Check for Updates.
Please follow the prompts to install the latest version.

===========

Please let me know how the updates go in your reply.

Sunshine2 · September 5, 2012

OK. Got those 2 files deleted, updated Windows 7 to SP1, Java, and Adobe Reader. I had Automatic Updates selected - I wonder if someone else (my kids??) was on and decided not to update. I did not know Java didn't clean up after itself either.

TheDarkKnight · September 6, 2012

Morning Sunshine2.

I did not know Java didn't clean up after itself either.

Most people don't.

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.

==========

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

Sunshine2 · September 6, 2012

Great advice. A definite learning experience for me and I certainly appreciate all of the help I was given. Thanks to you and to all those who spend time on this forum! It is much quieter here on my PC when it isn't grinding away because of the malware/trojan/yuck! on it.

screen317 · September 14, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

malware help...Malwarebytes found MRGgen but PC still not right

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information