Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

changing passwords after trojan


  • This topic is locked This topic is locked
9 replies to this topic

#1 XML2005

XML2005

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 31 July 2012 - 09:58 PM

I'd been having trouble with my cable service (using an old Pentium4 XP desktop with Norton 360 running up to date), so when my upload to SOS online backup slowed to a crawl I was not concerned at first. But then it got really bad, so I ran SuperAntiSpyware (SAS) and it found Trojan.Dropper/SVCHost-Fake.Process and a PUP toolbar downloader. I updated SAS again, ran a full scan (with the internet blocked) and removed everything SAS found, then did the same with Malwarebytes (which didn't find anything), and then ran SAS again to confirm the malware was gone. I THINK it is gone now. Two issues remain:
1) Before I reopen any files on that desktop, I'd like to confirm the malware is killed. Any way to confirm it is?
2) More urgent: What passwords must I change and what info may already have been compromised? Before I'd realized the machine was infected, I'd opened my Keepass password manager by typing in its password and accessed a few financial sites. I also typed in my Axcrypt password to look at an encrypted file with family birthdates. I've already gotten on another computer and changed the passwords for any financial accounts I'd accessed while I evidently had the malware and also my bank and my brokerage. However, could the trojan have downloaded the entire Keepass file with its passwords to DOZENS of sensitive sites? Also, could someone have downloaded all my encrypted files and the Axcrypt password too? Or am I being too security-paranoid?

Thanks for your help. You guys have saved the day for me before and I hope you can do so again. It is MUCH appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 AM

Posted 11 August 2012 - 10:23 PM

Hello, where did SAS find the SVCHost-Fake.Process
Post the if you cannot tell.
To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.


As this is not a backdoor infection you are good on no info being sent out. No other infections were downloaded before removal.

But we will check.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 XML2005

XML2005
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 12 August 2012 - 04:45 PM

Wow, you responded quickly, thanks! And I thank you too for assuring me up-front that I probably need not worry about data theft from either the Trojan.dropper or the PUP toolbar… especially since, in my panic, I did something very foolish: When cleaning my system post-trojan, I unfortunately accidentally deleted all the scan logs. I do have the complete SAS scan, which I had run after cleanup:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com



Generated 08/03/2012 at 04:45 PM



Application Version : 5.5.1012



Core Rules Database Version : 9006

Trace Rules Database Version: 6818



Scan type : Complete Scan

Total Scan Time : 01:20:50



Operating System Information

Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator



Memory items scanned : 240

Memory threats detected : 0

Registry items scanned : 32615

Registry threats detected : 0

File items scanned : 47218

File threats detected : 0



TDS Skiller: No issues found, no reboot needed:

13:06:03.0531 3552 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

13:06:04.0531 3552 ============================================================

13:06:04.0531 3552 Current date / time: 2012/08/12 13:06:04.0531

13:06:04.0531 3552 SystemInfo:

13:06:04.0531 3552

13:06:04.0531 3552 OS Version: 5.1.2600 ServicePack: 3.0

13:06:04.0531 3552 Product type: Workstation

13:06:04.0531 3552 ComputerName: 6B4MT71

13:06:04.0531 3552 UserName: Leah1

13:06:04.0531 3552 Windows directory: C:\WINDOWS

13:06:04.0531 3552 System windows directory: C:\WINDOWS

13:06:04.0531 3552 Processor architecture: Intel x86

13:06:04.0531 3552 Number of processors: 1

13:06:04.0531 3552 Page size: 0x1000

13:06:04.0531 3552 Boot type: Normal boot

13:06:04.0531 3552 ============================================================

13:06:07.0140 3552 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:06:07.0140 3552 ============================================================

13:06:07.0140 3552 \Device\Harddisk0\DR0:

13:06:07.0140 3552 MBR partitions:

13:06:07.0140 3552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F

13:06:07.0140 3552 ============================================================

13:06:07.0187 3552 C: <-> \Device\Harddisk0\DR0\Partition0

13:06:07.0187 3552 ============================================================

13:06:07.0187 3552 Initialize success

13:06:07.0187 3552 ============================================================

13:06:27.0125 1196 ============================================================

13:06:27.0125 1196 Scan started

13:06:27.0125 1196 Mode: Manual; TDLFS;

13:06:27.0125 1196 ============================================================

13:06:27.0656 1196 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

13:06:27.0671 1196 !SASCORE - ok

13:06:27.0812 1196 Abiosdsk - ok

13:06:27.0812 1196 abp480n5 - ok

13:06:27.0906 1196 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:06:27.0906 1196 ACPI - ok

13:06:27.0953 1196 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:06:27.0953 1196 ACPIEC - ok

13:06:27.0968 1196 adpu160m - ok

13:06:28.0171 1196 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

13:06:28.0171 1196 AdvancedSystemCareService5 - ok

13:06:28.0218 1196 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:06:28.0218 1196 aec - ok

13:06:28.0296 1196 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:06:28.0296 1196 AFD - ok

13:06:28.0312 1196 Aha154x - ok

13:06:28.0328 1196 aic78u2 - ok

13:06:28.0328 1196 aic78xx - ok

13:06:28.0421 1196 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

13:06:28.0421 1196 Alerter - ok

13:06:28.0453 1196 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

13:06:28.0453 1196 ALG - ok

13:06:28.0453 1196 AliIde - ok

13:06:28.0468 1196 amsint - ok

13:06:28.0546 1196 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

13:06:28.0546 1196 AppMgmt - ok

13:06:28.0562 1196 asc - ok

13:06:28.0578 1196 asc3350p - ok

13:06:28.0593 1196 asc3550 - ok

13:06:28.0843 1196 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

13:06:28.0875 1196 aspnet_state - ok

13:06:28.0937 1196 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:06:28.0937 1196 AsyncMac - ok

13:06:29.0015 1196 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:06:29.0015 1196 atapi - ok

13:06:29.0031 1196 Atdisk - ok

13:06:29.0078 1196 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:06:29.0078 1196 Atmarpc - ok

13:06:29.0125 1196 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

13:06:29.0125 1196 AudioSrv - ok

13:06:29.0203 1196 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:06:29.0203 1196 audstub - ok

13:06:29.0265 1196 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:06:29.0265 1196 Beep - ok

13:06:29.0562 1196 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120804.001\BHDrvx86.sys

13:06:29.0578 1196 BHDrvx86 - ok

13:06:29.0656 1196 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

13:06:29.0656 1196 BITS - ok

13:06:29.0734 1196 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

13:06:29.0734 1196 Browser - ok

13:06:29.0875 1196 CarboniteService - ok

13:06:29.0937 1196 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:06:29.0937 1196 cbidf2k - ok

13:06:30.0046 1196 cbVSCService11 (58bf7714a312698108a96d0de2bb6825) C:\Program Files\Cobian Backup 11\cbVSCService11.exe

13:06:30.0046 1196 cbVSCService11 - ok

13:06:30.0171 1196 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys

13:06:30.0171 1196 ccSet_N360 - ok

13:06:30.0187 1196 cd20xrnt - ok

13:06:30.0281 1196 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:06:30.0281 1196 Cdaudio - ok

13:06:30.0343 1196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:06:30.0359 1196 Cdfs - ok

13:06:30.0421 1196 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:06:30.0421 1196 Cdrom - ok

13:06:30.0484 1196 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

13:06:30.0484 1196 cercsr6 - ok

13:06:30.0500 1196 Changer - ok

13:06:30.0546 1196 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

13:06:30.0562 1196 CiSvc - ok

13:06:30.0609 1196 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

13:06:30.0609 1196 ClipSrv - ok

13:06:30.0765 1196 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:06:30.0781 1196 clr_optimization_v2.0.50727_32 - ok

13:06:30.0921 1196 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:06:30.0968 1196 clr_optimization_v4.0.30319_32 - ok

13:06:30.0984 1196 CmdIde - ok

13:06:31.0078 1196 CobianBackup11 (a72f4df087e9a3edfe8cd0debbc059da) C:\Program Files\Cobian Backup 11\cbService.exe

13:06:31.0078 1196 CobianBackup11 - ok

13:06:31.0093 1196 COMSysApp - ok

13:06:31.0140 1196 Cpqarray - ok

13:06:31.0203 1196 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

13:06:31.0203 1196 CryptSvc - ok

13:06:31.0250 1196 dac2w2k - ok

13:06:31.0265 1196 dac960nt - ok

13:06:31.0343 1196 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

13:06:31.0359 1196 DcomLaunch - ok

13:06:31.0421 1196 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

13:06:31.0421 1196 Dhcp - ok

13:06:31.0500 1196 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:06:31.0500 1196 Disk - ok

13:06:31.0515 1196 dmadmin - ok

13:06:31.0593 1196 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:06:31.0593 1196 dmboot - ok

13:06:31.0640 1196 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:06:31.0640 1196 dmio - ok

13:06:31.0671 1196 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:06:31.0687 1196 dmload - ok

13:06:31.0718 1196 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

13:06:31.0718 1196 dmserver - ok

13:06:31.0765 1196 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:06:31.0765 1196 DMusic - ok

13:06:31.0859 1196 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

13:06:31.0859 1196 Dnscache - ok

13:06:31.0921 1196 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

13:06:31.0921 1196 Dot3svc - ok

13:06:31.0937 1196 dpti2o - ok

13:06:31.0984 1196 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:06:31.0984 1196 drmkaud - ok

13:06:32.0062 1196 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:06:32.0062 1196 E100B - ok

13:06:32.0125 1196 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

13:06:32.0125 1196 EapHost - ok

13:06:32.0312 1196 eeCtrl (85b8b4032a895a746d46a288a9b30ded) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

13:06:32.0312 1196 eeCtrl - ok

13:06:32.0437 1196 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

13:06:32.0437 1196 EpsonBidirectionalService - ok

13:06:32.0515 1196 EraserUtilRebootDrv (b5a8a04a6e5b4e86b95b1553aa918f5f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

13:06:32.0515 1196 EraserUtilRebootDrv - ok

13:06:32.0562 1196 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

13:06:32.0562 1196 ERSvc - ok

13:06:32.0625 1196 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

13:06:32.0625 1196 Eventlog - ok

13:06:32.0703 1196 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

13:06:32.0703 1196 EventSystem - ok

13:06:32.0734 1196 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:06:32.0734 1196 Fastfat - ok

13:06:32.0843 1196 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

13:06:32.0843 1196 FastUserSwitchingCompatibility - ok

13:06:32.0890 1196 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

13:06:32.0906 1196 Fax - ok

13:06:32.0953 1196 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:06:32.0953 1196 Fdc - ok

13:06:33.0171 1196 FileMonitor (c21fc36d3cd28c2726fee10d397216c7) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys

13:06:33.0171 1196 FileMonitor - ok

13:06:33.0250 1196 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:06:33.0250 1196 Fips - ok

13:06:33.0265 1196 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:06:33.0265 1196 Flpydisk - ok

13:06:33.0281 1196 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:06:33.0281 1196 FltMgr - ok

13:06:33.0421 1196 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

13:06:33.0421 1196 FontCache3.0.0.0 - ok

13:06:33.0484 1196 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:06:33.0484 1196 Fs_Rec - ok

13:06:33.0500 1196 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:06:33.0500 1196 Ftdisk - ok

13:06:33.0578 1196 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

13:06:33.0578 1196 GEARAspiWDM - ok

13:06:33.0687 1196 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

13:06:33.0687 1196 GoToAssist - ok

13:06:33.0718 1196 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:06:33.0718 1196 Gpc - ok

13:06:33.0875 1196 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe

13:06:33.0875 1196 gupdate - ok

13:06:33.0890 1196 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe

13:06:33.0890 1196 gupdatem - ok

13:06:34.0046 1196 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:06:34.0046 1196 helpsvc - ok

13:06:34.0109 1196 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

13:06:34.0109 1196 HidServ - ok

13:06:34.0171 1196 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:06:34.0171 1196 hidusb - ok

13:06:34.0218 1196 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

13:06:34.0218 1196 hkmsvc - ok

13:06:34.0234 1196 hpn - ok

13:06:34.0328 1196 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:06:34.0328 1196 HTTP - ok

13:06:34.0375 1196 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

13:06:34.0375 1196 HTTPFilter - ok

13:06:34.0390 1196 i2omgmt - ok

13:06:34.0406 1196 i2omp - ok

13:06:34.0468 1196 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:06:34.0468 1196 i8042prt - ok

13:06:34.0578 1196 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

13:06:34.0593 1196 ialm - ok

13:06:34.0812 1196 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:06:34.0812 1196 idsvc - ok

13:06:35.0218 1196 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120810.001\IDSxpx86.sys

13:06:35.0218 1196 IDSxpx86 - ok

13:06:35.0421 1196 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe

13:06:35.0421 1196 IISADMIN - ok

13:06:35.0500 1196 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:06:35.0500 1196 Imapi - ok

13:06:35.0578 1196 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

13:06:35.0578 1196 ImapiService - ok

13:06:35.0843 1196 IMFservice (1f0aedcbd294a0a3b479896b278ad343) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

13:06:35.0843 1196 IMFservice - ok

13:06:35.0890 1196 ini910u - ok

13:06:36.0000 1196 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys

13:06:36.0015 1196 IntelC51 - ok

13:06:36.0046 1196 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys

13:06:36.0046 1196 IntelC52 - ok

13:06:36.0078 1196 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys

13:06:36.0078 1196 IntelC53 - ok

13:06:36.0156 1196 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:06:36.0156 1196 IntelIde - ok

13:06:36.0171 1196 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:06:36.0171 1196 intelppm - ok

13:06:36.0218 1196 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:06:36.0218 1196 Ip6Fw - ok

13:06:36.0265 1196 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:06:36.0281 1196 IpFilterDriver - ok

13:06:36.0312 1196 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:06:36.0328 1196 IpInIp - ok

13:06:36.0390 1196 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:06:36.0390 1196 IpNat - ok

13:06:36.0406 1196 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:06:36.0406 1196 IPSec - ok

13:06:36.0437 1196 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:06:36.0437 1196 IRENUM - ok

13:06:36.0515 1196 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:06:36.0515 1196 isapnp - ok

13:06:36.0750 1196 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

13:06:36.0750 1196 JavaQuickStarterService - ok

13:06:36.0812 1196 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:06:36.0812 1196 Kbdclass - ok

13:06:36.0843 1196 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:06:36.0843 1196 kmixer - ok

13:06:36.0921 1196 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:06:36.0921 1196 KSecDD - ok

13:06:36.0984 1196 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

13:06:36.0984 1196 lanmanserver - ok

13:06:37.0062 1196 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

13:06:37.0062 1196 lanmanworkstation - ok

13:06:37.0078 1196 lbrtfdc - ok

13:06:37.0171 1196 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

13:06:37.0171 1196 LmHosts - ok

13:06:37.0218 1196 LMIGuardianSvc - ok

13:06:37.0234 1196 LMIInfo - ok

13:06:37.0328 1196 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

13:06:37.0328 1196 lmimirr - ok

13:06:37.0328 1196 LMIRfsClientNP - ok

13:06:37.0359 1196 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

13:06:37.0375 1196 LMIRfsDriver - ok

13:06:37.0515 1196 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe

13:06:37.0515 1196 MatSvc - ok

13:06:37.0578 1196 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys

13:06:37.0578 1196 MBAMProtector - ok

13:06:37.0734 1196 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

13:06:37.0734 1196 MBAMService - ok

13:06:37.0875 1196 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

13:06:37.0875 1196 MDM - ok

13:06:37.0906 1196 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

13:06:37.0906 1196 Messenger - ok

13:06:37.0968 1196 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:06:37.0968 1196 mnmdd - ok

13:06:38.0015 1196 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

13:06:38.0015 1196 mnmsrvc - ok

13:06:38.0078 1196 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:06:38.0078 1196 Modem - ok

13:06:38.0140 1196 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

13:06:38.0140 1196 MODEMCSA - ok

13:06:38.0218 1196 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys

13:06:38.0218 1196 mohfilt - ok

13:06:38.0234 1196 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:06:38.0234 1196 Mouclass - ok

13:06:38.0296 1196 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:06:38.0296 1196 mouhid - ok

13:06:38.0343 1196 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:06:38.0343 1196 MountMgr - ok

13:06:38.0437 1196 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:06:38.0437 1196 MozillaMaintenance - ok

13:06:38.0453 1196 mraid35x - ok

13:06:38.0500 1196 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:06:38.0500 1196 MRxDAV - ok

13:06:38.0578 1196 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:06:38.0578 1196 MRxSmb - ok

13:06:38.0656 1196 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

13:06:38.0656 1196 MSDTC - ok

13:06:38.0687 1196 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:06:38.0687 1196 Msfs - ok

13:06:38.0703 1196 MSIServer - ok

13:06:38.0750 1196 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:06:38.0750 1196 MSKSSRV - ok

13:06:38.0781 1196 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:06:38.0781 1196 MSPCLOCK - ok

13:06:38.0812 1196 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:06:38.0812 1196 MSPQM - ok

13:06:38.0859 1196 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:06:38.0859 1196 mssmbios - ok

13:06:38.0953 1196 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:06:38.0953 1196 Mup - ok

13:06:39.0093 1196 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

13:06:39.0093 1196 N360 - ok

13:06:39.0156 1196 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

13:06:39.0156 1196 napagent - ok

13:06:39.0500 1196 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120811.008\NAVENG.SYS

13:06:39.0500 1196 NAVENG - ok

13:06:39.0578 1196 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120811.008\NAVEX15.SYS

13:06:39.0578 1196 NAVEX15 - ok

13:06:39.0750 1196 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:06:39.0750 1196 NDIS - ok

13:06:39.0812 1196 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:06:39.0812 1196 NdisTapi - ok

13:06:39.0859 1196 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:06:39.0859 1196 Ndisuio - ok

13:06:39.0921 1196 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:06:39.0921 1196 NdisWan - ok

13:06:40.0000 1196 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:06:40.0000 1196 NDProxy - ok

13:06:40.0031 1196 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:06:40.0031 1196 NetBIOS - ok

13:06:40.0109 1196 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:06:40.0109 1196 NetBT - ok

13:06:40.0156 1196 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

13:06:40.0156 1196 NetDDE - ok

13:06:40.0171 1196 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

13:06:40.0171 1196 NetDDEdsdm - ok

13:06:40.0234 1196 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:06:40.0234 1196 Netlogon - ok

13:06:40.0312 1196 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

13:06:40.0312 1196 Netman - ok

13:06:40.0546 1196 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

13:06:40.0546 1196 NetSvc - ok

13:06:40.0718 1196 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

13:06:40.0750 1196 NetTcpPortSharing - ok

13:06:40.0890 1196 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

13:06:40.0890 1196 Nla - ok

13:06:40.0968 1196 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys

13:06:40.0968 1196 NPF - ok

13:06:40.0984 1196 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:06:40.0984 1196 Npfs - ok

13:06:41.0109 1196 NSL (436e7b2e6f42c2717c1d670220d03336) C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe

13:06:41.0109 1196 NSL - ok

13:06:41.0218 1196 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:06:41.0218 1196 Ntfs - ok

13:06:41.0265 1196 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:06:41.0265 1196 NtLmSsp - ok

13:06:41.0312 1196 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

13:06:41.0312 1196 NtmsSvc - ok

13:06:41.0375 1196 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:06:41.0375 1196 Null - ok

13:06:41.0437 1196 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:06:41.0437 1196 NwlnkFlt - ok

13:06:41.0453 1196 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:06:41.0453 1196 NwlnkFwd - ok

13:06:41.0562 1196 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:06:41.0562 1196 ose - ok

13:06:41.0625 1196 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:06:41.0625 1196 Parport - ok

13:06:41.0703 1196 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:06:41.0703 1196 PartMgr - ok

13:06:41.0781 1196 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:06:41.0781 1196 ParVdm - ok

13:06:41.0843 1196 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:06:41.0843 1196 PCI - ok

13:06:41.0859 1196 PCIDump - ok

13:06:41.0921 1196 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:06:41.0921 1196 PCIIde - ok

13:06:41.0968 1196 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:06:41.0968 1196 Pcmcia - ok

13:06:41.0984 1196 PDCOMP - ok

13:06:42.0000 1196 PDFRAME - ok

13:06:42.0015 1196 PDRELI - ok

13:06:42.0031 1196 PDRFRAME - ok

13:06:42.0046 1196 perc2 - ok

13:06:42.0062 1196 perc2hib - ok

13:06:42.0140 1196 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

13:06:42.0140 1196 PlugPlay - ok

13:06:42.0156 1196 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:06:42.0156 1196 PolicyAgent - ok

13:06:42.0250 1196 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:06:42.0250 1196 PptpMiniport - ok

13:06:42.0265 1196 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:06:42.0265 1196 ProtectedStorage - ok

13:06:42.0281 1196 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:06:42.0281 1196 PSched - ok

13:06:42.0328 1196 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

13:06:42.0328 1196 PSI - ok

13:06:42.0375 1196 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:06:42.0375 1196 Ptilink - ok

13:06:42.0390 1196 ql1080 - ok

13:06:42.0406 1196 Ql10wnt - ok

13:06:42.0421 1196 ql12160 - ok

13:06:42.0437 1196 ql1240 - ok

13:06:42.0453 1196 ql1280 - ok

13:06:42.0484 1196 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:06:42.0484 1196 RasAcd - ok

13:06:42.0531 1196 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

13:06:42.0531 1196 RasAuto - ok

13:06:42.0578 1196 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:06:42.0578 1196 Rasl2tp - ok

13:06:42.0640 1196 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

13:06:42.0640 1196 RasMan - ok

13:06:42.0656 1196 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:06:42.0656 1196 RasPppoe - ok

13:06:42.0734 1196 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:06:42.0734 1196 Raspti - ok

13:06:42.0765 1196 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:06:42.0765 1196 Rdbss - ok

13:06:42.0796 1196 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:06:42.0796 1196 RDPCDD - ok

13:06:42.0890 1196 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:06:42.0890 1196 rdpdr - ok

13:06:42.0984 1196 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

13:06:42.0984 1196 RDPWD - ok

13:06:43.0046 1196 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

13:06:43.0046 1196 RDSessMgr - ok

13:06:43.0140 1196 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:06:43.0140 1196 redbook - ok

13:06:43.0390 1196 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys

13:06:43.0390 1196 RegFilter - ok

13:06:43.0453 1196 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

13:06:43.0453 1196 RemoteAccess - ok

13:06:43.0484 1196 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

13:06:43.0484 1196 RemoteRegistry - ok

13:06:43.0609 1196 RHDISK (3c57aea854eb5b33c664a377ace37449) C:\Program Files\Rohos\RHDISK.SYS

13:06:43.0609 1196 RHDISK - ok

13:06:43.0671 1196 rmdnhfjovqbv (d7dbfbc453b645111e6d21142305e80b) C:\WINDOWS\system32\drivers\rmdnhfjovqbv.sys

13:06:43.0671 1196 rmdnhfjovqbv - ok

13:06:43.0750 1196 Rohos Disk (c1610aa62304e95bcb20c3f6114e75aa) C:\Program Files\Rohos\agent.exe

13:06:43.0750 1196 Rohos Disk - ok

13:06:43.0890 1196 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe

13:06:43.0890 1196 rpcapd - ok

13:06:43.0968 1196 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

13:06:43.0968 1196 RpcLocator - ok

13:06:44.0078 1196 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

13:06:44.0078 1196 RpcSs - ok

13:06:44.0156 1196 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

13:06:44.0156 1196 RSVP - ok

13:06:44.0234 1196 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:06:44.0234 1196 SamSs - ok

13:06:44.0359 1196 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

13:06:44.0359 1196 SASDIFSV - ok

13:06:44.0437 1196 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

13:06:44.0437 1196 SASKUTIL - ok

13:06:44.0500 1196 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

13:06:44.0500 1196 SCardSvr - ok

13:06:44.0578 1196 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

13:06:44.0578 1196 Schedule - ok

13:06:44.0703 1196 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:06:44.0703 1196 Secdrv - ok

13:06:44.0750 1196 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

13:06:44.0765 1196 seclogon - ok

13:06:44.0906 1196 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

13:06:44.0906 1196 senfilt - ok

13:06:44.0984 1196 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

13:06:44.0984 1196 SENS - ok

13:06:45.0062 1196 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:06:45.0062 1196 serenum - ok

13:06:45.0078 1196 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:06:45.0078 1196 Serial - ok

13:06:45.0187 1196 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:06:45.0187 1196 Sfloppy - ok

13:06:45.0265 1196 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

[font="Calibri"][size="3"]13:06:45.0265 1196 SharedAccess - ok[/size][/font]

[font="Calibri"][size="3"]13:06:45.0343 1196 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll[/size][/font]

[font="Calibri"][size="3"]13:06:45.0343 1196 ShellHWDetection - ok[/size][/font]

[font="Calibri"][size="3"]13:06:45.0359 1196 Simbad - ok[/size][/font]

[font="Calibri"][size="3"]13:06:45.0437 1196 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys[/size][/font]

[font="Calibri"][size="3"]13:06:45.0437 1196 SmartDefragDriver - ok[/size][/font]

[font="Calibri"][size="3"]13:06:45.0578 1196 SMTPSVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe[/size][/font]

[font="Calibri"][size="3"]13:06:45.0578 1196 SMTPSVC - ok[/size][/font]

[font="Calibri"][size="3"]13:06:45.0640 1196 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys[/size][/font]

[font="Calibri"][size="3"]13:06:45.0656 1196 smwdm - ok[/size][/font]

[font="Calibri"][size="3"]13:06:45.0656 1196 Sparrow - ok[/size][/font]

[font="Calibri"][size="3"]13:06:45.0828 1196 SPDFCreatorReadSpool (c2708eab99b2ec0ecead5686e082fcc7) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe[/size][/font]

[font="Calibri"][size="3"]13:06:45.0828 1196 SPDFCreatorReadSpool - ok[/size][/font]

[font="Calibri"][size="3"]13:06:45.0890 1196 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys[/size][/font]

[font="Calibri"][size="3"]13:06:45.0890 1196 splitter - ok[/size][/font]

[font="Calibri"][size="3"]13:06:45.0937 1196 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe[/size][/font]

[font="Calibri"][size="3"]13:06:45.0953 1196 Spooler - ok[/size][/font]

[font="Calibri"][size="3"]13:06:46.0125 1196 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys[/size][/font]

[font="Calibri"][size="3"]13:06:46.0125 1196 sr - ok[/size][/font]

[font="Calibri"][size="3"]13:06:46.0390 1196 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll[/size][/font]

[font="Calibri"][size="3"]13:06:46.0390 1196 srservice - ok[/size][/font]

[font="Calibri"][size="3"]13:06:46.0796 1196 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\N360\0602010.005\SRTSP.SYS[/size][/font]

[font="Calibri"][size="3"]13:06:46.0812 1196 SRTSP - ok[/size][/font]

[font="Calibri"][size="3"]13:06:46.0906 1196 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSPX.SYS[/size][/font]

[font="Calibri"][size="3"]13:06:46.0921 1196 SRTSPX - ok[/size][/font]

[font="Calibri"][size="3"]13:06:47.0078 1196 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys[/size][/font]

[font="Calibri"][size="3"]13:06:47.0078 1196 Srv - ok[/size][/font]

[font="Calibri"][size="3"]13:06:47.0156 1196 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll[/size][/font]

[font="Calibri"][size="3"]13:06:47.0156 1196 SSDPSRV - ok[/size][/font]

[font="Calibri"][size="3"]13:06:47.0250 1196 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll[/size][/font]

[font="Calibri"][size="3"]13:06:47.0250 1196 stisvc - ok[/size][/font]

[font="Calibri"][size="3"]13:06:47.0312 1196 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys[/size][/font]

[font="Calibri"][size="3"]13:06:47.0312 1196 swenum - ok[/size][/font]

[font="Calibri"][size="3"]13:06:47.0343 1196 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys[/size][/font]

[font="Calibri"][size="3"]13:06:47.0343 1196 swmidi - ok[/size][/font]

[font="Calibri"][size="3"]13:06:47.0359 1196 SwPrv - ok[/size][/font]

[font="Calibri"][size="3"]13:06:47.0578 1196 Symantec RemoteAssist (267c914667c94e5f47d342311c1c577f) C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe[/size][/font]

[font="Calibri"][size="3"]13:06:47.0578 1196 Symantec RemoteAssist - ok[/size][/font]

[font="Calibri"][size="3"]13:06:47.0593 1196 symc810 - ok[/size][/font]

[font="Calibri"][size="3"]13:06:47.0609 1196 symc8xx - ok[/size][/font]

[font="Calibri"][size="3"]13:06:47.0890 1196 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMDS.SYS[/size][/font]

[font="Calibri"][size="3"]13:06:47.0890 1196 SymDS - ok[/size][/font]

[font="Calibri"][size="3"]13:06:48.0062 1196 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMEFA.SYS[/size][/font]

[font="Calibri"][size="3"]13:06:48.0078 1196 SymEFA - ok[/size][/font]

[font="Calibri"][size="3"]13:06:48.0312 1196 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS[/size][/font]

[font="Calibri"][size="3"]13:06:48.0312 1196 SymEvent - ok[/size][/font]

[font="Calibri"][size="3"]13:06:48.0562 1196 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602010.005\Ironx86.SYS[/size][/font]

[font="Calibri"][size="3"]13:06:48.0562 1196 SymIRON - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0046 1196 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\N360\0602010.005\SYMTDI.SYS[/size][/font]

[font="Calibri"][size="3"]13:06:49.0046 1196 SYMTDI - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0062 1196 sym_hi - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0078 1196 sym_u3 - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0203 1196 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys[/size][/font]

[font="Calibri"][size="3"]13:06:49.0203 1196 sysaudio - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0359 1196 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe[/size][/font]

[font="Calibri"][size="3"]13:06:49.0359 1196 SysmonLog - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0437 1196 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll[/size][/font]

[font="Calibri"][size="3"]13:06:49.0437 1196 TapiSrv - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0531 1196 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys[/size][/font]

[font="Calibri"][size="3"]13:06:49.0531 1196 Tcpip - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0593 1196 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys[/size][/font]

[font="Calibri"][size="3"]13:06:49.0593 1196 TDPIPE - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0640 1196 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys[/size][/font]

[font="Calibri"][size="3"]13:06:49.0640 1196 TDTCP - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0687 1196 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys[/size][/font]

[font="Calibri"][size="3"]13:06:49.0687 1196 teamviewervpn - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0734 1196 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys[/size][/font]

[font="Calibri"][size="3"]13:06:49.0734 1196 TermDD - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0812 1196 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll[/size][/font]

[font="Calibri"][size="3"]13:06:49.0828 1196 TermService - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0890 1196 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll[/size][/font]

[font="Calibri"][size="3"]13:06:49.0906 1196 Themes - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0953 1196 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe[/size][/font]

[font="Calibri"][size="3"]13:06:49.0968 1196 TlntSvr - ok[/size][/font]

[font="Calibri"][size="3"]13:06:49.0984 1196 TosIde - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0046 1196 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll[/size][/font]

[font="Calibri"][size="3"]13:06:50.0046 1196 TrkWks - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0109 1196 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys[/size][/font]

[font="Calibri"][size="3"]13:06:50.0109 1196 Udfs - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0140 1196 ultra - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0203 1196 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys[/size][/font]

[font="Calibri"][size="3"]13:06:50.0218 1196 Update - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0265 1196 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll[/size][/font]

[font="Calibri"][size="3"]13:06:50.0265 1196 upnphost - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0296 1196 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe[/size][/font]

[font="Calibri"][size="3"]13:06:50.0296 1196 UPS - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0546 1196 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys[/size][/font]

[font="Calibri"][size="3"]13:06:50.0546 1196 UrlFilter - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0578 1196 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys[/size][/font]

[font="Calibri"][size="3"]13:06:50.0593 1196 usbccgp - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0640 1196 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys[/size][/font]

[font="Calibri"][size="3"]13:06:50.0640 1196 usbehci - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0718 1196 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys[/size][/font]

[font="Calibri"][size="3"]13:06:50.0718 1196 usbhub - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0765 1196 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys[/size][/font]

[font="Calibri"][size="3"]13:06:50.0765 1196 usbprint - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0812 1196 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys[/size][/font]

[font="Calibri"][size="3"]13:06:50.0812 1196 usbscan - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0859 1196 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS[/size][/font]

[font="Calibri"][size="3"]13:06:50.0859 1196 USBSTOR - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0921 1196 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys[/size][/font]

[font="Calibri"][size="3"]13:06:50.0921 1196 usbuhci - ok[/size][/font]

[font="Calibri"][size="3"]13:06:50.0984 1196 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys[/size][/font]

[font="Calibri"][size="3"]13:06:50.0984 1196 VgaSave - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0000 1196 ViaIde - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0046 1196 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys[/size][/font]

[font="Calibri"][size="3"]13:06:51.0046 1196 VolSnap - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0140 1196 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe[/size][/font]

[font="Calibri"][size="3"]13:06:51.0156 1196 VSS - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0187 1196 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll[/size][/font]

[font="Calibri"][size="3"]13:06:51.0187 1196 W32Time - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0312 1196 W3SVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe[/size][/font]

[font="Calibri"][size="3"]13:06:51.0312 1196 W3SVC - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0343 1196 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys[/size][/font]

[font="Calibri"][size="3"]13:06:51.0343 1196 Wanarp - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0359 1196 WDICA - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0437 1196 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys[/size][/font]

[font="Calibri"][size="3"]13:06:51.0453 1196 wdmaud - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0500 1196 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll[/size][/font]

[font="Calibri"][size="3"]13:06:51.0500 1196 WebClient - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0625 1196 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll[/size][/font]

[font="Calibri"][size="3"]13:06:51.0625 1196 winmgmt - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0750 1196 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll[/size][/font]

[font="Calibri"][size="3"]13:06:51.0765 1196 WinRM - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0828 1196 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll[/size][/font]

[font="Calibri"][size="3"]13:06:51.0828 1196 WmdmPmSN - ok[/size][/font]

[font="Calibri"][size="3"]13:06:51.0906 1196 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll[/size][/font]

[font="Calibri"][size="3"]13:06:51.0906 1196 Wmi - ok[/size][/font]

[font="Calibri"][size="3"]13:06:52.0046 1196 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe[/size][/font]

[font="Calibri"][size="3"]13:06:52.0062 1196 WmiApSrv - ok[/size][/font]

[font="Calibri"][size="3"]13:06:52.0250 1196 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe[/size][/font]

[font="Calibri"][size="3"]13:06:52.0265 1196 WMPNetworkSvc - ok[/size][/font]

[font="Calibri"][size="3"]13:06:52.0546 1196 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[/size][/font]

[font="Calibri"][size="3"]13:06:52.0546 1196 WPFFontCache_v0400 - ok[/size][/font]

[font="Calibri"][size="3"]13:06:52.0656 1196 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys[/size][/font]

[font="Calibri"][size="3"]13:06:52.0656 1196 WS2IFSL - ok[/size][/font]

[font="Calibri"][size="3"]13:06:52.0703 1196 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll[/size][/font]

[font="Calibri"][size="3"]13:06:52.0703 1196 wscsvc - ok[/size][/font]

[font="Calibri"][size="3"]13:06:52.0718 1196 WSearch - ok[/size][/font]

[font="Calibri"][size="3"]13:06:52.0765 1196 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll[/size][/font]

[font="Calibri"][size="3"]13:06:52.0781 1196 wuauserv - ok[/size][/font]

[font="Calibri"][size="3"]13:06:52.0875 1196 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys[/size][/font]

[font="Calibri"][size="3"]13:06:52.0875 1196 WudfPf - ok[/size][/font]

[font="Calibri"][size="3"]13:06:52.0906 1196 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys[/size][/font]

[font="Calibri"][size="3"]13:06:52.0906 1196 WudfRd - ok[/size][/font]

[font="Calibri"][size="3"]13:06:53.0328 1196 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll[/size][/font]

[font="Calibri"][size="3"]13:06:53.0328 1196 WudfSvc - ok[/size][/font]

[font="Calibri"][size="3"]13:06:53.0406 1196 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll[/size][/font]

[font="Calibri"][size="3"]13:06:53.0421 1196 WZCSVC - ok[/size][/font]

[font="Calibri"][size="3"]13:06:53.0468 1196 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll[/size][/font]

[font="Calibri"][size="3"]13:06:53.0468 1196 xmlprov - ok[/size][/font]

[font="Calibri"][size="3"]13:06:53.0500 1196 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0[/size][/font]

[font="Calibri"][size="3"]13:06:54.0046 1196 \Device\Harddisk0\DR0 - ok[/size][/font]

[font="Calibri"][size="3"]13:06:54.0046 1196 Boot (0x1200) (5ee36647a7143aba2c3225e8b8509562) \Device\Harddisk0\DR0\Partition0[/size][/font]

[font="Calibri"][size="3"]13:06:54.0046 1196 \Device\Harddisk0\DR0\Partition0 - ok[/size][/font]

[font="Calibri"][size="3"]13:06:54.0062 1196 ============================================================[/size][/font]

[font="Calibri"][size="3"]13:06:54.0062 1196 Scan finished[/size][/font]

[font="Calibri"][size="3"]13:06:54.0062 1196 ============================================================[/size][/font]

[font="Calibri"][size="3"]13:06:54.0093 1632 Detected object count: 0[/size][/font]

[font="Calibri"][size="3"]13:06:54.0093 1632 Actual detected object count: 0[/size][/font]

[font="Calibri"][size="3"] [/size][/font]

[size="3"][font="Calibri"]aswMBR, no issues found:[/font][/size]

[font="Calibri"][size="3"]aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software[/size][/font]

[font="Calibri"][size="3"]Run date: 2012-08-12 13:19:55[/size][/font]

[font="Calibri"][size="3"]-----------------------------[/size][/font]

[font="Calibri"][size="3"]13:19:55.328 OS Version: Windows 5.1.2600 Service Pack 3[/size][/font]

[font="Calibri"][size="3"]13:19:55.328 Number of processors: 1 586 0x401[/size][/font]

[font="Calibri"][size="3"]13:19:55.328 ComputerName: 6B4MT71 UserName: Leah1[/size][/font]

[font="Calibri"][size="3"]13:19:56.031 Initialize success[/size][/font]

[font="Calibri"][size="3"]13:20:40.515 AVAST engine defs: 12081200[/size][/font]

[font="Calibri"][size="3"]13:22:28.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e[/size][/font]

[font="Calibri"][size="3"]13:22:28.750 Disk 0 Vendor: WDC_WD400BD-75LRA0 09.01D09 Size: 38146MB BusType: 3[/size][/font]

[font="Calibri"][size="3"]13:22:28.765 Disk 0 MBR read successfully[/size][/font]

[font="Calibri"][size="3"]13:22:28.781 Disk 0 MBR scan[/size][/font]

[font="Calibri"][size="3"]13:22:28.812 Disk 0 Windows XP default MBR code[/size][/font]

[font="Calibri"][size="3"]13:22:28.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63[/size][/font]

[font="Calibri"][size="3"]13:22:28.828 Disk 0 scanning sectors +78108030[/size][/font]

[font="Calibri"][size="3"]13:22:28.921 Disk 0 scanning C:\WINDOWS\system32\drivers[/size][/font]

[font="Calibri"][size="3"]13:22:45.468 Service scanning[/size][/font]

[font="Calibri"][size="3"]13:23:24.140 Modules scanning[/size][/font]

[font="Calibri"][size="3"]13:23:54.187 Disk 0 trace - called modules:[/size][/font]

[font="Calibri"][size="3"]13:23:54.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS [/size][/font]

[font="Calibri"][size="3"]13:23:54.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89a6eab8][/size][/font]

[font="Calibri"][size="3"]13:23:54.218 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x89a80b00][/size][/font]

[font="Calibri"][size="3"]13:23:54.515 AVAST engine scan C:\[/size][/font]

[font="Calibri"][size="3"]15:42:50.046 Scan finished successfully[/size][/font]

[font="Calibri"][size="3"]17:36:56.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Leah1\My Documents\MBR.dat"[/size][/font]

[font="Calibri"][size="3"]17:36:56.234 The log file has been saved successfully to "C:\Documents and Settings\Leah1\My Documents\aswMBR.txt"[/size][/font]

[font="Calibri"][size="3"]17:37:35.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Leah1\Desktop\MBR.dat"[/size][/font]

[font="Calibri"][size="3"]17:37:35.750 The log file has been saved successfully to "C:\Documents and Settings\Leah1\Desktop\aswMBR.txt"[/size][/font]

[font="Calibri"][size="3"] [/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Calibri"][size="3"]Thanks again for your help![/size][/font]



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 AM

Posted 12 August 2012 - 09:19 PM

Looks good to me,you're welcome.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:

Edited by boopme, 12 August 2012 - 09:20 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 XML2005

XML2005
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 13 August 2012 - 02:07 PM

Thanks, boopme. I did all you recommended and all looks fine. Well, except that when I looked at my Programs list after rebooting, I found WinCap 4.1.1. I uninstalled immediately. Did that come from one of the anti-malware tools I downloaded, or is it an additional problem which needs to be addressed? Thanks again.

#6 XML2005

XML2005
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 13 August 2012 - 02:14 PM

I just ran rootkitbuster again and found several items marked "unable to fix". I don't know whether they are real issues or not.

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1061
| Computer Name: 6B4MT71
| OS version: 5.1-2600
| User Name: Leah1
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
MBR unsupported disk type
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwAlertResumeThread
Image Path :
OriginalHandler : 0x805cafa4
CurrentHandler : 0x891b7748
ServiceNumber : 0xc
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAlertThread
Image Path :
OriginalHandler : 0x805caf54
CurrentHandler : 0x891b7828
ServiceNumber : 0xd
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAllocateVirtualMemory
Image Path :
OriginalHandler : 0x8059ded4
CurrentHandler : 0x89174ee0
ServiceNumber : 0x11
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAssignProcessToJobObject
Image Path :
OriginalHandler : 0x805cca82
CurrentHandler : 0x89153f70
ServiceNumber : 0x13
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwConnectPort
Image Path :
OriginalHandler : 0x805999fe
CurrentHandler : 0x89231830
ServiceNumber : 0x1f
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateKey
Image Path : C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
OriginalHandler : 0x8061abe2
CurrentHandler : 0xa7fdad40
ServiceNumber : 0x29
ModuleName : SYMEVENT.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateMutant
Image Path :
OriginalHandler : 0x8060e110
CurrentHandler : 0x891cec08
ServiceNumber : 0x2b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSymbolicLinkObject
Image Path :
OriginalHandler : 0x805b96d2
CurrentHandler : 0x89153d90
ServiceNumber : 0x34
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThread
Image Path :
OriginalHandler : 0x805c735e
CurrentHandler : 0x891d01f0
ServiceNumber : 0x35
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDebugActiveProcess
Image Path :
OriginalHandler : 0x8063a65a
CurrentHandler : 0x891ce740
ServiceNumber : 0x39
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteKey
Image Path : C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
OriginalHandler : 0x8061b07e
CurrentHandler : 0xa7fdafc0
ServiceNumber : 0x3f
ModuleName : SYMEVENT.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteValueKey
Image Path : C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
OriginalHandler : 0x8061b24e
CurrentHandler : 0xa7fdb680
ServiceNumber : 0x41
ModuleName : SYMEVENT.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDuplicateObject
Image Path :
OriginalHandler : 0x805b398c
CurrentHandler : 0x89175760
ServiceNumber : 0x44
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwFreeVirtualMemory
Image Path :
OriginalHandler : 0x805a852e
CurrentHandler : 0x89191ed0
ServiceNumber : 0x53
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwImpersonateAnonymousToken
Image Path :
OriginalHandler : 0x805ef68c
CurrentHandler : 0x891cecf8
ServiceNumber : 0x59
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwImpersonateThread
Image Path :
OriginalHandler : 0x805cdc1a
CurrentHandler : 0x891cedd8
ServiceNumber : 0x5b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadDriver
Image Path :
OriginalHandler : 0x80579694
CurrentHandler : 0x892363c0
ServiceNumber : 0x61
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwMapViewOfSection
Image Path :
OriginalHandler : 0x805a75ae
CurrentHandler : 0x89191dd0
ServiceNumber : 0x6c
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenEvent
Image Path :
OriginalHandler : 0x80605b84
CurrentHandler : 0x891ceb28
ServiceNumber : 0x72
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcess
Image Path :
OriginalHandler : 0x805c13e2
CurrentHandler : 0x891772e0
ServiceNumber : 0x7a
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcessToken
Image Path :
OriginalHandler : 0x805e4332
CurrentHandler : 0x89174fd0
ServiceNumber : 0x7b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSection
Image Path :
OriginalHandler : 0x8059f836
CurrentHandler : 0x891ce968
ServiceNumber : 0x7d
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenThread
Image Path :
OriginalHandler : 0x805c166e
CurrentHandler : 0x89177210
ServiceNumber : 0x80
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwProtectVirtualMemory
Image Path :
OriginalHandler : 0x805adb46
CurrentHandler : 0x89153e80
ServiceNumber : 0x89
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwResumeThread
Image Path :
OriginalHandler : 0x805cade0
CurrentHandler : 0x891b7908
ServiceNumber : 0xce
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetContextThread
Image Path :
OriginalHandler : 0x805c8fb6
CurrentHandler : 0x891b7ba8
ServiceNumber : 0xd5
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetInformationProcess
Image Path :
OriginalHandler : 0x805c3ea0
CurrentHandler : 0x891b7c68
ServiceNumber : 0xe4
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSystemInformation
Image Path :
OriginalHandler : 0x806067d6
CurrentHandler : 0x891ce820
ServiceNumber : 0xf0
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetValueKey
Image Path : C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
OriginalHandler : 0x80619154
CurrentHandler : 0xa7fdb910
ServiceNumber : 0xf7
ModuleName : SYMEVENT.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendProcess
Image Path :
OriginalHandler : 0x805caea8
CurrentHandler : 0x891cea48
ServiceNumber : 0xfd
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSuspendThread
Image Path :
OriginalHandler : 0x805cad1a
CurrentHandler : 0x891b79e8
ServiceNumber : 0xfe
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateProcess
Image Path : C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
OriginalHandler : 0x805c866a
CurrentHandler : 0xa7e62640
ServiceNumber : 0x101
ModuleName : SASKUTIL.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateThread
Image Path :
OriginalHandler : 0x805c8864
CurrentHandler : 0x891b7ac8
ServiceNumber : 0x102
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwUnmapViewOfSection
Image Path :
OriginalHandler : 0x805a83c4
CurrentHandler : 0x89191cf0
ServiceNumber : 0x10b
ModuleName :
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwWriteVirtualMemory
Image Path :
OriginalHandler : 0x805a994e
CurrentHandler : 0x89191fc0
ServiceNumber : 0x115
ModuleName :
SDTType : 0x0
No hidden operating system service hooks found.

--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
No kernel code patching detected.

--== Dump Hidden Services ==--
No hidden services found.



#7 XML2005

XML2005
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 13 August 2012 - 03:08 PM

I seem to have other problems, too. I now reran TDSSKiller.exe from Kaspersky and found, besides having had WinPcap 4.1.1, I also have cercsr6, NetSvc and rmdnhfjovqbv. The other things which TDSSKiller found all look okay (I know what they are.) The very long report follows:[size="1"]

[size="3"][size="1"]15:53:32.0625 1804 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

15:53:33.0703 1804 ============================================================

15:53:33.0703 1804 Current date / time: 2012/08/13 15:53:33.0703

15:53:33.0703 1804 SystemInfo:

15:53:33.0703 1804

15:53:33.0703 1804 OS Version: 5.1.2600 ServicePack: 3.0

15:53:33.0703 1804 Product type: Workstation

15:53:33.0703 1804 ComputerName: 6B4MT71

15:53:33.0703 1804 UserName: Leah1

15:53:33.0703 1804 Windows directory: C:\WINDOWS

15:53:33.0703 1804 System windows directory: C:\WINDOWS

15:53:33.0703 1804 Processor architecture: Intel x86

15:53:33.0703 1804 Number of processors: 1

15:53:33.0703 1804 Page size: 0x1000

15:53:33.0703 1804 Boot type: Normal boot

15:53:33.0703 1804 ============================================================

15:53:36.0187 1804 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:53:36.0187 1804 ============================================================

15:53:36.0187 1804 \Device\Harddisk0\DR0:

15:53:36.0187 1804 MBR partitions:

15:53:36.0187 1804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F

15:53:36.0187 1804 ============================================================

15:53:36.0218 1804 C: <-> \Device\Harddisk0\DR0\Partition0

15:53:36.0218 1804 ============================================================

15:53:36.0218 1804 Initialize success

15:53:36.0218 1804 ============================================================

15:53:50.0375 3720 ============================================================

15:53:50.0375 3720 Scan started

15:53:50.0375 3720 Mode: Manual;

15:53:50.0375 3720 ============================================================

15:53:50.0734 3720 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

15:53:50.0734 3720 !SASCORE - ok

15:53:50.0890 3720 Abiosdsk - ok

15:53:50.0906 3720 abp480n5 - ok

15:53:50.0968 3720 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:53:50.0984 3720 ACPI - ok

15:53:51.0015 3720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:53:51.0031 3720 ACPIEC - ok

15:53:51.0031 3720 adpu160m - ok

15:53:51.0203 3720 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

15:53:51.0250 3720 AdvancedSystemCareService5 - ok

15:53:51.0265 3720 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:53:51.0281 3720 aec - ok

15:53:51.0343 3720 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:53:51.0359 3720 AFD - ok

15:53:51.0359 3720 Aha154x - ok

15:53:51.0375 3720 aic78u2 - ok

15:53:51.0390 3720 aic78xx - ok

15:53:51.0421 3720 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

15:53:51.0437 3720 Alerter - ok

15:53:51.0468 3720 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

15:53:51.0468 3720 ALG - ok

15:53:51.0468 3720 AliIde - ok

15:53:51.0484 3720 amsint - ok

15:53:51.0546 3720 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

15:53:51.0546 3720 AppMgmt - ok

15:53:51.0546 3720 asc - ok

15:53:51.0562 3720 asc3350p - ok

15:53:51.0578 3720 asc3550 - ok

15:53:51.0750 3720 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

15:53:51.0750 3720 aspnet_state - ok

15:53:51.0781 3720 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:53:51.0796 3720 AsyncMac - ok

15:53:51.0843 3720 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:53:51.0843 3720 atapi - ok

15:53:51.0859 3720 Atdisk - ok

15:53:51.0937 3720 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:53:51.0937 3720 Atmarpc - ok

15:53:51.0984 3720 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

15:53:51.0984 3720 AudioSrv - ok

15:53:52.0015 3720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:53:52.0015 3720 audstub - ok

15:53:52.0062 3720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:53:52.0062 3720 Beep - ok

15:53:52.0359 3720 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120804.001\BHDrvx86.sys

15:53:52.0390 3720 BHDrvx86 - ok

15:53:52.0453 3720 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

15:53:52.0500 3720 BITS - ok

15:53:52.0546 3720 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

15:53:52.0546 3720 Browser - ok

15:53:52.0656 3720 CarboniteService - ok

15:53:52.0687 3720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:53:52.0687 3720 cbidf2k - ok

15:53:52.0781 3720 cbVSCService11 (58bf7714a312698108a96d0de2bb6825) C:\Program Files\Cobian Backup 11\cbVSCService11.exe

15:53:52.0796 3720 cbVSCService11 - ok

15:53:52.0906 3720 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys

15:53:52.0921 3720 ccSet_N360 - ok

15:53:52.0937 3720 cd20xrnt - ok

15:53:53.0000 3720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:53:53.0000 3720 Cdaudio - ok

15:53:53.0062 3720 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:53:53.0062 3720 Cdfs - ok

15:53:53.0093 3720 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:53:53.0093 3720 Cdrom - ok

15:53:53.0125 3720 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

15:53:53.0125 3720 cercsr6 - ok

15:53:53.0140 3720 Changer - ok

15:53:53.0171 3720 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

15:53:53.0171 3720 CiSvc - ok

15:53:53.0187 3720 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

15:53:53.0187 3720 ClipSrv - ok

15:53:53.0343 3720 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:53:53.0343 3720 clr_optimization_v2.0.50727_32 - ok

15:53:53.0500 3720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:53:53.0515 3720 clr_optimization_v4.0.30319_32 - ok

15:53:53.0515 3720 CmdIde - ok

15:53:53.0625 3720 CobianBackup11 (a72f4df087e9a3edfe8cd0debbc059da) C:\Program Files\Cobian Backup 11\cbService.exe

15:53:53.0703 3720 CobianBackup11 - ok

15:53:53.0703 3720 COMSysApp - ok

15:53:53.0718 3720 Cpqarray - ok

15:53:53.0781 3720 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

15:53:53.0781 3720 CryptSvc - ok

15:53:53.0781 3720 dac2w2k - ok

15:53:53.0796 3720 dac960nt - ok

15:53:53.0859 3720 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

15:53:53.0890 3720 DcomLaunch - ok

15:53:53.0953 3720 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

15:53:53.0953 3720 Dhcp - ok

15:53:54.0015 3720 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:53:54.0015 3720 Disk - ok

15:53:54.0031 3720 dmadmin - ok

15:53:54.0093 3720 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:53:54.0109 3720 dmboot - ok

15:53:54.0156 3720 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:53:54.0187 3720 dmio - ok

15:53:54.0218 3720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:53:54.0218 3720 dmload - ok

15:53:54.0250 3720 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

15:53:54.0250 3720 dmserver - ok

15:53:54.0296 3720 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:53:54.0296 3720 DMusic - ok

15:53:54.0343 3720 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

15:53:54.0343 3720 Dnscache - ok

15:53:54.0390 3720 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

15:53:54.0390 3720 Dot3svc - ok

15:53:54.0406 3720 dpti2o - ok

15:53:54.0468 3720 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:53:54.0468 3720 drmkaud - ok

15:53:54.0531 3720 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

15:53:54.0531 3720 E100B - ok

15:53:54.0578 3720 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

15:53:54.0578 3720 EapHost - ok

15:53:54.0734 3720 eeCtrl (85b8b4032a895a746d46a288a9b30ded) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

15:53:54.0750 3720 eeCtrl - ok

15:53:54.0859 3720 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

15:53:54.0859 3720 EpsonBidirectionalService - ok

15:53:54.0921 3720 EraserUtilRebootDrv (b5a8a04a6e5b4e86b95b1553aa918f5f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

15:53:54.0937 3720 EraserUtilRebootDrv - ok

15:53:54.0984 3720 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

15:53:54.0984 3720 ERSvc - ok

15:53:55.0031 3720 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:53:55.0031 3720 Eventlog - ok

15:53:55.0093 3720 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

15:53:55.0109 3720 EventSystem - ok

15:53:55.0375 3720 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:53:55.0390 3720 Fastfat - ok

15:53:55.0437 3720 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:53:55.0515 3720 FastUserSwitchingCompatibility - ok

15:53:55.0578 3720 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

15:53:55.0593 3720 Fax - ok

15:53:55.0625 3720 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:53:55.0625 3720 Fdc - ok

15:53:55.0796 3720 FileMonitor (c21fc36d3cd28c2726fee10d397216c7) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys

15:53:55.0812 3720 FileMonitor - ok

15:53:55.0859 3720 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:53:55.0859 3720 Fips - ok

15:53:55.0875 3720 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:53:55.0875 3720 Flpydisk - ok

15:53:55.0906 3720 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:53:55.0906 3720 FltMgr - ok

15:53:56.0031 3720 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:53:56.0031 3720 FontCache3.0.0.0 - ok

15:53:56.0078 3720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:53:56.0078 3720 Fs_Rec - ok

15:53:56.0109 3720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:53:56.0109 3720 Ftdisk - ok

15:53:56.0171 3720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:53:56.0171 3720 GEARAspiWDM - ok

15:53:56.0265 3720 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

15:53:56.0265 3720 GoToAssist - ok

15:53:56.0328 3720 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:53:56.0328 3720 Gpc - ok

15:53:56.0453 3720 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe

15:53:56.0453 3720 gupdate - ok

15:53:56.0468 3720 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe

15:53:56.0468 3720 gupdatem - ok

15:53:56.0546 3720 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:53:56.0546 3720 helpsvc - ok

15:53:56.0593 3720 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

15:53:56.0593 3720 HidServ - ok

15:53:56.0640 3720 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:53:56.0640 3720 hidusb - ok

15:53:56.0671 3720 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

15:53:56.0671 3720 hkmsvc - ok

15:53:56.0687 3720 hpn - ok

15:53:56.0750 3720 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:53:56.0750 3720 HTTP - ok

15:53:56.0781 3720 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

15:53:56.0781 3720 HTTPFilter - ok

15:53:56.0796 3720 i2omgmt - ok

15:53:56.0812 3720 i2omp - ok

15:53:56.0843 3720 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:53:56.0843 3720 i8042prt - ok

15:53:56.0984 3720 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

15:53:57.0015 3720 ialm - ok

15:53:57.0171 3720 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:53:57.0203 3720 idsvc - ok

15:53:57.0531 3720 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120810.001\IDSxpx86.sys

15:53:57.0531 3720 IDSxpx86 - ok

15:53:57.0718 3720 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe

15:53:57.0718 3720 IISADMIN - ok

15:53:57.0781 3720 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:53:57.0796 3720 Imapi - ok

15:53:57.0859 3720 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

15:53:57.0906 3720 ImapiService - ok

15:53:58.0187 3720 IMFservice (1f0aedcbd294a0a3b479896b278ad343) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

15:53:58.0218 3720 IMFservice - ok

15:53:58.0234 3720 ini910u - ok

15:53:58.0359 3720 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys

15:53:58.0390 3720 IntelC51 - ok

15:53:58.0468 3720 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys

15:53:58.0500 3720 IntelC52 - ok

15:53:58.0515 3720 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys

15:53:58.0515 3720 IntelC53 - ok

15:53:58.0578 3720 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

15:53:58.0578 3720 IntelIde - ok

15:53:58.0593 3720 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:53:58.0593 3720 intelppm - ok

15:53:58.0625 3720 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:53:58.0640 3720 Ip6Fw - ok

15:53:58.0656 3720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:53:58.0656 3720 IpFilterDriver - ok

15:53:58.0687 3720 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:53:58.0687 3720 IpInIp - ok

15:53:58.0718 3720 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:53:58.0734 3720 IpNat - ok

15:53:58.0750 3720 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:53:58.0750 3720 IPSec - ok

15:53:58.0796 3720 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:53:58.0796 3720 IRENUM - ok

15:53:58.0828 3720 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:53:58.0843 3720 isapnp - ok

15:53:59.0046 3720 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

15:53:59.0093 3720 JavaQuickStarterService - ok

15:53:59.0156 3720 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:53:59.0156 3720 Kbdclass - ok

15:53:59.0171 3720 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:53:59.0171 3720 kmixer - ok

15:53:59.0250 3720 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:53:59.0265 3720 KSecDD - ok

15:53:59.0312 3720 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

15:53:59.0328 3720 lanmanserver - ok

15:53:59.0390 3720 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

15:53:59.0437 3720 lanmanworkstation - ok

15:53:59.0453 3720 lbrtfdc - ok

15:53:59.0484 3720 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

15:53:59.0500 3720 LmHosts - ok

15:53:59.0531 3720 LMIGuardianSvc - ok

15:53:59.0531 3720 LMIInfo - ok

15:53:59.0562 3720 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

15:53:59.0562 3720 lmimirr - ok

15:53:59.0578 3720 LMIRfsClientNP - ok

15:53:59.0609 3720 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

15:53:59.0609 3720 LMIRfsDriver - ok

15:53:59.0687 3720 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe

15:53:59.0703 3720 MatSvc - ok

15:53:59.0765 3720 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys

15:53:59.0765 3720 MBAMProtector - ok

15:53:59.0937 3720 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

15:53:59.0968 3720 MBAMService - ok

15:54:00.0078 3720 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

15:54:00.0093 3720 MDM - ok

15:54:00.0140 3720 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

15:54:00.0140 3720 Messenger - ok

15:54:00.0187 3720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:54:00.0187 3720 mnmdd - ok

15:54:00.0218 3720 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

15:54:00.0218 3720 mnmsrvc - ok

15:54:00.0281 3720 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:54:00.0281 3720 Modem - ok

15:54:00.0343 3720 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

15:54:00.0343 3720 MODEMCSA - ok

15:54:00.0406 3720 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys

15:54:00.0406 3720 mohfilt - ok

15:54:00.0421 3720 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:54:00.0421 3720 Mouclass - ok

15:54:00.0468 3720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:54:00.0468 3720 mouhid - ok

15:54:00.0515 3720 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:54:00.0531 3720 MountMgr - ok

15:54:00.0593 3720 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

15:54:00.0593 3720 MozillaMaintenance - ok

15:54:00.0609 3720 mraid35x - ok

15:54:00.0640 3720 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:54:00.0656 3720 MRxDAV - ok

15:54:00.0718 3720 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:54:00.0734 3720 MRxSmb - ok

15:54:00.0796 3720 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

15:54:00.0796 3720 MSDTC - ok

15:54:00.0812 3720 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:54:00.0812 3720 Msfs - ok

15:54:00.0828 3720 MSIServer - ok

15:54:00.0875 3720 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:54:00.0875 3720 MSKSSRV - ok

15:54:00.0890 3720 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:54:00.0890 3720 MSPCLOCK - ok

15:54:00.0921 3720 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:54:00.0921 3720 MSPQM - ok

15:54:00.0953 3720 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:54:00.0953 3720 mssmbios - ok

15:54:01.0015 3720 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:54:01.0015 3720 Mup - ok

15:54:01.0140 3720 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

15:54:01.0140 3720 N360 - ok

15:54:01.0187 3720 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

15:54:01.0203 3720 napagent - ok

15:54:01.0484 3720 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120813.003\NAVENG.SYS

15:54:01.0484 3720 NAVENG - ok

15:54:01.0578 3720 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120813.003\NAVEX15.SYS

15:54:01.0609 3720 NAVEX15 - ok

15:54:01.0781 3720 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:54:01.0796 3720 NDIS - ok

15:54:01.0859 3720 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:54:01.0859 3720 NdisTapi - ok

15:54:01.0921 3720 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:54:01.0937 3720 Ndisuio - ok

15:54:01.0937 3720 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:54:01.0953 3720 NdisWan - ok

15:54:02.0000 3720 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:54:02.0000 3720 NDProxy - ok

15:54:02.0015 3720 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:54:02.0015 3720 NetBIOS - ok

15:54:02.0078 3720 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:54:02.0093 3720 NetBT - ok

15:54:02.0140 3720 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:54:02.0140 3720 NetDDE - ok

15:54:02.0156 3720 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:54:02.0156 3720 NetDDEdsdm - ok

15:54:02.0203 3720 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:54:02.0203 3720 Netlogon - ok

15:54:02.0265 3720 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

15:54:02.0296 3720 Netman - ok

15:54:02.0500 3720 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

15:54:02.0515 3720 NetSvc - ok

15:54:02.0656 3720 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:54:02.0671 3720 NetTcpPortSharing - ok

15:54:02.0718 3720 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

15:54:02.0765 3720 Nla - ok

15:54:02.0781 3720 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:54:02.0781 3720 Npfs - ok

15:54:02.0890 3720 NSL (436e7b2e6f42c2717c1d670220d03336) C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe

15:54:02.0890 3720 NSL - ok

15:54:02.0984 3720 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:54:03.0000 3720 Ntfs - ok

15:54:03.0093 3720 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:54:03.0093 3720 NtLmSsp - ok

15:54:03.0156 3720 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

15:54:03.0171 3720 NtmsSvc - ok

15:54:03.0218 3720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:54:03.0218 3720 Null - ok

15:54:03.0250 3720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:54:03.0265 3720 NwlnkFlt - ok

15:54:03.0265 3720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:54:03.0265 3720 NwlnkFwd - ok

15:54:03.0359 3720 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:54:03.0359 3720 ose - ok

15:54:03.0406 3720 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

15:54:03.0421 3720 Parport - ok

15:54:03.0468 3720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:54:03.0468 3720 PartMgr - ok

15:54:03.0531 3720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:54:03.0531 3720 ParVdm - ok

15:54:03.0625 3720 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:54:03.0625 3720 PCI - ok

15:54:03.0640 3720 PCIDump - ok

15:54:03.0671 3720 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:54:03.0671 3720 PCIIde - ok

15:54:03.0703 3720 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:54:03.0703 3720 Pcmcia - ok

15:54:03.0703 3720 PDCOMP - ok

15:54:03.0718 3720 PDFRAME - ok

15:54:03.0718 3720 PDRELI - ok

15:54:03.0734 3720 PDRFRAME - ok

15:54:03.0734 3720 perc2 - ok

15:54:03.0750 3720 perc2hib - ok

15:54:03.0812 3720 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:54:03.0828 3720 PlugPlay - ok

15:54:03.0828 3720 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:54:03.0828 3720 PolicyAgent - ok

15:54:03.0890 3720 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:54:03.0906 3720 PptpMiniport - ok

15:54:03.0906 3720 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:54:03.0906 3720 ProtectedStorage - ok

15:54:03.0921 3720 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:54:03.0921 3720 PSched - ok

15:54:03.0968 3720 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

15:54:03.0968 3720 PSI - ok

15:54:04.0015 3720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:54:04.0015 3720 Ptilink - ok

15:54:04.0015 3720 ql1080 - ok

15:54:04.0031 3720 Ql10wnt - ok

15:54:04.0046 3720 ql12160 - ok

15:54:04.0046 3720 ql1240 - ok

15:54:04.0062 3720 ql1280 - ok

15:54:04.0093 3720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:54:04.0093 3720 RasAcd - ok

15:54:04.0156 3720 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

15:54:04.0156 3720 RasAuto - ok

15:54:04.0187 3720 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:54:04.0203 3720 Rasl2tp - ok

15:54:04.0265 3720 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

15:54:04.0375 3720 RasMan - ok

15:54:04.0406 3720 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:54:04.0406 3720 RasPppoe - ok

15:54:04.0468 3720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:54:04.0468 3720 Raspti - ok

15:54:04.0484 3720 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:54:04.0500 3720 Rdbss - ok

15:54:04.0515 3720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:54:04.0515 3720 RDPCDD - ok

15:54:04.0546 3720 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:54:04.0546 3720 rdpdr - ok

15:54:04.0625 3720 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

15:54:04.0640 3720 RDPWD - ok

15:54:04.0703 3720 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

15:54:04.0718 3720 RDSessMgr - ok

15:54:04.0765 3720 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:54:04.0765 3720 redbook - ok

15:54:05.0234 3720 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys

15:54:05.0234 3720 RegFilter - ok

15:54:05.0265 3720 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

15:54:05.0281 3720 RemoteAccess - ok

15:54:05.0296 3720 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

15:54:05.0296 3720 RemoteRegistry - ok

15:54:05.0406 3720 RHDISK (3c57aea854eb5b33c664a377ace37449) C:\Program Files\Rohos\RHDISK.SYS

15:54:05.0406 3720 RHDISK - ok

15:54:05.0453 3720 rmdnhfjovqbv (d7dbfbc453b645111e6d21142305e80b) C:\WINDOWS\system32\drivers\rmdnhfjovqbv.sys

15:54:05.0453 3720 rmdnhfjovqbv - ok

15:54:05.0515 3720 Rohos Disk (c1610aa62304e95bcb20c3f6114e75aa) C:\Program Files\Rohos\agent.exe

15:54:05.0531 3720 Rohos Disk - ok

15:54:05.0578 3720 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

15:54:05.0593 3720 RpcLocator - ok

15:54:05.0671 3720 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

15:54:05.0671 3720 RpcSs - ok

15:54:05.0718 3720 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

15:54:05.0718 3720 RSVP - ok

15:54:05.0781 3720 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:54:05.0781 3720 SamSs - ok

15:54:06.0000 3720 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

15:54:06.0000 3720 SASDIFSV - ok

15:54:06.0062 3720 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

15:54:06.0078 3720 SASKUTIL - ok

15:54:06.0125 3720 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

15:54:06.0125 3720 SCardSvr - ok

15:54:06.0187 3720 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

15:54:06.0203 3720 Schedule - ok

15:54:06.0296 3720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:54:06.0312 3720 Secdrv - ok

15:54:06.0343 3720 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

15:54:06.0343 3720 seclogon - ok

15:54:06.0421 3720 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

15:54:06.0453 3720 senfilt - ok

15:54:06.0500 3720 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

15:54:06.0515 3720 SENS - ok

15:54:06.0578 3720 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:54:06.0578 3720 serenum - ok

15:54:06.0593 3720 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:54:06.0593 3720 Serial - ok

15:54:06.0656 3720 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:54:06.0656 3720 Sfloppy - ok

15:54:06.0718 3720 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

15:54:06.0734 3720 SharedAccess - ok

15:54:06.0796 3720 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:54:06.0796 3720 ShellHWDetection - ok

15:54:06.0812 3720 Simbad - ok

15:54:06.0875 3720 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

15:54:06.0875 3720 SmartDefragDriver - ok

15:54:06.0984 3720 SMTPSVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe

15:54:06.0984 3720 SMTPSVC - ok

15:54:07.0046 3720 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

15:54:07.0078 3720 smwdm - ok

15:54:07.0093 3720 Sparrow - ok

15:54:07.0250 3720 SPDFCreatorReadSpool (c2708eab99b2ec0ecead5686e082fcc7) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe

15:54:07.0250 3720 SPDFCreatorReadSpool - ok

15:54:07.0296 3720 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:54:07.0312 3720 splitter - ok

15:54:07.0359 3720 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

15:54:07.0359 3720 Spooler - ok

15:54:07.0390 3720 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:54:07.0390 3720 sr - ok

15:54:07.0453 3720 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

15:54:07.0468 3720 srservice - ok

15:54:07.0625 3720 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\N360\0602010.005\SRTSP.SYS

15:54:07.0656 3720 SRTSP - ok

15:54:07.0687 3720 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\N360\0602010.005\SRTSPX.SYS

15:54:07.0687 3720 SRTSPX - ok

15:54:07.0750 3720 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:54:07.0765 3720 Srv - ok

15:54:07.0796 3720 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

15:54:07.0812 3720 SSDPSRV - ok

15:54:07.0859 3720 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

15:54:07.0890 3720 stisvc - ok

15:54:07.0937 3720 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:54:07.0937 3720 swenum - ok

15:54:07.0953 3720 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:54:07.0953 3720 swmidi - ok

15:54:07.0968 3720 SwPrv - ok

15:54:08.0171 3720 Symantec RemoteAssist (267c914667c94e5f47d342311c1c577f) C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

15:54:08.0187 3720 Symantec RemoteAssist - ok

15:54:08.0187 3720 symc810 - ok

15:54:08.0203 3720 symc8xx - ok

15:54:08.0250 3720 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMDS.SYS

15:54:08.0265 3720 SymDS - ok

15:54:08.0328 3720 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\N360\0602010.005\SYMEFA.SYS

15:54:08.0343 3720 SymEFA - ok

15:54:08.0390 3720 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

15:54:08.0406 3720 SymEvent - ok

15:54:08.0468 3720 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\N360\0602010.005\Ironx86.SYS

15:54:08.0515 3720 SymIRON - ok

15:54:08.0546 3720 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\N360\0602010.005\SYMTDI.SYS

15:54:08.0562 3720 SYMTDI - ok

15:54:08.0562 3720 sym_hi - ok

15:54:08.0578 3720 sym_u3 - ok

15:54:08.0640 3720 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:54:08.0640 3720 sysaudio - ok

15:54:08.0687 3720 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

15:54:08.0703 3720 SysmonLog - ok

15:54:08.0750 3720 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

15:54:08.0781 3720 TapiSrv - ok

15:54:08.0859 3720 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:54:08.0890 3720 Tcpip - ok

15:54:08.0921 3720 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:54:08.0921 3720 TDPIPE - ok

15:54:08.0968 3720 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:54:08.0968 3720 TDTCP - ok

15:54:09.0015 3720 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys

15:54:09.0015 3720 teamviewervpn - ok

15:54:09.0046 3720 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:54:09.0046 3720 TermDD - ok

15:54:09.0109 3720 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

15:54:09.0109 3720 TermService - ok

15:54:09.0171 3720 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:54:09.0171 3720 Themes - ok

15:54:09.0218 3720 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

15:54:09.0218 3720 TlntSvr - ok

15:54:09.0234 3720 TosIde - ok

15:54:09.0265 3720 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

15:54:09.0265 3720 TrkWks - ok

15:54:09.0312 3720 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:54:09.0312 3720 Udfs - ok

15:54:09.0328 3720 ultra - ok

15:54:09.0390 3720 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:54:09.0406 3720 Update - ok

15:54:09.0453 3720 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

15:54:09.0468 3720 upnphost - ok

15:54:09.0500 3720 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

15:54:09.0500 3720 UPS - ok

15:54:09.0718 3720 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys

15:54:09.0718 3720 UrlFilter - ok

15:54:09.0750 3720 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:54:09.0750 3720 usbccgp - ok

15:54:09.0796 3720 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:54:09.0796 3720 usbehci - ok

15:54:09.0859 3720 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:54:09.0859 3720 usbhub - ok

15:54:09.0906 3720 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

15:54:09.0906 3720 usbprint - ok

15:54:09.0921 3720 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:54:09.0937 3720 usbscan - ok

15:54:09.0953 3720 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:54:09.0953 3720 USBSTOR - ok

15:54:10.0000 3720 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:54:10.0015 3720 usbuhci - ok

15:54:10.0062 3720 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:54:10.0062 3720 VgaSave - ok

15:54:10.0078 3720 ViaIde - ok

15:54:10.0093 3720 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:54:10.0093 3720 VolSnap - ok

15:54:10.0171 3720 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

15:54:10.0171 3720 VSS - ok

15:54:10.0203 3720 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

15:54:10.0218 3720 W32Time - ok

15:54:10.0312 3720 W3SVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe

15:54:10.0328 3720 W3SVC - ok

15:54:10.0328 3720 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:54:10.0328 3720 Wanarp - ok

15:54:10.0343 3720 WDICA - ok

15:54:10.0390 3720 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:54:10.0406 3720 wdmaud - ok

15:54:10.0453 3720 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

15:54:10.0453 3720 WebClient - ok

15:54:10.0562 3720 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

15:54:10.0578 3720 winmgmt - ok

15:54:10.0671 3720 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll

15:54:10.0734 3720 WinRM - ok

15:54:10.0796 3720 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll

15:54:10.0796 3720 WmdmPmSN - ok

15:54:10.0859 3720 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

15:54:10.0875 3720 Wmi - ok

15:54:11.0000 3720 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

15:54:11.0000 3720 WmiApSrv - ok

15:54:11.0359 3720 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe

15:54:11.0390 3720 WMPNetworkSvc - ok

15:54:11.0609 3720 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

15:54:11.0640 3720 WPFFontCache_v0400 - ok

15:54:11.0734 3720 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:54:11.0734 3720 WS2IFSL - ok

15:54:11.0781 3720 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

15:54:11.0781 3720 wscsvc - ok

15:54:11.0781 3720 WSearch - ok

15:54:11.0843 3720 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

15:54:11.0843 3720 wuauserv - ok

15:54:11.0890 3720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:54:11.0906 3720 WudfPf - ok

15:54:11.0921 3720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:54:11.0921 3720 WudfRd - ok

15:54:11.0953 3720 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

15:54:11.0953 3720 WudfSvc - ok

15:54:12.0015 3720 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

15:54:12.0031 3720 WZCSVC - ok

15:54:12.0078 3720 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

15:54:12.0078 3720 xmlprov - ok

15:54:12.0093 3720 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:54:12.0593 3720 \Device\Harddisk0\DR0 - ok

15:54:12.0609 3720 Boot (0x1200) (5ee36647a7143aba2c3225e8b8509562) \Device\Harddisk0\DR0\Partition0

15:54:12.0609 3720 \Device\Harddisk0\DR0\Partition0 - ok

15:54:12.0609 3720 ============================================================

15:54:12.0609 3720 Scan finished

15:54:12.0609 3720 ============================================================

15:54:12.0625 2568 Detected object count: 0

15:54:12.0625 2568 Actual detected object count: 0

15:54:42.0687 1180 ============================================================

15:54:42.0687 1180 Scan started

15:54:42.0687 1180 Mode: Manual; SigCheck; TDLFS;

15:54:42.0687 1180 ============================================================

15:54:43.0281 1180 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

15:54:43.0375 1180 !SASCORE - ok

15:54:43.0406 1180 Abiosdsk - ok

15:54:43.0421 1180 abp480n5 - ok

15:54:43.0484 1180 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:54:44.0250 1180 ACPI - ok

15:54:44.0296 1180 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:54:44.0484 1180 ACPIEC - ok

15:54:44.0500 1180 adpu160m - ok

15:54:44.0687 1180 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

15:54:44.0765 1180 AdvancedSystemCareService5 - ok

15:54:44.0812 1180 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:54:44.0984 1180 aec - ok

15:54:45.0046 1180 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:54:45.0109 1180 AFD - ok

15:54:45.0109 1180 Aha154x - ok

15:54:45.0125 1180 aic78u2 - ok

15:54:45.0140 1180 aic78xx - ok

15:54:45.0171 1180 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

15:54:45.0328 1180 Alerter - ok

15:54:45.0375 1180 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

15:54:45.0468 1180 ALG - ok

15:54:45.0484 1180 AliIde - ok

15:54:45.0500 1180 amsint - ok

15:54:45.0531 1180 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

15:54:45.0609 1180 AppMgmt - ok

15:54:45.0609 1180 asc - ok

15:54:45.0625 1180 asc3350p - ok

15:54:45.0640 1180 asc3550 - ok

15:54:45.0796 1180 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

15:54:45.0828 1180 aspnet_state - ok

15:54:45.0859 1180 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:54:46.0031 1180 AsyncMac - ok

15:54:46.0093 1180 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:54:46.0265 1180 atapi - ok

15:54:46.0265 1180 Atdisk - ok

15:54:46.0296 1180 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:54:46.0453 1180 Atmarpc - ok

15:54:46.0500 1180 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

15:54:46.0687 1180 AudioSrv - ok

15:54:46.0703 1180 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:54:46.0875 1180 audstub - ok

15:54:46.0937 1180 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:54:47.0125 1180 Beep - ok

15:54:47.0562 1180 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120804.001\BHDrvx86.sys

15:54:47.0828 1180 BHDrvx86 - ok

15:54:47.0875 1180 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

15:54:48.0406 1180 BITS - ok

15:54:48.0468 1180 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

15:54:48.0656 1180 Browser - ok

15:54:48.0750 1180 CarboniteService - ok

15:54:48.0781 1180 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:54:48.0937 1180 cbidf2k - ok

15:54:49.0046 1180 cbVSCService11 (58bf7714a312698108a96d0de2bb6825) C:\Program Files\Cobian Backup 11\cbVSCService11.exe

15:54:49.0078 1180 cbVSCService11 ( UnsignedFile.Multi.Generic ) - warning

15:54:49.0078 1180 cbVSCService11 - detected UnsignedFile.Multi.Generic (1)

15:54:49.0171 1180 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\N360\0602010.005\ccSetx86.sys

15:54:49.0203 1180 ccSet_N360 - ok

15:54:49.0203 1180 cd20xrnt - ok

15:54:49.0250 1180 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:54:49.0421 1180 Cdaudio - ok

15:54:49.0468 1180 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:54:49.0640 1180 Cdfs - ok

15:54:49.0671 1180 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:54:49.0828 1180 Cdrom - ok

15:54:49.0875 1180 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

15:54:49.0890 1180 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

15:54:49.0890 1180 cercsr6 - detected UnsignedFile.Multi.Generic (1)

15:54:49.0906 1180 Changer - ok

15:54:49.0937 1180 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

15:54:50.0109 1180 CiSvc - ok

15:54:50.0125 1180 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

15:54:50.0406 1180 ClipSrv - ok

15:54:50.0593 1180 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:54:50.0609 1180 clr_optimization_v2.0.50727_32 - ok

15:54:50.0875 1180 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:54:50.0890 1180 clr_optimization_v4.0.30319_32 - ok

15:54:50.0890 1180 CmdIde - ok

15:54:51.0000 1180 CobianBackup11 (a72f4df087e9a3edfe8cd0debbc059da) C:\Program Files\Cobian Backup 11\cbService.exe

15:54:51.0093 1180 CobianBackup11 ( UnsignedFile.Multi.Generic ) - warning

15:54:51.0093 1180 CobianBackup11 - detected UnsignedFile.Multi.Generic (1)

15:54:51.0109 1180 COMSysApp - ok

15:54:51.0125 1180 Cpqarray - ok

15:54:51.0156 1180 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

15:54:51.0328 1180 CryptSvc - ok

15:54:51.0328 1180 dac2w2k - ok

15:54:51.0343 1180 dac960nt - ok

15:54:51.0406 1180 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

15:54:51.0484 1180 DcomLaunch - ok

15:54:51.0546 1180 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

15:54:51.0734 1180 Dhcp - ok

15:54:51.0781 1180 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:54:52.0140 1180 Disk - ok

15:54:52.0140 1180 dmadmin - ok

15:54:52.0187 1180 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:54:52.0375 1180 dmboot - ok

15:54:52.0421 1180 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:54:52.0609 1180 dmio - ok

15:54:52.0640 1180 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:54:52.0812 1180 dmload - ok

15:54:52.0843 1180 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

15:54:53.0000 1180 dmserver - ok

15:54:53.0031 1180 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:54:53.0218 1180 DMusic - ok

15:54:53.0390 1180 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

15:54:53.0500 1180 Dnscache - ok

15:54:53.0531 1180 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

15:54:53.0687 1180 Dot3svc - ok

15:54:53.0703 1180 dpti2o - ok

15:54:53.0750 1180 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:54:53.0906 1180 drmkaud - ok

15:54:53.0968 1180 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

15:54:54.0078 1180 E100B - ok

15:54:54.0093 1180 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

15:54:54.0265 1180 EapHost - ok

15:54:54.0828 1180 eeCtrl (85b8b4032a895a746d46a288a9b30ded) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

15:54:54.0843 1180 eeCtrl - ok

15:54:54.0984 1180 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

15:54:55.0015 1180 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning

15:54:55.0015 1180 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)

15:54:55.0062 1180 EraserUtilRebootDrv (b5a8a04a6e5b4e86b95b1553aa918f5f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

15:54:55.0078 1180 EraserUtilRebootDrv - ok

15:54:55.0125 1180 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

15:54:55.0296 1180 ERSvc - ok

15:54:55.0359 1180 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:54:55.0406 1180 Eventlog - ok

15:54:55.0453 1180 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

15:54:55.0515 1180 EventSystem - ok

15:54:55.0546 1180 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:54:55.0718 1180 Fastfat - ok

15:54:55.0765 1180 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:54:55.0859 1180 FastUserSwitchingCompatibility - ok

15:54:55.0890 1180 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

15:54:56.0078 1180 Fax - ok

15:54:56.0109 1180 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:54:56.0265 1180 Fdc - ok

15:54:56.0406 1180 FileMonitor (c21fc36d3cd28c2726fee10d397216c7) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys

15:54:56.0421 1180 FileMonitor - ok

15:54:56.0468 1180 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:54:56.0656 1180 Fips - ok

15:54:56.0687 1180 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:54:56.0843 1180 Flpydisk - ok

15:54:56.0890 1180 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:54:57.0062 1180 FltMgr - ok

15:54:57.0171 1180 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:54:57.0187 1180 FontCache3.0.0.0 - ok

15:54:57.0234 1180 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:54:57.0421 1180 Fs_Rec - ok

15:54:57.0453 1180 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:54:57.0593 1180 Ftdisk - ok

15:54:57.0656 1180 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:54:57.0671 1180 GEARAspiWDM - ok

15:54:57.0765 1180 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

15:54:57.0796 1180 GoToAssist - ok

15:54:57.0906 1180 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:54:58.0187 1180 Gpc - ok

15:54:58.0531 1180 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe

15:54:58.0546 1180 gupdate - ok

15:54:58.0562 1180 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe

15:54:58.0578 1180 gupdatem - ok

15:54:58.0734 1180 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:54:58.0906 1180 helpsvc - ok

15:54:58.0953 1180 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

15:54:59.0125 1180 HidServ - ok

15:54:59.0156 1180 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:54:59.0437 1180 hidusb - ok

15:54:59.0484 1180 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

15:54:59.0687 1180 hkmsvc - ok

15:54:59.0687 1180 hpn - ok

15:54:59.0750 1180 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:54:59.0796 1180 HTTP - ok

15:54:59.0828 1180 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

15:55:00.0156 1180 HTTPFilter - ok

15:55:00.0171 1180 i2omgmt - ok

15:55:00.0171 1180 i2omp - ok

15:55:00.0218 1180 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:55:00.0546 1180 i8042prt - ok

15:55:00.0812 1180 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

15:55:00.0937 1180 ialm - ok

15:55:02.0656 1180 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:55:02.0953 1180 idsvc - ok

15:55:03.0640 1180 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120810.001\IDSxpx86.sys

15:55:03.0656 1180 IDSxpx86 - ok

15:55:03.0843 1180 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe

15:55:03.0921 1180 IISADMIN - ok

15:55:03.0984 1180 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:55:04.0156 1180 Imapi - ok

15:55:04.0218 1180 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

15:55:04.0406 1180 ImapiService - ok

15:55:04.0609 1180 IMFservice (1f0aedcbd294a0a3b479896b278ad343) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

15:55:04.0671 1180 IMFservice - ok

15:55:04.0687 1180 ini910u - ok

15:55:04.0781 1180 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys

15:55:04.0937 1180 IntelC51 - ok

15:55:05.0000 1180 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys

15:55:05.0062 1180 IntelC52 - ok

15:55:05.0093 1180 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys

15:55:05.0140 1180 IntelC53 - ok

15:55:05.0187 1180 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

15:55:05.0359 1180 IntelIde - ok

15:55:05.0390 1180 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:55:05.0531 1180 intelppm - ok

15:55:05.0562 1180 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:55:05.0734 1180 Ip6Fw - ok

15:55:05.0765 1180 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:55:05.0921 1180 IpFilterDriver - ok

15:55:05.0953 1180 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:55:06.0125 1180 IpInIp - ok

15:55:06.0156 1180 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:55:06.0328 1180 IpNat - ok

15:55:06.0359 1180 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:55:06.0546 1180 IPSec - ok

15:55:06.0578 1180 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:55:06.0656 1180 IRENUM - ok

15:55:06.0703 1180 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:55:06.0875 1180 isapnp - ok

15:55:07.0078 1180 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe

15:55:07.0093 1180 JavaQuickStarterService - ok

15:55:07.0156 1180 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:55:07.0328 1180 Kbdclass - ok

15:55:07.0359 1180 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:55:07.0546 1180 kmixer - ok

15:55:07.0593 1180 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:55:07.0656 1180 KSecDD - ok

15:55:07.0703 1180 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

15:55:07.0781 1180 lanmanserver - ok

15:55:07.0812 1180 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

15:55:07.0875 1180 lanmanworkstation - ok

15:55:07.0890 1180 lbrtfdc - ok

15:55:07.0921 1180 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

15:55:08.0093 1180 LmHosts - ok

15:55:08.0140 1180 LMIGuardianSvc - ok

15:55:08.0140 1180 LMIInfo - ok

15:55:08.0171 1180 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

15:55:08.0187 1180 lmimirr - ok

15:55:08.0187 1180 LMIRfsClientNP - ok

15:55:08.0234 1180 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

15:55:08.0250 1180 LMIRfsDriver - ok

15:55:08.0312 1180 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe

15:55:08.0343 1180 MatSvc - ok

15:55:08.0390 1180 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys

15:55:08.0406 1180 MBAMProtector - ok

15:55:08.0531 1180 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

15:55:08.0578 1180 MBAMService - ok

15:55:08.0750 1180 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

15:55:08.0781 1180 MDM - ok

15:55:08.0812 1180 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

15:55:08.0984 1180 Messenger - ok

15:55:09.0031 1180 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:55:09.0203 1180 mnmdd - ok

15:55:09.0234 1180 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

15:55:09.0406 1180 mnmsrvc - ok

15:55:09.0468 1180 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:55:09.0625 1180 Modem - ok

15:55:09.0687 1180 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

15:55:09.0859 1180 MODEMCSA - ok

15:55:10.0328 1180 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys

15:55:11.0062 1180 mohfilt - ok

15:55:11.0093 1180 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:55:11.0437 1180 Mouclass - ok

15:55:11.0500 1180 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:55:11.0937 1180 mouhid - ok

15:55:12.0093 1180 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:55:12.0296 1180 MountMgr - ok

15:55:12.0375 1180 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

15:55:12.0390 1180 MozillaMaintenance - ok

15:55:12.0406 1180 mraid35x - ok

15:55:12.0437 1180 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:55:12.0593 1180 MRxDAV - ok

15:55:12.0671 1180 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:55:12.0765 1180 MRxSmb - ok

15:55:12.0812 1180 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

15:55:12.0968 1180 MSDTC - ok

15:55:13.0000 1180 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:55:13.0156 1180 Msfs - ok

15:55:13.0171 1180 MSIServer - ok

15:55:13.0203 1180 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:55:13.0359 1180 MSKSSRV - ok

15:55:13.0390 1180 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:55:13.0531 1180 MSPCLOCK - ok

15:55:13.0546 1180 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:55:13.0718 1180 MSPQM - ok

15:55:13.0750 1180 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:55:13.0906 1180 mssmbios - ok

15:55:13.0953 1180 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:55:14.0015 1180 Mup - ok

15:55:14.0156 1180 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

15:55:14.0171 1180 N360 - ok

15:55:14.0218 1180 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

15:55:14.0390 1180 napagent - ok

15:55:14.0718 1180 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120813.003\NAVENG.SYS

15:55:14.0750 1180 NAVENG - ok

15:55:14.0828 1180 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120813.003\NAVEX15.SYS

15:55:14.0906 1180 NAVEX15 - ok

15:55:15.0093 1180 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:55:15.0265 1180 NDIS - ok

15:55:15.0343 1180 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:55:15.0390 1180 NdisTapi - ok

15:55:15.0421 1180 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:55:15.0593 1180 Ndisuio - ok

15:55:15.0609 1180 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:55:15.0765 1180 NdisWan - ok

15:55:15.0812 1180 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:55:15.0890 1180 NDProxy - ok

15:55:15.0921 1180 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:55:16.0109 1180 NetBIOS - ok

15:55:16.0171 1180 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:55:16.0328 1180 NetBT - ok

15:55:16.0671 1180 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:55:16.0828 1180 NetDDE - ok

15:55:16.0843 1180 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:55:16.0984 1180 NetDDEdsdm - ok

15:55:17.0015 1180 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:55:17.0156 1180 Netlogon - ok

15:55:17.0218 1180 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

15:55:17.0375 1180 Netman - ok

15:55:17.0578 1180 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

15:55:17.0609 1180 NetSvc ( UnsignedFile.Multi.Generic ) - warning

15:55:17.0609 1180 NetSvc - detected UnsignedFile.Multi.Generic (1)

15:55:17.0750 1180 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:55:17.0765 1180 NetTcpPortSharing - ok

15:55:17.0828 1180 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

15:55:17.0859 1180 Nla - ok

15:55:17.0890 1180 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:55:18.0046 1180 Npfs - ok

15:55:18.0328 1180 NSL (436e7b2e6f42c2717c1d670220d03336) C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe

15:55:18.0359 1180 NSL - ok

15:55:18.0421 1180 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:55:18.0609 1180 Ntfs - ok

15:55:18.0671 1180 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:55:18.0828 1180 NtLmSsp - ok

15:55:18.0890 1180 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

15:55:19.0046 1180 NtmsSvc - ok

15:55:19.0109 1180 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:55:19.0250 1180 Null - ok

15:55:19.0296 1180 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:55:19.0453 1180 NwlnkFlt - ok

15:55:19.0484 1180 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:55:19.0687 1180 NwlnkFwd - ok

15:55:19.0765 1180 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:55:19.0796 1180 ose - ok

15:55:19.0843 1180 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

15:55:20.0046 1180 Parport - ok

15:55:20.0109 1180 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:55:20.0265 1180 PartMgr - ok

15:55:20.0343 1180 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:55:20.0546 1180 ParVdm - ok

15:55:20.0609 1180 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:55:20.0843 1180 PCI - ok

15:55:20.0843 1180 PCIDump - ok

15:55:20.0875 1180 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:55:21.0062 1180 PCIIde - ok

15:55:21.0093 1180 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:55:21.0250 1180 Pcmcia - ok

15:55:21.0265 1180 PDCOMP - ok

15:55:21.0281 1180 PDFRAME - ok

15:55:21.0281 1180 PDRELI - ok

15:55:21.0296 1180 PDRFRAME - ok

15:55:21.0296 1180 perc2 - ok

15:55:21.0312 1180 perc2hib - ok

15:55:21.0375 1180 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:55:21.0406 1180 PlugPlay - ok

15:55:21.0406 1180 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:55:21.0578 1180 PolicyAgent - ok

15:55:21.0640 1180 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:55:21.0828 1180 PptpMiniport - ok

15:55:21.0828 1180 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:55:21.0984 1180 ProtectedStorage - ok

15:55:22.0000 1180 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:55:22.0156 1180 PSched - ok

15:55:22.0187 1180 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

15:55:22.0203 1180 PSI - ok

15:55:22.0250 1180 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:55:22.0687 1180 Ptilink - ok

15:55:22.0796 1180 ql1080 - ok

15:55:22.0796 1180 Ql10wnt - ok

15:55:22.0812 1180 ql12160 - ok

15:55:22.0812 1180 ql1240 - ok

15:55:22.0828 1180 ql1280 - ok

15:55:22.0843 1180 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:55:22.0984 1180 RasAcd - ok

15:55:23.0031 1180 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

15:55:23.0187 1180 RasAuto - ok

15:55:23.0218 1180 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:55:23.0390 1180 Rasl2tp - ok

15:55:23.0453 1180 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

15:55:23.0656 1180 RasMan - ok

15:55:23.0687 1180 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:55:23.0859 1180 RasPppoe - ok

15:55:23.0906 1180 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:55:24.0078 1180 Raspti - ok

15:55:24.0109 1180 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:55:24.0625 1180 Rdbss - ok

15:55:24.0640 1180 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:55:24.0781 1180 RDPCDD - ok

15:55:24.0812 1180 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:55:25.0015 1180 rdpdr - ok

15:55:25.0062 1180 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

15:55:25.0171 1180 RDPWD - ok

15:55:25.0218 1180 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

15:55:25.0375 1180 RDSessMgr - ok

15:55:25.0437 1180 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:55:25.0625 1180 redbook - ok

15:55:25.0828 1180 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys

15:55:25.0843 1180 RegFilter - ok

15:55:25.0875 1180 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

15:55:26.0046 1180 RemoteAccess - ok

15:55:26.0078 1180 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

15:55:26.0609 1180 RemoteRegistry - ok

15:55:26.0718 1180 RHDISK (3c57aea854eb5b33c664a377ace37449) C:\Program Files\Rohos\RHDISK.SYS

15:55:26.0750 1180 RHDISK ( UnsignedFile.Multi.Generic ) - warning

15:55:26.0750 1180 RHDISK - detected UnsignedFile.Multi.Generic (1)

15:55:26.0796 1180 rmdnhfjovqbv (d7dbfbc453b645111e6d21142305e80b) C:\WINDOWS\system32\drivers\rmdnhfjovqbv.sys

15:55:26.

Edited by boopme, 13 August 2012 - 06:43 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 AM

Posted 13 August 2012 - 06:52 PM

Well the best way to determine that these are not false positives is to post these.

e need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 XML2005

XML2005
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:01 AM

Posted 14 August 2012 - 04:25 PM

Thanks for your help, boopme! I've followed your advice, had no trouble running the items in Steps 6 through 9, and will keep you posted on the final results of my new post: http://www.bleepingcomputer.com/forums/topic465210.html

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 AM

Posted 15 August 2012 - 09:24 AM

You're welcome!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 5 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users