Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is hacked through gaining physical access


  • This topic is locked This topic is locked
26 replies to this topic

#1 Cristie

Cristie

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:03:58 AM

Posted 29 May 2013 - 11:26 AM

Thank you for your response.

My original post is here: http://www.bleepingcomputer.com/forums/t/490856/harddrive-physically-hacked/#ipboard_body

 

When I power off, a pop-up often shows indicating "Hidden Window is closing" with the option to End Now. When I powered off this AM before running this DDS, the pop-up did not appear.  

 

 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180
Run by Owner at 8:34:36 on 2013-05-29
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1405.610 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\ezprint.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\Norton Security Suite\Engine\20.1.0.24\ccSvcHst.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Norton Security Suite\Engine\20.1.0.24\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hotmail.com/
uSearch Bar = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.1.0.24\ips\IPSBHO.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\documents and settings\all users\application data\white sky, inc\id vault\iebho1.13.521.3\NativeBHO.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3DCF40DC-A583-4612-9658-418BB3F7BDCF} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{3DCF40DC-A583-4612-9658-418BB3F7BDCF} : DHCPNameServer = 75.75.75.75 75.75.76.76
AppInit_DLLs= c:\progra~1\keycry~1\KEYCRY~3.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\c8w9l99x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hotmail.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-28 06:41; idvaultaddin@whitesky; c:\documents and settings\owner\application data\mozilla\firefox\profiles\c8w9l99x.default\extensions\idvaultaddin@whitesky
FF - ExtSQL: 2013-05-28 08:03; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\IPSFFPlgn
FF - ExtSQL: 2013-05-28 08:11; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1401000.018\SymDS.sys [2013-5-28 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1401000.018\SymEFA.sys [2013-5-28 926880]
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2013-5-28 80104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130515.001\BHDrvx86.sys [2013-5-15 1000024]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1401000.018\ccSetx86.sys [2013-5-28 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1401000.018\Ironx86.sys [2013-5-28 175264]
R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2013-5-23 65088]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\20.1.0.24\ccSvcHst.exe [2013-5-28 143928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-5-28 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130528.001\IDSXpx86.sys [2013-5-29 373728]
R3 keycrypt;keycrypt;c:\windows\system32\drivers\KeyCrypt32.sys [2013-5-28 24760]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\virusdefs\20130528.032\NAVENG.SYS [2013-5-29 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\virusdefs\20130528.032\NAVEX15.SYS [2013-5-29 1611992]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2013-4-25 94208]
.
=============== Created Last 30 ================
.
2013-05-28 15:00:04    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-05-28 15:00:04    --------    d-----w-    c:\program files\Symantec
2013-05-28 15:00:04    --------    d-----w-    c:\program files\common files\Symantec Shared
2013-05-28 14:59:38    926880    ----a-r-    c:\windows\system32\drivers\n360\1401000.018\SymEFA.sys
2013-05-28 14:59:38    394656    ----a-r-    c:\windows\system32\drivers\n360\1401000.018\symtdi.sys
2013-05-28 14:59:38    368288    ----a-r-    c:\windows\system32\drivers\n360\1401000.018\SymDS.sys
2013-05-28 14:59:38    350368    ----a-r-    c:\windows\system32\drivers\n360\1401000.018\symtdiv.sys
2013-05-28 14:59:38    338592    ----a-r-    c:\windows\system32\drivers\n360\1401000.018\symnets.sys
2013-05-28 14:59:38    32888    ----a-r-    c:\windows\system32\drivers\n360\1401000.018\srtspx.sys
2013-05-28 14:59:38    21400    ----a-r-    c:\windows\system32\drivers\n360\1401000.018\SymELAM.sys
2013-05-28 14:59:37    585888    ----a-r-    c:\windows\system32\drivers\n360\1401000.018\srtsp.sys
2013-05-28 14:59:37    175264    ----a-r-    c:\windows\system32\drivers\n360\1401000.018\Ironx86.sys
2013-05-28 14:59:36    134304    ----a-r-    c:\windows\system32\drivers\n360\1401000.018\ccSetx86.sys
2013-05-28 14:58:56    8942    ----a-r-    c:\windows\system32\drivers\n360\1401000.018\SymVTcer.dat
2013-05-28 14:58:55    --------    d-----w-    c:\windows\system32\drivers\n360\1401000.018
2013-05-28 14:58:55    --------    d-----w-    c:\windows\system32\drivers\N360
2013-05-28 14:58:51    --------    d-----w-    c:\program files\Norton Security Suite
2013-05-28 14:56:18    --------    d-----w-    c:\program files\NortonInstaller
2013-05-28 14:56:18    --------    d-----w-    c:\documents and settings\all users\application data\NortonInstaller
2013-05-28 14:44:38    --------    d-----w-    c:\documents and settings\all users\application data\Norton
2013-05-28 13:41:35    --------    d-----w-    c:\documents and settings\all users\application data\IsolatedStorage
2013-05-28 13:41:31    --------    d-----w-    c:\documents and settings\owner\local settings\application data\White_Sky,_Inc
2013-05-28 13:39:55    --------    d-----w-    c:\documents and settings\owner\local settings\application data\ID Vault
2013-05-28 13:39:55    --------    d-----w-    c:\documents and settings\owner\application data\ID Vault
2013-05-28 13:39:36    24760    ----a-w-    c:\windows\system32\drivers\KeyCrypt32.sys
2013-05-28 13:39:36    --------    d-----w-    c:\program files\KeyCryptSDK
2013-05-28 13:39:35    80104    ----a-w-    c:\windows\system32\drivers\AntiLog32.sys
2013-05-28 13:39:35    7725368    ----a-w-    c:\windows\system32\ZALSDKCore.dll
2013-05-28 13:39:35    --------    d-----w-    c:\windows\system32\ZALSDK_uninst
2013-05-28 13:39:34    --------    d-----w-    c:\documents and settings\owner\local settings\application data\Zemana
2013-05-28 13:38:56    --------    d-----w-    c:\program files\Constant Guard Protection Suite
2013-05-28 13:34:10    --------    d-----w-    c:\windows\system32\XPSViewer
2013-05-28 13:33:17    27648    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-05-28 13:33:06    14048    ------w-    c:\windows\system32\spmsg2.dll
2013-05-28 13:25:36    --------    d-----w-    c:\documents and settings\all users\application data\White Sky, Inc
2013-05-24 16:13:10    262552    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-24 16:11:38    59288    ----a-w-    c:\program files\mozilla firefox\libEGL.dll
2013-05-24 16:11:38    478104    ----a-w-    c:\program files\mozilla firefox\libGLESv2.dll
2013-05-24 16:11:38    117144    ----a-w-    c:\program files\mozilla firefox\maintenanceservice.exe
2013-05-24 16:11:37    920472    ----a-w-    c:\program files\mozilla firefox\firefox.exe
2013-05-24 16:11:37    3076504    ----a-w-    c:\program files\mozilla firefox\gkmedias.dll
2013-05-24 16:11:37    279448    ----a-w-    c:\program files\mozilla firefox\freebl3.dll
2013-05-24 16:11:37    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-05-24 16:11:37    116120    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2013-05-24 16:11:36    74136    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2013-05-24 16:11:36    19352    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-05-02 00:11:56    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2013-05-02 00:11:56    --------    d-----w-    c:\windows\system32\wbem\Repository
.
==================== Find3M  ====================
.
2013-05-28 12:17:49    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-28 12:17:49    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-02 09:06:08    238872    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH:  8:35:08.59 ===============
 

Attached Files


Edited by Cristie, 29 May 2013 - 01:22 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 01 June 2013 - 09:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 08 June 2013 - 08:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 08 June 2013 - 12:46 PM

This topic has been re-opened at the request of the person who originally posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 08 June 2013 - 12:47 PM

Hi,Cristie

Please post the logs as requested.

#6 Cristie

Cristie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:03:58 AM

Posted 10 June 2013 - 08:37 AM

AdwCleaner log:# AdwCleaner v2.302 - Logfile created 06/07/2013 at 09:07:35
# Updated 06/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Owner - YOUR-A1FC1DC866
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\c8w9l99x.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [724 octets] - [07/06/2013 09:07:35]
AdwCleaner[S1].txt - [975 octets] - [01/06/2013 10:20:46]

########## EOF - C:\AdwCleaner[R1].txt - [842 octets] ##########

----------------------------------------------------------------------------------------------------------------------

 

ComboFix log:

 

ComboFix 13-06-07.03 - Owner 06/07/2013   9:51.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1405.824 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\spool\prtprocs\w32x86\lxdudrpp(2).dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-07 to 2013-06-07  )))))))))))))))))))))))))))))))
.
.
2013-06-05 15:06 . 2003-06-19 00:31    18944    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2013-06-05 15:06 . 2003-06-19 00:31    17920    ----a-w-    c:\windows\system32\mdimon.dll
2013-06-05 15:06 . 2013-06-05 15:06    --------    d-----w-    c:\program files\Microsoft ActiveSync
2013-06-05 15:05 . 2013-06-05 15:06    --------    d-----w-    c:\windows\SHELLNEW
2013-06-05 15:00 . 2013-06-05 15:00    --------    d-----r-    C:\MSOCache
2013-05-31 13:36 . 2013-05-31 13:36    --------    d-----w-    c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2013-05-31 13:35 . 2012-08-09 01:50    44064    ----a-r-    c:\windows\system32\drivers\SymIM.sys
2013-05-30 13:40 . 2013-05-30 13:40    --------    d-----w-    c:\program files\Microsoft.NET
2013-05-28 15:11 . 2013-05-28 15:11    --------    d-----w-    c:\documents and settings\LocalService\Local Settings\Application Data\Zemana
2013-05-28 15:11 . 2013-05-28 15:11    --------    d-----w-    c:\documents and settings\LocalService\Application Data\ID Vault
2013-05-28 15:00 . 2013-05-28 15:15    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2013-05-28 15:00 . 2013-05-28 15:00    --------    d-----w-    c:\program files\Symantec
2013-05-28 15:00 . 2013-05-28 15:00    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-05-28 14:58 . 2013-05-29 20:40    --------    d-----w-    c:\windows\system32\drivers\N360
2013-05-28 14:58 . 2013-05-28 14:58    --------    d-----w-    c:\program files\Norton Security Suite
2013-05-28 14:56 . 2013-05-28 14:56    --------    d-----w-    c:\program files\NortonInstaller
2013-05-28 14:44 . 2013-05-28 15:03    --------    d-----w-    c:\documents and settings\All Users\Application Data\Norton
2013-05-28 13:41 . 2013-05-28 13:41    --------    d-----w-    c:\documents and settings\LocalService\Local Settings\Application Data\ID Vault
2013-05-28 13:37 . 2013-05-28 13:37    --------    d-----w-    c:\program files\MSBuild
2013-05-28 13:34 . 2013-05-28 13:34    --------    d-----w-    c:\windows\system32\XPSViewer
2013-05-28 13:33 . 2013-05-28 13:33    --------    d-----w-    c:\program files\Reference Assemblies
2013-05-28 13:33 . 2006-10-14 23:43    27648    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-05-28 13:33 . 2006-06-29 20:07    14048    ------w-    c:\windows\system32\spmsg2.dll
2013-05-28 13:25 . 2013-05-28 13:25    --------    d-----w-    c:\documents and settings\All Users\Application Data\White Sky, Inc
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 12:17 . 2013-04-21 21:12    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-28 12:17 . 2013-04-21 21:12    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-02 09:06 . 2013-04-21 21:42    238872    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-27 16120832]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2010-10-15 676520]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1403010.016\symds.sys [5/29/2013 1:16 PM 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1403010.016\symefa.sys [5/29/2013 1:16 PM 934488]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [5/31/2013 9:58 AM 1002072]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360\1403010.016\ccsetx86.sys [5/29/2013 1:16 PM 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1403010.016\ironx86.sys [5/29/2013 1:16 PM 175264]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe [5/29/2013 1:16 PM 144520]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2013 3:03 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130606.001\IDSXpx86.sys [6/7/2013 8:31 AM 373728]
S1 AntiLog32;AntiLog32;\??\c:\windows\system32\drivers\AntiLog32.sys --> c:\windows\system32\drivers\AntiLog32.sys [?]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [4/25/2013 4:04 PM 94208]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt32.sys --> c:\windows\system32\DRIVERS\KeyCrypt32.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hotmail.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\c8w9l99x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hotmail.com
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-05-28 08:03; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
FF - ExtSQL: 2013-05-28 08:11; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-07 09:56
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-06-07  09:57:55
ComboFix-quarantined-files.txt  2013-06-07 16:57
.
Pre-Run: 63,460,429,824 bytes free
Post-Run: 63,848,771,584 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 738603F4B55CD5B8899CAF5869851429
E9B468D3DCCBC07254F1F04D03465DF2
---------------------------------------------------------------------------------------------------------------------------------------

 

SecurityCheck log:

 

 Results of screen317's Security Check version 0.99.64  
 Windows XP Service Pack 2 x86   
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     11.7.700.202  
 Adobe Reader 6 Adobe Reader out of Date!
 Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 

 

 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 10 June 2013 - 01:41 PM

Please run these tools and let me know if an issue persists.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.

Edited by nasdaq, 10 June 2013 - 01:44 PM.


#8 Cristie

Cristie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:03:58 AM

Posted 13 June 2013 - 04:38 PM

When I tried to paste the Kapersky log, my computer began to misbehave.  The log was deleted from the Search pane, the Search pane tab appeared in the lower title bar but would not open, and the bleepingcomputer.com page I had open disappeared.  I will try again today......sorry nasdaq.



#9 Cristie

Cristie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:03:58 AM

Posted 13 June 2013 - 04:42 PM

14:39:42.0429 3384  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:39:44.0432 3384  ============================================================
14:39:44.0432 3384  Current date / time: 2013/06/13 14:39:44.0432
14:39:44.0432 3384  SystemInfo:
14:39:44.0432 3384  
14:39:44.0432 3384  OS Version: 5.1.2600 ServicePack: 2.0
14:39:44.0432 3384  Product type: Workstation
14:39:44.0432 3384  ComputerName: YOUR-A1FC1DC866
14:39:44.0432 3384  UserName: Owner
14:39:44.0432 3384  Windows directory: C:\WINDOWS
14:39:44.0432 3384  System windows directory: C:\WINDOWS
14:39:44.0432 3384  Processor architecture: Intel x86
14:39:44.0432 3384  Number of processors: 1
14:39:44.0432 3384  Page size: 0x1000
14:39:44.0432 3384  Boot type: Normal boot
14:39:44.0432 3384  ============================================================
14:39:47.0186 3384  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:39:47.0256 3384  ============================================================
14:39:47.0256 3384  \Device\Harddisk0\DR0:
14:39:47.0266 3384  MBR partitions:
14:39:47.0266 3384  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x8DAF83
14:39:47.0266 3384  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8DAFC2, BlocksNum 0x8C334FF
14:39:47.0266 3384  ============================================================
14:39:47.0316 3384  C: <-> \Device\Harddisk0\DR0\Partition2
14:39:47.0346 3384  D: <-> \Device\Harddisk0\DR0\Partition1
14:39:47.0346 3384  ============================================================
14:39:47.0346 3384  Initialize success
14:39:47.0346 3384  ============================================================

 



#10 Cristie

Cristie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:03:58 AM

Posted 13 June 2013 - 04:47 PM

nasdaq, here is one of the logs when it was misbehaving:

 

12:06:50.0801 0232  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:06:52.0804 0232  ============================================================
12:06:52.0804 0232  Current date / time: 2013/06/10 12:06:52.0804
12:06:52.0804 0232  SystemInfo:
12:06:52.0804 0232  
12:06:52.0804 0232  OS Version: 5.1.2600 ServicePack: 2.0
12:06:52.0804 0232  Product type: Workstation
12:06:52.0804 0232  ComputerName: YOUR-A1FC1DC866
12:06:52.0804 0232  UserName: Owner
12:06:52.0804 0232  Windows directory: C:\WINDOWS
12:06:52.0804 0232  System windows directory: C:\WINDOWS
12:06:52.0804 0232  Processor architecture: Intel x86
12:06:52.0804 0232  Number of processors: 1
12:06:52.0804 0232  Page size: 0x1000
12:06:52.0804 0232  Boot type: Normal boot
12:06:52.0804 0232  ============================================================
12:06:54.0497 0232  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:06:54.0557 0232  ============================================================
12:06:54.0557 0232  \Device\Harddisk0\DR0:
12:06:54.0557 0232  MBR partitions:
12:06:54.0557 0232  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x8DAF83
12:06:54.0557 0232  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8DAFC2, BlocksNum 0x8C334FF
12:06:54.0557 0232  ============================================================
12:06:54.0617 0232  C: <-> \Device\Harddisk0\DR0\Partition2
12:06:54.0637 0232  D: <-> \Device\Harddisk0\DR0\Partition1
12:06:54.0637 0232  ============================================================
12:06:54.0637 0232  Initialize success
12:06:54.0637 0232  ============================================================
12:06:58.0032 4020  ============================================================
12:06:58.0032 4020  Scan started
12:06:58.0032 4020  Mode: Manual;
12:06:58.0032 4020  ============================================================
12:06:58.0582 4020  ================ Scan system memory ========================
12:06:58.0582 4020  System memory - ok
12:06:58.0592 4020  ================ Scan services =============================
12:06:58.0783 4020  Abiosdsk - ok
12:06:58.0833 4020  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:06:58.0833 4020  abp480n5 - ok
12:06:58.0893 4020  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:06:58.0893 4020  ACPI - ok
12:06:58.0943 4020  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:06:58.0943 4020  ACPIEC - ok
12:06:58.0983 4020  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:06:58.0983 4020  adpu160m - ok
12:06:59.0063 4020  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:06:59.0073 4020  aec - ok
12:06:59.0113 4020  [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:06:59.0123 4020  AFD - ok
12:06:59.0163 4020  [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
12:06:59.0163 4020  agp440 - ok
12:06:59.0213 4020  [ 67288B07D6ABA6C1267B626E67BC56FD ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:06:59.0213 4020  agpCPQ - ok
12:06:59.0223 4020  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:06:59.0233 4020  Aha154x - ok
12:06:59.0263 4020  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:06:59.0263 4020  aic78u2 - ok
12:06:59.0313 4020  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:06:59.0313 4020  aic78xx - ok
12:06:59.0364 4020  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:06:59.0364 4020  Alerter - ok
12:06:59.0404 4020  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\WINDOWS\System32\alg.exe
12:06:59.0404 4020  ALG - ok
12:06:59.0434 4020  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
12:06:59.0434 4020  AliIde - ok
12:06:59.0464 4020  [ F312B7CEF21EFF52FA23056B9D815FAD ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:06:59.0474 4020  alim1541 - ok
12:06:59.0504 4020  [ 675C16A3C1F8482F85EE4A97FC0DDE3D ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:06:59.0504 4020  amdagp - ok
12:06:59.0544 4020  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
12:06:59.0544 4020  amsint - ok
12:06:59.0564 4020  AntiLog32 - ok
12:06:59.0584 4020  AppMgmt - ok
12:06:59.0604 4020  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
12:06:59.0604 4020  asc - ok
12:06:59.0634 4020  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:06:59.0634 4020  asc3350p - ok
12:06:59.0664 4020  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:06:59.0664 4020  asc3550 - ok
12:06:59.0794 4020  [ D33C507942299753868204CC7642FA27 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:06:59.0814 4020  aspnet_state - ok
12:06:59.0844 4020  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:06:59.0844 4020  AsyncMac - ok
12:06:59.0884 4020  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:06:59.0884 4020  atapi - ok
12:06:59.0904 4020  Atdisk - ok
12:06:59.0944 4020  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:06:59.0954 4020  Atmarpc - ok
12:07:00.0014 4020  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:07:00.0024 4020  AudioSrv - ok
12:07:00.0065 4020  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:07:00.0065 4020  audstub - ok
12:07:00.0145 4020  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:07:00.0145 4020  Beep - ok
12:07:00.0355 4020  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130531.001\BHDrvx86.sys
12:07:00.0395 4020  BHDrvx86 - ok
12:07:00.0475 4020  [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS            C:\WINDOWS\system32\qmgr.dll
12:07:00.0495 4020  BITS - ok
12:07:00.0555 4020  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\WINDOWS\System32\browser.dll
12:07:00.0555 4020  Browser - ok
12:07:00.0675 4020  catchme - ok
12:07:00.0725 4020  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:07:00.0725 4020  cbidf - ok
12:07:00.0756 4020  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:07:00.0756 4020  cbidf2k - ok
12:07:00.0856 4020  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\1403010.016\ccSetx86.sys
12:07:00.0876 4020  ccSet_N360 - ok
12:07:00.0896 4020  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:07:00.0896 4020  cd20xrnt - ok
12:07:00.0966 4020  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:07:00.0966 4020  Cdaudio - ok
12:07:00.0996 4020  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:07:00.0996 4020  Cdfs - ok
12:07:01.0046 4020  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:07:01.0046 4020  Cdrom - ok
12:07:01.0076 4020  Changer - ok
12:07:01.0136 4020  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:07:01.0136 4020  CiSvc - ok
12:07:01.0176 4020  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:07:01.0176 4020  ClipSrv - ok
12:07:01.0216 4020  [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:07:01.0296 4020  clr_optimization_v2.0.50727_32 - ok
12:07:01.0386 4020  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:07:01.0386 4020  clr_optimization_v4.0.30319_32 - ok
12:07:01.0487 4020  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:07:01.0487 4020  CmdIde - ok
12:07:01.0517 4020  COMSysApp - ok
12:07:01.0557 4020  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:07:01.0557 4020  Cpqarray - ok
12:07:01.0627 4020  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:07:01.0627 4020  CryptSvc - ok
12:07:01.0667 4020  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:07:01.0667 4020  dac2w2k - ok
12:07:01.0697 4020  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:07:01.0697 4020  dac960nt - ok
12:07:01.0757 4020  [ 5C83A4408604F737717AB96371201680 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:07:01.0767 4020  DcomLaunch - ok
12:07:01.0837 4020  [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:07:01.0847 4020  Dhcp - ok
12:07:01.0877 4020  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:07:01.0877 4020  Disk - ok
12:07:01.0897 4020  dmadmin - ok
12:07:01.0987 4020  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:07:02.0047 4020  dmboot - ok
12:07:02.0097 4020  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:07:02.0097 4020  dmio - ok
12:07:02.0117 4020  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:07:02.0117 4020  dmload - ok
12:07:02.0168 4020  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:07:02.0168 4020  dmserver - ok
12:07:02.0228 4020  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:07:02.0228 4020  DMusic - ok
12:07:02.0288 4020  [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:07:02.0288 4020  Dnscache - ok
12:07:02.0348 4020  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:07:02.0348 4020  dpti2o - ok
12:07:02.0368 4020  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:07:02.0378 4020  drmkaud - ok
12:07:02.0478 4020  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:07:02.0498 4020  eeCtrl - ok
12:07:02.0528 4020  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:07:02.0538 4020  EraserUtilRebootDrv - ok
12:07:02.0598 4020  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:07:02.0598 4020  ERSvc - ok
12:07:02.0668 4020  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog        C:\WINDOWS\system32\services.exe
12:07:02.0668 4020  Eventlog - ok
12:07:02.0718 4020  [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem     C:\WINDOWS\system32\es.dll
12:07:02.0738 4020  EventSystem - ok
12:07:02.0808 4020  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:07:02.0808 4020  Fastfat - ok
12:07:02.0869 4020  [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:07:02.0869 4020  FastUserSwitchingCompatibility - ok
12:07:02.0909 4020  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:07:02.0909 4020  Fdc - ok
12:07:02.0939 4020  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:07:02.0939 4020  Fips - ok
12:07:02.0989 4020  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:07:02.0989 4020  Flpydisk - ok
12:07:03.0059 4020  [ 54FD90F0038F07920CB9FB6591BDE82F ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:07:03.0059 4020  FltMgr - ok
12:07:03.0169 4020  [ FACECF3F75BAF3775A879D1168402270 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:07:03.0169 4020  FontCache3.0.0.0 - ok
12:07:03.0199 4020  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:07:03.0199 4020  Fs_Rec - ok
12:07:03.0259 4020  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:07:03.0259 4020  Ftdisk - ok
12:07:03.0289 4020  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:07:03.0289 4020  Gpc - ok
12:07:03.0339 4020  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:07:03.0349 4020  HDAudBus - ok
12:07:03.0439 4020  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:07:03.0439 4020  helpsvc - ok
12:07:03.0509 4020  [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:07:03.0509 4020  HidServ - ok
12:07:03.0540 4020  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:07:03.0540 4020  HidUsb - ok
12:07:03.0610 4020  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
12:07:03.0610 4020  hpn - ok
12:07:03.0660 4020  [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:07:03.0670 4020  HTTP - ok
12:07:03.0740 4020  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:07:03.0740 4020  HTTPFilter - ok
12:07:03.0780 4020  [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
12:07:03.0790 4020  i2omgmt - ok
12:07:03.0850 4020  [ ED6BF9E441FDEA13292A6D30A64A24C3 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:07:03.0850 4020  i2omp - ok
12:07:03.0900 4020  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:07:03.0900 4020  i8042prt - ok
12:07:03.0990 4020  [ EA7267505149B3A10DF32506A4E4E412 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:07:04.0030 4020  idsvc - ok
12:07:04.0211 4020  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130607.001\IDSxpx86.sys
12:07:04.0261 4020  IDSxpx86 - ok
12:07:04.0301 4020  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:07:04.0301 4020  Imapi - ok
12:07:04.0371 4020  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:07:04.0381 4020  ImapiService - ok
12:07:04.0431 4020  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:07:04.0431 4020  ini910u - ok
12:07:04.0611 4020  [ 2389F12F0ED506176B7C29C8144CEA09 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:07:04.0731 4020  IntcAzAudAddService - ok
12:07:04.0811 4020  [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
12:07:04.0811 4020  IntelIde - ok
12:07:04.0841 4020  [ 279FB78702454DFF2BB445F238C048D2 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:07:04.0851 4020  intelppm - ok
12:07:04.0871 4020  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:07:04.0871 4020  Ip6Fw - ok
12:07:04.0891 4020  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:07:04.0891 4020  IpFilterDriver - ok
12:07:04.0942 4020  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:07:04.0942 4020  IpInIp - ok
12:07:04.0982 4020  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:07:04.0982 4020  IpNat - ok
12:07:05.0042 4020  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:07:05.0042 4020  IPSec - ok
12:07:05.0092 4020  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:07:05.0092 4020  IRENUM - ok
12:07:05.0172 4020  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:07:05.0182 4020  isapnp - ok
12:07:05.0202 4020  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:07:05.0202 4020  Kbdclass - ok
12:07:05.0222 4020  [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:07:05.0232 4020  kbdhid - ok
12:07:05.0252 4020  keycrypt - ok
12:07:05.0322 4020  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:07:05.0322 4020  kmixer - ok
12:07:05.0362 4020  [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:07:05.0362 4020  KSecDD - ok
12:07:05.0432 4020  [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
12:07:05.0432 4020  lanmanserver - ok
12:07:05.0502 4020  [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:07:05.0502 4020  lanmanworkstation - ok
12:07:05.0532 4020  lbrtfdc - ok
12:07:05.0623 4020  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:07:05.0623 4020  LmHosts - ok
12:07:05.0723 4020  [ 4A0B6533F035D74729942EE1D19C35C5 ] lxduCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
12:07:05.0723 4020  lxduCATSCustConnectService - ok
12:07:05.0753 4020  lxdu_device - ok
12:07:05.0813 4020  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:07:05.0813 4020  Messenger - ok
12:07:05.0873 4020  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:07:05.0873 4020  mnmdd - ok
12:07:05.0913 4020  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:07:05.0913 4020  mnmsrvc - ok
12:07:05.0953 4020  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:07:05.0963 4020  Modem - ok
12:07:06.0033 4020  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:07:06.0033 4020  Mouclass - ok
12:07:06.0073 4020  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:07:06.0083 4020  mouhid - ok
12:07:06.0113 4020  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:07:06.0113 4020  MountMgr - ok
12:07:06.0193 4020  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:07:06.0203 4020  MozillaMaintenance - ok
12:07:06.0233 4020  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:07:06.0233 4020  mraid35x - ok
12:07:06.0273 4020  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:07:06.0273 4020  MRxDAV - ok
12:07:06.0314 4020  [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:07:06.0344 4020  MRxSmb - ok
12:07:06.0404 4020  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:07:06.0404 4020  MSDTC - ok
12:07:06.0484 4020  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:07:06.0484 4020  Msfs - ok
12:07:06.0514 4020  MSIServer - ok
12:07:06.0554 4020  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:07:06.0554 4020  MSKSSRV - ok
12:07:06.0584 4020  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:07:06.0584 4020  MSPCLOCK - ok
12:07:06.0624 4020  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:07:06.0634 4020  MSPQM - ok
12:07:06.0674 4020  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:07:06.0684 4020  mssmbios - ok
12:07:06.0724 4020  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:07:06.0734 4020  Mup - ok
12:07:06.0774 4020  [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic           C:\WINDOWS\system32\DRIVERS\mxnic.sys
12:07:06.0774 4020  mxnic - ok
12:07:06.0894 4020  [ 241BD3019FB31E812A51B31B06906335 ] N360            C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
12:07:06.0894 4020  N360 - ok
12:07:07.0015 4020  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130610.007\NAVENG.SYS
12:07:07.0015 4020  NAVENG - ok
12:07:07.0115 4020  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130610.007\NAVEX15.SYS
12:07:07.0125 4020  NAVEX15 - ok
12:07:07.0175 4020  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:07:07.0185 4020  NDIS - ok
12:07:07.0215 4020  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:07:07.0215 4020  NdisTapi - ok
12:07:07.0275 4020  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:07:07.0275 4020  Ndisuio - ok
12:07:07.0295 4020  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:07:07.0305 4020  NdisWan - ok
12:07:07.0325 4020  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:07:07.0335 4020  NDProxy - ok
12:07:07.0355 4020  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:07:07.0355 4020  NetBIOS - ok
12:07:07.0435 4020  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:07:07.0435 4020  NetBT - ok
12:07:07.0495 4020  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:07:07.0505 4020  NetDDE - ok
12:07:07.0535 4020  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:07:07.0545 4020  NetDDEdsdm - ok
12:07:07.0605 4020  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:07:07.0605 4020  Netlogon - ok
12:07:07.0675 4020  [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman          C:\WINDOWS\System32\netman.dll
12:07:07.0686 4020  Netman - ok
12:07:07.0746 4020  [ 8070BB07FE06DE8B9ACB29B07016A273 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:07:07.0746 4020  NetTcpPortSharing - ok
12:07:07.0816 4020  [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:07:07.0826 4020  Nla - ok
12:07:07.0886 4020  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:07:07.0886 4020  Npfs - ok
12:07:07.0936 4020  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:07:07.0946 4020  Ntfs - ok
12:07:07.0976 4020  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:07:07.0976 4020  NtLmSsp - ok
12:07:08.0066 4020  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:07:08.0096 4020  NtmsSvc - ok
12:07:08.0136 4020  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:07:08.0136 4020  Null - ok
12:07:08.0226 4020  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:07:08.0276 4020  nv - ok
12:07:08.0326 4020  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:07:08.0326 4020  NwlnkFlt - ok
12:07:08.0356 4020  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:07:08.0356 4020  NwlnkFwd - ok
12:07:08.0447 4020  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:07:08.0447 4020  ose - ok
12:07:08.0527 4020  [ 3E16EFF2A6FED2D8D7F5A66DFE65D183 ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
12:07:08.0527 4020  P3 - ok
12:07:08.0557 4020  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:07:08.0557 4020  Parport - ok
12:07:08.0587 4020  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:07:08.0587 4020  PartMgr - ok
12:07:08.0617 4020  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:07:08.0617 4020  ParVdm - ok
12:07:08.0647 4020  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:07:08.0647 4020  PCI - ok
12:07:08.0677 4020  PCIDump - ok
12:07:08.0697 4020  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:07:08.0707 4020  PCIIde - ok
12:07:08.0737 4020  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:07:08.0737 4020  Pcmcia - ok
12:07:08.0767 4020  PDCOMP - ok
12:07:08.0797 4020  PDFRAME - ok
12:07:08.0807 4020  PDRELI - ok
12:07:08.0837 4020  PDRFRAME - ok
12:07:08.0867 4020  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
12:07:08.0877 4020  perc2 - ok
12:07:08.0897 4020  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:07:08.0897 4020  perc2hib - ok
12:07:09.0007 4020  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:07:09.0007 4020  PlugPlay - ok
12:07:09.0057 4020  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:07:09.0057 4020  PolicyAgent - ok
12:07:09.0098 4020  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:07:09.0108 4020  PptpMiniport - ok
12:07:09.0148 4020  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:07:09.0158 4020  ProtectedStorage - ok
12:07:09.0208 4020  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:07:09.0218 4020  PSched - ok
12:07:09.0228 4020  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:07:09.0228 4020  Ptilink - ok
12:07:09.0268 4020  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:07:09.0268 4020  ql1080 - ok
12:07:09.0308 4020  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:07:09.0308 4020  Ql10wnt - ok
12:07:09.0338 4020  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:07:09.0348 4020  ql12160 - ok
12:07:09.0368 4020  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:07:09.0368 4020  ql1240 - ok
12:07:09.0398 4020  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:07:09.0398 4020  ql1280 - ok
12:07:09.0448 4020  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:07:09.0448 4020  RasAcd - ok
12:07:09.0498 4020  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:07:09.0498 4020  RasAuto - ok
12:07:09.0538 4020  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:07:09.0538 4020  Rasl2tp - ok
12:07:09.0568 4020  [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:07:09.0568 4020  RasMan - ok
12:07:09.0588 4020  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:07:09.0598 4020  RasPppoe - ok
12:07:09.0638 4020  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:07:09.0638 4020  Raspti - ok
12:07:09.0688 4020  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:07:09.0698 4020  Rdbss - ok
12:07:09.0728 4020  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:07:09.0728 4020  RDPCDD - ok
12:07:09.0809 4020  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:07:09.0819 4020  rdpdr - ok
12:07:09.0859 4020  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:07:09.0859 4020  RDPWD - ok
12:07:09.0929 4020  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:07:09.0939 4020  RDSessMgr - ok
12:07:09.0979 4020  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:07:09.0979 4020  redbook - ok
12:07:10.0029 4020  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:07:10.0039 4020  RemoteAccess - ok
12:07:10.0089 4020  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:07:10.0099 4020  RpcLocator - ok
12:07:10.0159 4020  [ 5C83A4408604F737717AB96371201680 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
12:07:10.0159 4020  RpcSs - ok
12:07:10.0219 4020  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:07:10.0229 4020  RSVP - ok
12:07:10.0269 4020  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:07:10.0269 4020  rtl8139 - ok
12:07:10.0309 4020  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:07:10.0309 4020  SamSs - ok
12:07:10.0379 4020  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:07:10.0379 4020  SCardSvr - ok
12:07:10.0419 4020  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:07:10.0419 4020  Schedule - ok
12:07:10.0490 4020  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:07:10.0490 4020  Secdrv - ok
12:07:10.0540 4020  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:07:10.0540 4020  seclogon - ok
12:07:10.0580 4020  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\WINDOWS\system32\sens.dll
12:07:10.0580 4020  SENS - ok
12:07:10.0630 4020  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:07:10.0630 4020  serenum - ok
12:07:10.0660 4020  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:07:10.0660 4020  Serial - ok
12:07:10.0810 4020  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:07:10.0810 4020  Sfloppy - ok
12:07:10.0880 4020  [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:07:10.0900 4020  SharedAccess - ok
12:07:10.0940 4020  [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:07:10.0940 4020  ShellHWDetection - ok
12:07:10.0970 4020  Simbad - ok
12:07:10.0990 4020  [ 732D859B286DA692119F286B21A2A114 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:07:10.0990 4020  sisagp - ok
12:07:11.0060 4020  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:07:11.0060 4020  Sparrow - ok
12:07:11.0090 4020  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:07:11.0090 4020  splitter - ok
12:07:11.0160 4020  [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:07:11.0160 4020  Spooler - ok
12:07:11.0181 4020  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:07:11.0181 4020  sr - ok
12:07:11.0221 4020  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:07:11.0231 4020  srservice - ok
12:07:11.0311 4020  [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP           C:\WINDOWS\System32\Drivers\N360\1403010.016\SRTSP.SYS
12:07:11.0331 4020  SRTSP - ok
12:07:11.0401 4020  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\WINDOWS\system32\drivers\N360\1403010.016\SRTSPX.SYS
12:07:11.0401 4020  SRTSPX - ok
12:07:11.0451 4020  [ 20B7E396720353E4117D64D9DCB926CA ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:07:11.0461 4020  Srv - ok
12:07:11.0531 4020  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:07:11.0541 4020  SSDPSRV - ok
12:07:11.0611 4020  [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:07:11.0621 4020  stisvc - ok
12:07:11.0681 4020  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:07:11.0681 4020  swenum - ok
12:07:11.0751 4020  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:07:11.0751 4020  swmidi - ok
12:07:11.0781 4020  SwPrv - ok
12:07:11.0841 4020  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
12:07:11.0851 4020  symc810 - ok
12:07:11.0872 4020  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:07:11.0882 4020  symc8xx - ok
12:07:11.0942 4020  [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS           C:\WINDOWS\system32\drivers\N360\1403010.016\SYMDS.SYS
12:07:11.0962 4020  SymDS - ok
12:07:12.0032 4020  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\WINDOWS\system32\drivers\N360\1403010.016\SYMEFA.SYS
12:07:12.0072 4020  SymEFA - ok
12:07:12.0132 4020  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:07:12.0152 4020  SymEvent - ok
12:07:12.0212 4020  [ 123A13DCD5210F8A3BE5FC8CACBFE324 ] SymIM           C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:07:12.0222 4020  SymIM - ok
12:07:12.0252 4020  [ 123A13DCD5210F8A3BE5FC8CACBFE324 ] SymIMMP         C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:07:12.0252 4020  SymIMMP - ok
12:07:12.0322 4020  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\WINDOWS\system32\drivers\N360\1403010.016\Ironx86.SYS
12:07:12.0332 4020  SymIRON - ok
12:07:12.0372 4020  [ EC979002EBA25C9D109B2FE0E03457DA ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\1403010.016\SYMTDI.SYS
12:07:12.0392 4020  SYMTDI - ok
12:07:12.0412 4020  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:07:12.0412 4020  sym_hi - ok
12:07:12.0442 4020  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:07:12.0442 4020  sym_u3 - ok
12:07:12.0482 4020  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:07:12.0482 4020  sysaudio - ok
12:07:12.0542 4020  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:07:12.0542 4020  SysmonLog - ok
12:07:12.0613 4020  [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:07:12.0633 4020  TapiSrv - ok
12:07:12.0673 4020  [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:07:12.0693 4020  Tcpip - ok
12:07:12.0763 4020  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:07:12.0763 4020  TDPIPE - ok
12:07:12.0793 4020  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:07:12.0793 4020  TDTCP - ok
12:07:12.0833 4020  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:07:12.0833 4020  TermDD - ok
12:07:12.0903 4020  [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService     C:\WINDOWS\System32\termsrv.dll
12:07:12.0913 4020  TermService - ok
12:07:12.0963 4020  [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:07:12.0963 4020  Themes - ok
12:07:13.0043 4020  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
12:07:13.0053 4020  TosIde - ok
12:07:13.0113 4020  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:07:13.0113 4020  TrkWks - ok
12:07:13.0193 4020  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:07:13.0193 4020  Udfs - ok
12:07:13.0243 4020  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
12:07:13.0254 4020  ultra - ok
12:07:13.0284 4020  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:07:13.0294 4020  Update - ok
12:07:13.0364 4020  [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:07:13.0364 4020  upnphost - ok
12:07:13.0384 4020  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\WINDOWS\System32\ups.exe
12:07:13.0394 4020  UPS - ok
12:07:13.0424 4020  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:07:13.0424 4020  usbccgp - ok
12:07:13.0484 4020  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:07:13.0484 4020  usbehci - ok
12:07:13.0554 4020  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:07:13.0554 4020  usbhub - ok
12:07:13.0594 4020  [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:07:13.0594 4020  usbohci - ok
12:07:13.0644 4020  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:07:13.0654 4020  usbprint - ok
12:07:13.0714 4020  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:07:13.0714 4020  usbscan - ok
12:07:13.0744 4020  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:07:13.0754 4020  USBSTOR - ok
12:07:13.0794 4020  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:07:13.0794 4020  usbuhci - ok
12:07:13.0854 4020  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:07:13.0854 4020  VgaSave - ok
12:07:13.0914 4020  [ D92E7C8A30CFD14D8E15B5F7F032151B ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:07:13.0914 4020  viaagp - ok
12:07:13.0934 4020  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
12:07:13.0934 4020  ViaIde - ok
12:07:13.0965 4020  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:07:13.0965 4020  VolSnap - ok
12:07:14.0045 4020  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\WINDOWS\System32\vssvc.exe
12:07:14.0055 4020  VSS - ok
12:07:14.0105 4020  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll
12:07:14.0115 4020  W32Time - ok
12:07:14.0175 4020  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:07:14.0175 4020  Wanarp - ok
12:07:14.0205 4020  WDICA - ok
12:07:14.0245 4020  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:07:14.0245 4020  wdmaud - ok
12:07:14.0305 4020  [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:07:14.0305 4020  WebClient - ok
12:07:14.0385 4020  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:07:14.0395 4020  winmgmt - ok
12:07:14.0485 4020  [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
12:07:14.0485 4020  WmdmPmSN - ok
12:07:14.0565 4020  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:07:14.0565 4020  WmiApSrv - ok
12:07:14.0676 4020  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:07:14.0696 4020  WPFFontCache_v0400 - ok
12:07:14.0746 4020  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:07:14.0756 4020  WS2IFSL - ok
12:07:14.0826 4020  [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:07:14.0836 4020  wscsvc - ok
12:07:14.0866 4020  [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:07:14.0876 4020  wuauserv - ok
12:07:14.0926 4020  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:07:14.0936 4020  WZCSVC - ok
12:07:14.0986 4020  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:07:14.0986 4020  xmlprov - ok
12:07:15.0016 4020  ================ Scan global ===============================
12:07:15.0056 4020  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
12:07:15.0106 4020  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
12:07:15.0146 4020  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
12:07:15.0186 4020  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
12:07:15.0186 4020  [Global] - ok
12:07:15.0196 4020  ================ Scan MBR ==================================
12:07:15.0226 4020  [ E9B468D3DCCBC07254F1F04D03465DF2 ] \Device\Harddisk0\DR0
12:07:15.0427 4020  \Device\Harddisk0\DR0 - ok
12:07:15.0437 4020  ================ Scan VBR ==================================
12:07:15.0467 4020  [ 3854457A40D1A6513ACB9DDB5CA354AE ] \Device\Harddisk0\DR0\Partition1
12:07:15.0467 4020  \Device\Harddisk0\DR0\Partition1 - ok
12:07:15.0507 4020  [ 106ADD2D8042064A246981C2F61360ED ] \Device\Harddisk0\DR0\Partition2
12:07:15.0507 4020  \Device\Harddisk0\DR0\Partition2 - ok
12:07:15.0507 4020  ============================================================
12:07:15.0507 4020  Scan finished
12:07:15.0507 4020  ============================================================
12:07:15.0547 1164  Detected object count: 0
12:07:15.0547 1164  Actual detected object count: 0
12:08:42.0852 2520  ============================================================
12:08:42.0852 2520  Scan started
12:08:42.0852 2520  Mode: Manual; SigCheck; TDLFS;
12:08:42.0852 2520  ============================================================
12:08:42.0993 2520  ================ Scan system memory ========================
12:08:42.0993 2520  System memory - ok
12:08:43.0013 2520  ================ Scan services =============================
12:08:43.0193 2520  Abiosdsk - ok
12:08:43.0233 2520  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:08:44.0825 2520  abp480n5 - ok
12:08:44.0895 2520  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:08:45.0106 2520  ACPI - ok
12:08:45.0146 2520  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:08:45.0326 2520  ACPIEC - ok
12:08:45.0386 2520  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:08:45.0616 2520  adpu160m - ok
12:08:45.0676 2520  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:08:45.0897 2520  aec - ok
12:08:45.0947 2520  [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:08:46.0157 2520  AFD - ok
12:08:46.0207 2520  [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
12:08:46.0438 2520  agp440 - ok
12:08:46.0498 2520  [ 67288B07D6ABA6C1267B626E67BC56FD ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:08:46.0718 2520  agpCPQ - ok
12:08:46.0768 2520  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:08:46.0848 2520  Aha154x - ok
12:08:46.0868 2520  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:08:47.0098 2520  aic78u2 - ok
12:08:47.0149 2520  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:08:47.0359 2520  aic78xx - ok
12:08:47.0409 2520  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:08:47.0609 2520  Alerter - ok
12:08:47.0629 2520  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\WINDOWS\System32\alg.exe
12:08:47.0719 2520  ALG - ok
12:08:47.0759 2520  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
12:08:47.0980 2520  AliIde - ok
12:08:48.0000 2520  [ F312B7CEF21EFF52FA23056B9D815FAD ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:08:48.0200 2520  alim1541 - ok
12:08:48.0210 2520  [ 675C16A3C1F8482F85EE4A97FC0DDE3D ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:08:48.0400 2520  amdagp - ok
12:08:48.0460 2520  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
12:08:48.0551 2520  amsint - ok
12:08:48.0581 2520  AntiLog32 - ok
12:08:48.0601 2520  AppMgmt - ok
12:08:48.0641 2520  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
12:08:48.0851 2520  asc - ok
12:08:48.0891 2520  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:08:48.0961 2520  asc3350p - ok
12:08:49.0031 2520  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:08:49.0211 2520  asc3550 - ok
12:08:49.0382 2520  [ D33C507942299753868204CC7642FA27 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:08:49.0412 2520  aspnet_state - ok
12:08:49.0462 2520  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:08:49.0652 2520  AsyncMac - ok
12:08:49.0682 2520  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:08:49.0872 2520  atapi - ok
12:08:49.0902 2520  Atdisk - ok
12:08:49.0953 2520  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:08:50.0133 2520  Atmarpc - ok
12:08:50.0183 2520  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:08:50.0383 2520  AudioSrv - ok
12:08:50.0433 2520  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:08:50.0614 2520  audstub - ok
12:08:50.0674 2520  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:08:50.0854 2520  Beep - ok
12:08:51.0104 2520  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130531.001\BHDrvx86.sys
12:08:51.0325 2520  BHDrvx86 - ok
12:08:51.0405 2520  [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS            C:\WINDOWS\system32\qmgr.dll
12:08:51.0655 2520  BITS - ok
12:08:51.0715 2520  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\WINDOWS\System32\browser.dll
12:08:51.0895 2520  Browser - ok
12:08:52.0056 2520  catchme - ok
12:08:52.0106 2520  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:08:52.0326 2520  cbidf - ok
12:08:52.0356 2520  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:08:52.0536 2520  cbidf2k - ok
12:08:52.0646 2520  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\1403010.016\ccSetx86.sys
12:08:52.0666 2520  ccSet_N360 - ok
12:08:52.0697 2520  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:08:52.0807 2520  cd20xrnt - ok
12:08:52.0917 2520  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:08:53.0097 2520  Cdaudio - ok
12:08:53.0127 2520  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:08:53.0357 2520  Cdfs - ok
12:08:53.0558 2520  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:08:53.0758 2520  Cdrom - ok
12:08:53.0798 2520  Changer - ok
12:08:53.0868 2520  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:08:54.0078 2520  CiSvc - ok
12:08:54.0149 2520  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:08:54.0369 2520  ClipSrv - ok
12:08:54.0429 2520  [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:08:54.0449 2520  clr_optimization_v2.0.50727_32 - ok
12:08:54.0569 2520  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:08:54.0599 2520  clr_optimization_v4.0.30319_32 - ok
12:08:54.0649 2520  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:08:54.0860 2520  CmdIde - ok
12:08:54.0890 2520  COMSysApp - ok
12:08:54.0950 2520  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:08:55.0150 2520  Cpqarray - ok
12:08:55.0210 2520  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:08:55.0410 2520  CryptSvc - ok
12:08:55.0491 2520  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:08:55.0681 2520  dac2w2k - ok
12:08:55.0731 2520  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:08:55.0911 2520  dac960nt - ok
12:08:56.0021 2520  [ 5C83A4408604F737717AB96371201680 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:08:56.0242 2520  DcomLaunch - ok
12:08:56.0302 2520  [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:08:56.0512 2520  Dhcp - ok
12:08:56.0542 2520  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:08:56.0752 2520  Disk - ok
12:08:56.0782 2520  dmadmin - ok
12:08:56.0852 2520  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:08:57.0153 2520  dmboot - ok
12:08:57.0203 2520  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:08:57.0393 2520  dmio - ok
12:08:57.0413 2520  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:08:57.0604 2520  dmload - ok
12:08:57.0634 2520  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:08:57.0864 2520  dmserver - ok
12:08:57.0914 2520  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:08:58.0104 2520  DMusic - ok
12:08:58.0154 2520  [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:08:58.0365 2520  Dnscache - ok
12:08:58.0425 2520  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:08:58.0615 2520  dpti2o - ok
12:08:58.0655 2520  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:08:58.0855 2520  drmkaud - ok
12:08:58.0966 2520  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:08:59.0036 2520  eeCtrl - ok
12:08:59.0086 2520  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:08:59.0096 2520  EraserUtilRebootDrv - ok
12:08:59.0166 2520  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:08:59.0396 2520  ERSvc - ok
12:08:59.0466 2520  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog        C:\WINDOWS\system32\services.exe
12:08:59.0667 2520  Eventlog - ok
12:08:59.0727 2520  [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem     C:\WINDOWS\system32\es.dll
12:08:59.0957 2520  EventSystem - ok
12:09:00.0017 2520  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:09:00.0217 2520  Fastfat - ok
12:09:00.0287 2520  [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:09:00.0528 2520  FastUserSwitchingCompatibility - ok
12:09:00.0558 2520  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:09:00.0768 2520  Fdc - ok
12:09:00.0788 2520  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:09:00.0978 2520  Fips - ok
12:09:01.0038 2520  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:09:01.0239 2520  Flpydisk - ok
12:09:01.0299 2520  [ 54FD90F0038F07920CB9FB6591BDE82F ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:09:01.0419 2520  FltMgr - ok
12:09:01.0529 2520  [ FACECF3F75BAF3775A879D1168402270 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:09:01.0599 2520  FontCache3.0.0.0 - ok
12:09:01.0649 2520  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:09:01.0840 2520  Fs_Rec - ok
12:09:01.0890 2520  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:09:02.0080 2520  Ftdisk - ok
12:09:02.0140 2520  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:09:02.0320 2520  Gpc - ok
12:09:02.0390 2520  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:09:02.0481 2520  HDAudBus - ok
12:09:02.0611 2520  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:09:02.0831 2520  helpsvc - ok
12:09:02.0911 2520  [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:09:03.0111 2520  HidServ - ok
12:09:03.0152 2520  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:09:03.0352 2520  HidUsb - ok
12:09:03.0412 2520  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
12:09:03.0612 2520  hpn - ok
12:09:03.0652 2520  [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:09:03.0853 2520  HTTP - ok
12:09:03.0893 2520  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:09:04.0113 2520  HTTPFilter - ok
12:09:04.0153 2520  [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
12:09:04.0353 2520  i2omgmt - ok
12:09:04.0413 2520  [ ED6BF9E441FDEA13292A6D30A64A24C3 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:09:04.0634 2520  i2omp - ok
12:09:04.0674 2520  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:09:04.0864 2520  i8042prt - ok
12:09:04.0984 2520  [ EA7267505149B3A10DF32506A4E4E412 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:09:05.0144 2520  idsvc ( UnsignedFile.Multi.Generic ) - warning
12:09:05.0144 2520  idsvc - detected UnsignedFile.Multi.Generic (1)
12:09:05.0335 2520  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130607.001\IDSxpx86.sys
12:09:05.0395 2520  IDSxpx86 - ok
12:09:05.0455 2520  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:09:05.0655 2520  Imapi - ok
12:09:05.0725 2520  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:09:05.0946 2520  ImapiService - ok
12:09:05.0986 2520  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:09:06.0186 2520  ini910u - ok
12:09:06.0526 2520  [ 2389F12F0ED506176B7C29C8144CEA09 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:09:07.0287 2520  IntcAzAudAddService - ok
12:09:07.0368 2520  [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
12:09:07.0558 2520  IntelIde - ok
12:09:07.0588 2520  [ 279FB78702454DFF2BB445F238C048D2 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:09:07.0768 2520  intelppm - ok
12:09:07.0798 2520  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:09:07.0999 2520  Ip6Fw - ok
12:09:08.0029 2520  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:09:08.0189 2520  IpFilterDriver - ok
12:09:08.0249 2520  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:09:08.0429 2520  IpInIp - ok
12:09:08.0459 2520  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:09:08.0649 2520  IpNat - ok
12:09:08.0700 2520  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:09:08.0900 2520  IPSec - ok
12:09:08.0940 2520  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:09:09.0020 2520  IRENUM - ok
12:09:09.0090 2520  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:09:09.0270 2520  isapnp - ok
12:09:09.0320 2520  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:09:09.0491 2520  Kbdclass - ok
12:09:09.0541 2520  [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:09:09.0691 2520  kbdhid - ok
12:09:09.0711 2520  keycrypt - ok
12:09:09.0781 2520  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:09:09.0961 2520  kmixer - ok
12:09:10.0011 2520  [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:09:10.0182 2520  KSecDD - ok
12:09:10.0252 2520  [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
12:09:10.0442 2520  lanmanserver - ok
12:09:10.0502 2520  [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:09:10.0692 2520  lanmanworkstation - ok
12:09:10.0722 2520  lbrtfdc - ok
12:09:10.0803 2520  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:09:11.0003 2520  LmHosts - ok
12:09:11.0133 2520  [ 4A0B6533F035D74729942EE1D19C35C5 ] lxduCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
12:09:11.0183 2520  lxduCATSCustConnectService ( UnsignedFile.Multi.Generic ) - warning
12:09:11.0183 2520  lxduCATSCustConnectService - detected UnsignedFile.Multi.Generic (1)
12:09:11.0213 2520  lxdu_device - ok
12:09:11.0263 2520  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:09:11.0423 2520  Messenger - ok
12:09:11.0474 2520  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:09:11.0674 2520  mnmdd - ok
12:09:11.0734 2520  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:09:11.0954 2520  mnmsrvc - ok
12:09:11.0994 2520  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:09:12.0185 2520  Modem - ok
12:09:12.0245 2520  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:09:12.0415 2520  Mouclass - ok
12:09:12.0455 2520  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:09:12.0615 2520  mouhid - ok
12:09:12.0655 2520  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:09:12.0835 2520  MountMgr - ok
12:09:12.0886 2520  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:09:12.0906 2520  MozillaMaintenance - ok
12:09:12.0946 2520  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:09:13.0116 2520  mraid35x - ok
12:09:13.0166 2520  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:09:13.0376 2520  MRxDAV - ok
12:09:13.0486 2520  [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:09:13.0707 2520  MRxSmb - ok
12:09:13.0757 2520  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:09:13.0927 2520  MSDTC - ok
12:09:14.0007 2520  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:09:14.0197 2520  Msfs - ok
12:09:14.0227 2520  MSIServer - ok
12:09:14.0278 2520  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:09:14.0458 2520  MSKSSRV - ok
12:09:14.0488 2520  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:09:14.0658 2520  MSPCLOCK - ok
12:09:14.0718 2520  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:09:14.0908 2520  MSPQM - ok
12:09:14.0948 2520  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:09:15.0129 2520  mssmbios - ok
12:09:15.0199 2520  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:09:15.0409 2520  Mup - ok
12:09:15.0449 2520  [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic           C:\WINDOWS\system32\DRIVERS\mxnic.sys
12:09:15.0599 2520  mxnic - ok
12:09:15.0740 2520  [ 241BD3019FB31E812A51B31B06906335 ] N360            C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
12:09:15.0760 2520  N360 - ok
12:09:15.0890 2520  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130610.007\NAVENG.SYS
12:09:15.0920 2520  NAVENG - ok
12:09:16.0060 2520  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130610.007\NAVEX15.SYS
12:09:16.0280 2520  NAVEX15 - ok
12:09:16.0351 2520  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:09:16.0541 2520  NDIS - ok
12:09:16.0601 2520  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:09:16.0811 2520  NdisTapi - ok
12:09:16.0981 2520  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:09:17.0142 2520  Ndisuio - ok
12:09:17.0182 2520  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:09:17.0342 2520  NdisWan - ok
12:09:17.0382 2520  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:09:17.0592 2520  NDProxy - ok
12:09:17.0632 2520  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:09:17.0793 2520  NetBIOS - ok
12:09:17.0863 2520  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:09:18.0073 2520  NetBT - ok
12:09:18.0133 2520  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:09:18.0313 2520  NetDDE - ok
12:09:18.0343 2520  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:09:18.0474 2520  NetDDEdsdm - ok
12:09:18.0524 2520  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:09:18.0674 2520  Netlogon - ok
12:09:18.0754 2520  [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman          C:\WINDOWS\System32\netman.dll
12:09:18.0924 2520  Netman - ok
12:09:18.0984 2520  [ 8070BB07FE06DE8B9ACB29B07016A273 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:09:19.0004 2520  NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - warning
12:09:19.0004 2520  NetTcpPortSharing - detected UnsignedFile.Multi.Generic (1)
12:09:19.0084 2520  [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:09:19.0245 2520  Nla - ok
12:09:19.0315 2520  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:09:19.0485 2520  Npfs - ok
12:09:19.0565 2520  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:09:19.0785 2520  Ntfs - ok
12:09:19.0826 2520  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:09:19.0966 2520  NtLmSsp - ok
12:09:20.0056 2520  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:09:20.0226 2520  NtmsSvc - ok
12:09:20.0276 2520  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:09:20.0446 2520  Null - ok
12:09:20.0607 2520  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:09:21.0057 2520  nv - ok
12:09:21.0127 2520  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:09:21.0288 2520  NwlnkFlt - ok
12:09:21.0318 2520  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:09:21.0518 2520  NwlnkFwd - ok
12:09:21.0628 2520  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:09:21.0648 2520  ose - ok
12:09:21.0718 2520  [ 3E16EFF2A6FED2D8D7F5A66DFE65D183 ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
12:09:21.0888 2520  P3 - ok
12:09:21.0949 2520  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:09:22.0109 2520  Parport - ok
12:09:22.0149 2520  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:09:22.0309 2520  PartMgr - ok
12:09:22.0349 2520  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:09:22.0519 2520  ParVdm - ok
12:09:22.0559 2520  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:09:22.0740 2520  PCI - ok
12:09:22.0750 2520  PCIDump - ok
12:09:22.0780 2520  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:09:22.0950 2520  PCIIde - ok
12:09:23.0000 2520  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:09:23.0160 2520  Pcmcia - ok
12:09:23.0180 2520  PDCOMP - ok
12:09:23.0210 2520  PDFRAME - ok
12:09:23.0230 2520  PDRELI - ok
12:09:23.0250 2520  PDRFRAME - ok
12:09:23.0311 2520  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
12:09:23.0461 2520  perc2 - ok
12:09:23.0501 2520  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:09:23.0641 2520  perc2hib - ok
12:09:23.0741 2520  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:09:23.0901 2520  PlugPlay - ok
12:09:23.0951 2520  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:09:24.0112 2520  PolicyAgent - ok
12:09:24.0152 2520  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:09:24.0332 2520  PptpMiniport - ok
12:09:24.0382 2520  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:09:24.0532 2520  ProtectedStorage - ok
12:09:24.0592 2520  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:09:24.0793 2520  PSched - ok
12:09:24.0823 2520  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:09:24.0953 2520  Ptilink - ok
12:09:24.0973 2520  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:09:25.0143 2520  ql1080 - ok
12:09:25.0213 2520  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:09:25.0384 2520  Ql10wnt - ok
12:09:25.0414 2520  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:09:25.0554 2520  ql12160 - ok
12:09:25.0584 2520  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:09:25.0754 2520  ql1240 - ok
12:09:25.0774 2520  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:09:25.0944 2520  ql1280 - ok
12:09:25.0984 2520  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:09:26.0155 2520  RasAcd - ok
12:09:26.0205 2520  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:09:26.0345 2520  RasAuto - ok
12:09:26.0375 2520  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:09:26.0535 2520  Rasl2tp - ok
12:09:26.0605 2520  [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:09:26.0765 2520  RasMan - ok
12:09:26.0806 2520  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:09:26.0976 2520  RasPppoe - ok
12:09:27.0036 2520  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:09:27.0206 2520  Raspti - ok
12:09:27.0246 2520  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:09:27.0416 2520  Rdbss - ok
12:09:27.0466 2520  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:09:27.0617 2520  RDPCDD - ok
12:09:27.0687 2520  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:09:27.0837 2520  rdpdr - ok
12:09:27.0887 2520  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:09:28.0057 2520  RDPWD - ok
12:09:28.0127 2520  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:09:28.0298 2520  RDSessMgr - ok
12:09:28.0368 2520  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:09:28.0548 2520  redbook - ok
12:09:28.0588 2520  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:09:28.0768 2520  RemoteAccess - ok
12:09:28.0838 2520  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:09:29.0029 2520  RpcLocator - ok
12:09:29.0069 2520  [ 5C83A4408604F737717AB96371201680 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
12:09:29.0279 2520  RpcSs - ok
12:09:29.0359 2520  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:09:29.0499 2520  RSVP - ok
12:09:29.0539 2520  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:09:29.0690 2520  rtl8139 - ok
12:09:29.0730 2520  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:09:29.0870 2520  SamSs - ok
12:09:29.0930 2520  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:09:30.0120 2520  SCardSvr - ok
12:09:30.0170 2520  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:09:30.0351 2520  Schedule - ok
12:09:30.0411 2520  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:09:30.0511 2520  Secdrv - ok
12:09:30.0581 2520  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:09:30.0751 2520  seclogon - ok
12:09:30.0791 2520  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\WINDOWS\system32\sens.dll
12:09:30.0931 2520  SENS - ok
12:09:30.0972 2520  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:09:31.0162 2520  serenum - ok
12:09:31.0192 2520  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:09:31.0352 2520  Serial - ok
12:09:31.0492 2520  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:09:31.0663 2520  Sfloppy - ok
12:09:31.0723 2520  [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:09:31.0923 2520  SharedAccess - ok
12:09:31.0973 2520  [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:09:32.0133 2520  ShellHWDetection - ok
12:09:32.0153 2520  Simbad - ok
12:09:32.0193 2520  [ 732D859B286DA692119F286B21A2A114 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:09:32.0354 2520  sisagp - ok
12:09:32.0484 2520  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:09:32.0564 2520  Sparrow - ok
12:09:32.0624 2520  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:09:32.0774 2520  splitter - ok
12:09:32.0814 2520  [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:09:32.0974 2520  Spooler - ok
12:09:33.0014 2520  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:09:33.0075 2520  sr - ok
12:09:33.0135 2520  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:09:33.0205 2520  srservice - ok
12:09:33.0295 2520  [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP           C:\WINDOWS\System32\Drivers\N360\1403010.016\SRTSP.SYS
12:09:33.0345 2520  SRTSP - ok
12:09:33.0455 2520  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\WINDOWS\system32\drivers\N360\1403010.016\SRTSPX.SYS
12:09:33.0485 2520  SRTSPX - ok
12:09:33.0575 2520  [ 20B7E396720353E4117D64D9DCB926CA ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:09:33.0776 2520  Srv - ok
12:09:33.0836 2520  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:09:33.0896 2520  SSDPSRV - ok
12:09:33.0976 2520  [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:09:34.0386 2520  stisvc - ok
12:09:34.0447 2520  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:09:34.0627 2520  swenum - ok
12:09:34.0847 2520  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:09:34.0987 2520  swmidi - ok
12:09:35.0007 2520  SwPrv - ok
12:09:35.0077 2520  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
12:09:35.0228 2520  symc810 - ok
12:09:35.0258 2520  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:09:35.0408 2520  symc8xx - ok
12:09:35.0458 2520  [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS           C:\WINDOWS\system32\drivers\N360\1403010.016\SYMDS.SYS
12:09:35.0488 2520  SymDS - ok
12:09:35.0588 2520  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\WINDOWS\system32\drivers\N360\1403010.016\SYMEFA.SYS
12:09:35.0718 2520  SymEFA - ok
12:09:35.0798 2520  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:09:35.0829 2520  SymEvent - ok
12:09:35.0899 2520  [ 123A13DCD5210F8A3BE5FC8CACBFE324 ] SymIM           C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:09:35.0919 2520  SymIM - ok
12:09:35.0949 2520  [ 123A13DCD5210F8A3BE5FC8CACBFE324 ] SymIMMP         C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:09:35.0959 2520  SymIMMP - ok
12:09:36.0049 2520  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\WINDOWS\system32\drivers\N360\1403010.016\Ironx86.SYS
12:09:36.0069 2520  SymIRON - ok
12:09:36.0149 2520  [ EC979002EBA25C9D109B2FE0E03457DA ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\1403010.016\SYMTDI.SYS
12:09:36.0179 2520  SYMTDI - ok
12:09:36.0239 2520  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:09:36.0419 2520  sym_hi - ok
12:09:36.0449 2520  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:09:36.0570 2520  sym_u3 - ok
12:09:36.0620 2520  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:09:36.0760 2520  sysaudio - ok
12:09:36.0800 2520  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:09:36.0950 2520  SysmonLog - ok
12:09:37.0050 2520  [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:09:37.0211 2520  TapiSrv - ok
12:09:37.0251 2520  [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:09:37.0471 2520  Tcpip - ok
12:09:37.0541 2520  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:09:37.0721 2520  TDPIPE - ok
12:09:37.0751 2520  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:09:37.0932 2520  TDTCP - ok
12:09:38.0012 2520  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:09:38.0172 2520  TermDD - ok
12:09:38.0262 2520  [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService     C:\WINDOWS\System32\termsrv.dll
12:09:38.0472 2520  TermService - ok
12:09:38.0512 2520  [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:09:38.0633 2520  Themes - ok
12:09:38.0683 2520  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
12:09:38.0823 2520  TosIde - ok
12:09:38.0883 2520  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:09:39.0053 2520  TrkWks - ok
12:09:39.0103 2520  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:09:39.0304 2520  Udfs - ok
12:09:39.0364 2520  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
12:09:39.0444 2520  ultra - ok
12:09:39.0504 2520  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:09:39.0644 2520  Update - ok
12:09:39.0694 2520  [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:09:39.0804 2520  upnphost - ok
12:09:39.0844 2520  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\WINDOWS\System32\ups.exe
12:09:40.0015 2520  UPS - ok
12:09:40.0065 2520  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:09:40.0255 2520  usbccgp - ok
12:09:40.0325 2520  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:09:40.0455 2520  usbehci - ok
12:09:40.0525 2520  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:09:40.0696 2520  usbhub - ok
12:09:40.0736 2520  [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:09:40.0896 2520  usbohci - ok
12:09:40.0946 2520  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:09:41.0116 2520  usbprint - ok
12:09:41.0166 2520  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:09:41.0346 2520  usbscan - ok
12:09:41.0397 2520  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:09:41.0547 2520  USBSTOR - ok
12:09:41.0617 2520  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:09:41.0737 2520  usbuhci - ok
12:09:41.0787 2520  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:09:41.0957 2520  VgaSave - ok
12:09:41.0997 2520  [ D92E7C8A30CFD14D8E15B5F7F032151B ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:09:42.0168 2520  viaagp - ok
12:09:42.0198 2520  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
12:09:42.0358 2520  ViaIde - ok
12:09:42.0438 2520  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:09:42.0598 2520  VolSnap - ok
12:09:42.0668 2520  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\WINDOWS\System32\vssvc.exe
12:09:42.0758 2520  VSS - ok
12:09:42.0809 2520  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll
12:09:42.0929 2520  W32Time - ok
12:09:42.0979 2520  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:09:43.0129 2520  Wanarp - ok
12:09:43.0159 2520  WDICA - ok
12:09:43.0219 2520  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:09:43.0399 2520  wdmaud - ok
12:09:43.0470 2520  [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:09:43.0630 2520  WebClient - ok
12:09:43.0770 2520  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:09:43.0930 2520  winmgmt - ok
12:09:44.0030 2520  [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
12:09:44.0161 2520  WmdmPmSN - ok
12:09:44.0241 2520  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:09:44.0401 2520  WmiApSrv - ok
12:09:44.0541 2520  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:09:44.0611 2520  WPFFontCache_v0400 - ok
12:09:44.0711 2520  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:09:44.0851 2520  WS2IFSL - ok
12:09:44.0902 2520  [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:09:45.0092 2520  wscsvc - ok
12:09:45.0152 2520  [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:09:45.0312 2520  wuauserv - ok
12:09:45.0362 2520  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:09:45.0563 2520  WZCSVC - ok
12:09:45.0603 2520  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:09:45.0753 2520  xmlprov - ok
12:09:45.0783 2520  ================ Scan global ===============================
12:09:45.0823 2520  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
12:09:45.0893 2520  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
12:09:45.0973 2520  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
12:09:46.0013 2520  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
12:09:46.0013 2520  [Global] - ok
12:09:46.0033 2520  ================ Scan MBR ==================================
12:09:46.0043 2520  [ E9B468D3DCCBC07254F1F04D03465DF2 ] \Device\Harddisk0\DR0
12:09:46.0764 2520  \Device\Harddisk0\DR0 - ok
12:09:46.0774 2520  ================ Scan VBR ==================================
12:09:46.0784 2520  [ 3854457A40D1A6513ACB9DDB5CA354AE ] \Device\Harddisk0\DR0\Partition1
12:09:46.0784 2520  \Device\Harddisk0\DR0\Partition1 - ok
12:09:46.0824 2520  [ 106ADD2D8042064A246981C2F61360ED ] \Device\Harddisk0\DR0\Partition2
12:09:46.0824 2520  \Device\Harddisk0\DR0\Partition2 - ok
12:09:46.0834 2520  ============================================================
12:09:46.0834 2520  Scan finished
12:09:46.0834 2520  ============================================================
12:09:46.0975 1288  Detected object count: 3
12:09:46.0975 1288  Actual detected object count: 3
12:12:51.0931 1288  idsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:12:51.0931 1288  idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:12:51.0931 1288  lxduCATSCustConnectService ( UnsignedFile.Multi.Generic ) - skipped by user
12:12:51.0931 1288  lxduCATSCustConnectService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:12:51.0941 1288  NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - skipped by user
12:12:51.0941 1288  NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:13:04.0839 3528  ============================================================
12:13:04.0839 3528  Scan started
12:13:04.0839 3528  Mode: Manual; SigCheck; TDLFS;
12:13:04.0839 3528  ============================================================
12:13:04.0959 3528  ================ Scan system memory ========================
12:13:04.0969 3528  System memory - ok
12:13:04.0979 3528  ================ Scan services =============================
12:13:05.0170 3528  Abiosdsk - ok
12:13:05.0220 3528  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:13:05.0560 3528  abp480n5 - ok
12:13:05.0620 3528  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:13:05.0810 3528  ACPI - ok
12:13:05.0851 3528  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:13:06.0021 3528  ACPIEC - ok
12:13:06.0081 3528  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:13:06.0271 3528  adpu160m - ok
12:13:06.0351 3528  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:13:06.0542 3528  aec - ok
12:13:06.0602 3528  [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:13:06.0802 3528  AFD - ok
12:13:06.0832 3528  [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
12:13:07.0002 3528  agp440 - ok
12:13:07.0052 3528  [ 67288B07D6ABA6C1267B626E67BC56FD ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:13:07.0222 3528  agpCPQ - ok
12:13:07.0243 3528  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:13:07.0363 3528  Aha154x - ok
12:13:07.0393 3528  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:13:07.0553 3528  aic78u2 - ok
12:13:07.0613 3528  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:13:07.0763 3528  aic78xx - ok
12:13:07.0833 3528  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:13:08.0034 3528  Alerter - ok
12:13:08.0094 3528  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\WINDOWS\System32\alg.exe
12:13:08.0174 3528  ALG - ok
12:13:08.0214 3528  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
12:13:08.0414 3528  AliIde - ok
12:13:08.0444 3528  [ F312B7CEF21EFF52FA23056B9D815FAD ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:13:08.0604 3528  alim1541 - ok
12:13:08.0635 3528  [ 675C16A3C1F8482F85EE4A97FC0DDE3D ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:13:08.0795 3528  amdagp - ok
12:13:08.0855 3528  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
12:13:08.0935 3528  amsint - ok
12:13:08.0965 3528  AntiLog32 - ok
12:13:08.0985 3528  AppMgmt - ok
12:13:09.0005 3528  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
12:13:09.0185 3528  asc - ok
12:13:09.0215 3528  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:13:09.0305 3528  asc3350p - ok
12:13:09.0376 3528  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:13:09.0526 3528  asc3550 - ok
12:13:09.0736 3528  [ D33C507942299753868204CC7642FA27 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:13:09.0756 3528  aspnet_state - ok
12:13:09.0806 3528  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:13:09.0966 3528  AsyncMac - ok
12:13:10.0006 3528  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:13:10.0187 3528  atapi - ok
12:13:10.0217 3528  Atdisk - ok
12:13:10.0267 3528  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:13:10.0437 3528  Atmarpc - ok
12:13:10.0487 3528  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:13:10.0667 3528  AudioSrv - ok
12:13:10.0718 3528  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:13:10.0888 3528  audstub - ok
12:13:10.0938 3528  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:13:11.0108 3528  Beep - ok
12:13:11.0559 3528  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130531.001\BHDrvx86.sys
12:13:11.0699 3528  BHDrvx86 - ok
12:13:11.0769 3528  [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS            C:\WINDOWS\system32\qmgr.dll
12:13:11.0999 3528  BITS - ok
12:13:12.0059 3528  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\WINDOWS\System32\browser.dll
12:13:12.0400 3528  Browser - ok
12:13:12.0520 3528  catchme - ok
12:13:12.0550 3528  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:13:12.0710 3528  cbidf - ok
12:13:12.0730 3528  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:13:12.0861 3528  cbidf2k - ok
12:13:12.0981 3528  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\1403010.016\ccSetx86.sys
12:13:13.0001 3528  ccSet_N360 - ok
12:13:13.0031 3528  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:13:13.0121 3528  cd20xrnt - ok
12:13:13.0171 3528  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:13:13.0321 3528  Cdaudio - ok
12:13:13.0351 3528  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:13:13.0512 3528  Cdfs - ok
12:13:13.0532 3528  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:13:14.0132 3528  Cdrom - ok
12:13:14.0142 3528  Changer - ok
12:13:14.0233 3528  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:13:14.0393 3528  CiSvc - ok
12:13:14.0433 3528  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:13:14.0603 3528  ClipSrv - ok
12:13:14.0693 3528  [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:13:14.0713 3528  clr_optimization_v2.0.50727_32 - ok
12:13:14.0853 3528  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:13:14.0873 3528  clr_optimization_v4.0.30319_32 - ok
12:13:14.0944 3528  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:13:15.0104 3528  CmdIde - ok
12:13:15.0114 3528  COMSysApp - ok
12:13:15.0134 3528  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:13:15.0284 3528  Cpqarray - ok
12:13:15.0364 3528  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:13:15.0514 3528  CryptSvc - ok
12:13:15.0564 3528  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:13:15.0735 3528  dac2w2k - ok
12:13:15.0765 3528  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:13:16.0125 3528  dac960nt - ok
12:13:16.0286 3528  [ 5C83A4408604F737717AB96371201680 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:13:16.0446 3528  DcomLaunch - ok
12:13:16.0496 3528  [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:13:16.0656 3528  Dhcp - ok
12:13:16.0686 3528  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:13:16.0846 3528  Disk - ok
12:13:16.0856 3528  dmadmin - ok
12:13:16.0956 3528  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:13:17.0237 3528  dmboot - ok
12:13:17.0267 3528  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:13:17.0437 3528  dmio - ok
12:13:17.0457 3528  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:13:17.0607 3528  dmload - ok
12:13:17.0698 3528  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:13:18.0118 3528  dmserver - ok
12:13:18.0168 3528  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:13:18.0338 3528  DMusic - ok
12:13:18.0399 3528  [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:13:18.0549 3528  Dnscache - ok
12:13:18.0609 3528  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:13:18.0769 3528  dpti2o - ok
12:13:18.0789 3528  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:13:18.0949 3528  drmkaud - ok
12:13:19.0070 3528  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:13:19.0130 3528  eeCtrl - ok
12:13:19.0170 3528  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:13:19.0190 3528  EraserUtilRebootDrv - ok
12:13:19.0230 3528  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:13:19.0370 3528  ERSvc - ok
12:13:19.0430 3528  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog        C:\WINDOWS\system32\services.exe
12:13:19.0891 3528  Eventlog - ok
12:13:19.0951 3528  [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem     C:\WINDOWS\system32\es.dll
12:13:20.0141 3528  EventSystem - ok
12:13:20.0191 3528  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:13:20.0331 3528  Fastfat - ok
12:13:20.0401 3528  [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:13:20.0552 3528  FastUserSwitchingCompatibility - ok
12:13:20.0612 3528  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:13:20.0772 3528  Fdc - ok
12:13:20.0822 3528  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:13:20.0972 3528  Fips - ok
12:13:21.0022 3528  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:13:21.0173 3528  Flpydisk - ok
12:13:21.0223 3528  [ 54FD90F0038F07920CB9FB6591BDE82F ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:13:21.0283 3528  FltMgr - ok
12:13:21.0373 3528  [ FACECF3F75BAF3775A879D1168402270 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:13:21.0423 3528  FontCache3.0.0.0 - ok
12:13:21.0463 3528  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:13:21.0613 3528  Fs_Rec - ok
12:13:21.0673 3528  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:13:22.0034 3528  Ftdisk - ok
12:13:22.0124 3528  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:13:22.0344 3528  Gpc - ok
12:13:22.0404 3528  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:13:22.0474 3528  HDAudBus - ok
12:13:22.0565 3528  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:13:22.0955 3528  helpsvc - ok
12:13:23.0035 3528  [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:13:23.0195 3528  HidServ - ok
12:13:23.0256 3528  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:13:23.0436 3528  HidUsb - ok
12:13:23.0696 3528  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
12:13:23.0826 3528  hpn - ok
12:13:23.0876 3528  [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:13:24.0027 3528  HTTP - ok
12:13:24.0067 3528  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:13:24.0217 3528  HTTPFilter - ok
12:13:24.0237 3528  [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
12:13:24.0407 3528  i2omgmt - ok
12:13:24.0477 3528  [ ED6BF9E441FDEA13292A6D30A64A24C3 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:13:24.0638 3528  i2omp - ok
12:13:24.0678 3528  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:13:24.0828 3528  i8042prt - ok
12:13:24.0968 3528  [ EA7267505149B3A10DF32506A4E4E412 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:13:25.0128 3528  idsvc ( UnsignedFile.Multi.Generic ) - warning
12:13:25.0128 3528  idsvc - detected UnsignedFile.Multi.Generic (1)
12:13:25.0258 3528  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130607.001\IDSxpx86.sys
12:13:25.0319 3528  IDSxpx86 - ok
12:13:25.0369 3528  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:13:25.0529 3528  Imapi - ok
12:13:25.0589 3528  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:13:25.0709 3528  ImapiService - ok
12:13:25.0739 3528  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:13:25.0869 3528  ini910u - ok
12:13:26.0200 3528  [ 2389F12F0ED506176B7C29C8144CEA09 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:13:27.0041 3528  IntcAzAudAddService - ok
12:13:27.0111 3528  [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
12:13:27.0291 3528  IntelIde - ok
12:13:27.0351 3528  [ 279FB78702454DFF2BB445F238C048D2 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:13:27.0582 3528  intelppm - ok
12:13:27.0622 3528  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:13:27.0942 3528  Ip6Fw - ok
12:13:27.0952 3528  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:13:28.0143 3528  IpFilterDriver - ok
12:13:28.0203 3528  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:13:28.0363 3528  IpInIp - ok
12:13:28.0393 3528  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:13:28.0753 3528  IpNat - ok
12:13:28.0783 3528  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:13:28.0924 3528  IPSec - ok
12:13:28.0964 3528  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:13:29.0054 3528  IRENUM - ok
12:13:29.0144 3528  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:13:29.0294 3528  isapnp - ok
12:13:29.0344 3528  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:13:29.0515 3528  Kbdclass - ok
12:13:29.0545 3528  [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:13:29.0705 3528  kbdhid - ok
12:13:29.0715 3528  keycrypt - ok
12:13:29.0795 3528  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:13:29.0975 3528  kmixer - ok
12:13:30.0005 3528  [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:13:30.0135 3528  KSecDD - ok
12:13:30.0186 3528  [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
12:13:30.0376 3528  lanmanserver - ok
12:13:30.0426 3528  [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:13:30.0616 3528  lanmanworkstation - ok
12:13:30.0616 3528  lbrtfdc - ok
12:13:30.0676 3528  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:13:30.0836 3528  LmHosts - ok
12:13:30.0957 3528  [ 4A0B6533F035D74729942EE1D19C35C5 ] lxduCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe
12:13:30.0997 3528  lxduCATSCustConnectService ( UnsignedFile.Multi.Generic ) - warning
12:13:30.0997 3528  lxduCATSCustConnectService - detected UnsignedFile.Multi.Generic (1)
12:13:31.0007 3528  lxdu_device - ok
12:13:31.0047 3528  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:13:31.0217 3528  Messenger - ok
12:13:31.0287 3528  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:13:31.0457 3528  mnmdd - ok
12:13:31.0517 3528  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:13:31.0708 3528  mnmsrvc - ok
12:13:31.0758 3528  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:13:31.0908 3528  Modem - ok
12:13:31.0958 3528  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:13:32.0108 3528  Mouclass - ok
12:13:32.0128 3528  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:13:32.0289 3528  mouhid - ok
12:13:32.0319 3528  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:13:32.0479 3528  MountMgr - ok
12:13:32.0549 3528  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:13:32.0579 3528  MozillaMaintenance - ok
12:13:32.0599 3528  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:13:32.0729 3528  mraid35x - ok
12:13:32.0769 3528  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:13:32.0949 3528  MRxDAV - ok
12:13:33.0010 3528  [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:13:33.0170 3528  MRxSmb - ok
12:13:33.0240 3528  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:13:33.0410 3528  MSDTC - ok
12:13:33.0450 3528  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:13:33.0610 3528  Msfs - ok
12:13:33.0620 3528  MSIServer - ok
12:13:33.0640 3528  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:13:33.0801 3528  MSKSSRV - ok
12:13:33.0811 3528  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:13:33.0961 3528  MSPCLOCK - ok
12:13:34.0041 3528  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:13:34.0191 3528  MSPQM - ok
12:13:34.0231 3528  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:13:34.0392 3528  mssmbios - ok
12:13:34.0462 3528  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:13:34.0612 3528  Mup - ok
12:13:34.0632 3528  [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic           C:\WINDOWS\system32\DRIVERS\mxnic.sys
12:13:34.0762 3528  mxnic - ok
12:13:34.0932 3528  [ 241BD3019FB31E812A51B31B06906335 ] N360            C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
12:13:34.0962 3528  N360 - ok
12:13:35.0073 3528  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130610.007\NAVENG.SYS
12:13:35.0093 3528  NAVENG - ok
12:13:35.0193 3528  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130610.007\NAVEX15.SYS
12:13:35.0533 3528  NAVEX15 - ok
12:13:35.0583 3528  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:13:35.0774 3528  NDIS - ok
12:13:35.0804 3528  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:13:35.0954 3528  NdisTapi - ok
12:13:36.0004 3528  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:13:36.0164 3528  Ndisuio - ok
12:13:36.0204 3528  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:13:36.0485 3528  NdisWan - ok
12:13:36.0535 3528  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:13:36.0695 3528  NDProxy - ok
12:13:36.0725 3528  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:13:36.0885 3528  NetBIOS - ok
12:13:36.0955 3528  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:13:37.0125 3528  NetBT - ok
12:13:37.0176 3528  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:13:37.0346 3528  NetDDE - ok
12:13:37.0386 3528  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:13:37.0516 3528  NetDDEdsdm - ok
12:13:37.0576 3528  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:13:37.0696 3528  Netlogon - ok
12:13:37.0756 3528  [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman          C:\WINDOWS\System32\netman.dll
12:13:37.0917 3528  Netman - ok
12:13:37.0967 3528  [ 8070BB07FE06DE8B9ACB29B07016A273 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:13:37.0987 3528  NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - warning
12:13:37.0987 3528  NetTcpPortSharing - detected UnsignedFile.Multi.Generic (1)
12:13:38.0047 3528  [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:13:38.0197 3528  Nla - ok
12:13:38.0247 3528  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:13:38.0377 3528  Npfs - ok
12:13:38.0447 3528  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:13:38.0588 3528  Ntfs - ok
12:13:38.0608 3528  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:13:38.0738 3528  NtLmSsp - ok
12:13:38.0788 3528  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:13:38.0968 3528  NtmsSvc - ok
12:13:38.0998 3528  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:13:39.0158 3528  Null - ok
12:13:39.0289 3528  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:13:39.0749 3528  nv - ok
12:13:39.0799 3528  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:13:39.0950 3528  NwlnkFlt - ok
12:13:39.0960 3528  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:13:40.0110 3528  NwlnkFwd - ok
12:13:40.0200 3528  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:13:40.0220 3528  ose - ok
12:13:40.0270 3528  [ 3E16EFF2A6FED2D8D7F5A66DFE65D183 ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
12:13:40.0430 3528  P3 - ok
12:13:40.0470 3528  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:13:40.0621 3528  Parport - ok
12:13:40.0681 3528  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:13:40.0811 3528  PartMgr - ok
12:13:40.0831 3528  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:13:40.0981 3528  ParVdm - ok
12:13:41.0011 3528  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:13:41.0171 3528  PCI - ok
12:13:41.0181 3528  PCIDump - ok
12:13:41.0191 3528  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:13:41.0342 3528  PCIIde - ok
12:13:41.0392 3528  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:13:41.0552 3528  Pcmcia - ok
12:13:41.0562 3528  PDCOMP - ok
12:13:41.0572 3528  PDFRAME - ok
12:13:41.0582 3528  PDRELI - ok
12:13:41.0592 3528  PDRFRAME - ok
12:13:41.0612 3528  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
12:13:41.0762 3528  perc2 - ok
12:13:41.0792 3528  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:13:41.0932 3528  perc2hib - ok
12:13:41.0972 3528  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:13:42.0103 3528  PlugPlay - ok
12:13:42.0143 3528  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:13:42.0263 3528  PolicyAgent - ok
12:13:42.0313 3528  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:13:42.0463 3528  PptpMiniport - ok
12:13:42.0493 3528  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:13:42.0623 3528  ProtectedStorage - ok
12:13:42.0663 3528  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:13:42.0824 3528  PSched - ok
12:13:42.0834 3528  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:13:42.0954 3528  Ptilink - ok
12:13:42.0974 3528  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:13:43.0134 3528  ql1080 - ok
12:13:43.0214 3528  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:13:43.0364 3528  Ql10wnt - ok
12:13:43.0395 3528  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:13:43.0515 3528  ql12160 - ok
12:13:43.0525 3528  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:13:43.0675 3528  ql1240 - ok
12:13:43.0685 3528  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:13:43.0855 3528  ql1280 - ok
12:13:43.0875 3528  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:13:43.0995 3528  RasAcd - ok
12:13:44.0055 3528  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:13:44.0196 3528  RasAuto - ok
12:13:44.0206 3528  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:13:44.0376 3528  Rasl2tp - ok
12:13:44.0626 3528  [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:13:44.0787 3528  RasMan - ok
12:13:44.0817 3528  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:13:44.0967 3528  RasPppoe - ok
12:13:45.0017 3528  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:13:45.0177 3528  Raspti - ok
12:13:45.0207 3528  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:13:45.0337 3528  Rdbss - ok
12:13:45.0367 3528  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:13:45.0528 3528  RDPCDD - ok
12:13:45.0588 3528  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:13:45.0748 3528  rdpdr - ok
12:13:45.0778 3528  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:13:45.0978 3528  RDPWD - ok
12:13:46.0058 3528  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:13:46.0209 3528  RDSessMgr - ok
12:13:46.0259 3528  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:13:46.0399 3528  redbook - ok
12:13:46.0439 3528  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:13:46.0619 3528  RemoteAccess - ok
12:13:46.0659 3528  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:13:46.0819 3528  RpcLocator - ok
12:13:46.0859 3528  [ 5C83A4408604F737717AB96371201680 ] RpcSs           C:\WINDOWS\System32\rpcss.dll
12:13:47.0030 3528  RpcSs - ok
12:13:47.0080 3528  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:13:47.0210 3528  RSVP - ok
12:13:47.0240 3528  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:13:47.0400 3528  rtl8139 - ok
12:13:47.0430 3528  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:13:47.0560 3528  SamSs - ok
12:13:47.0611 3528  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:13:47.0741 3528  SCardSvr - ok
12:13:47.0791 3528  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:13:48.0061 3528  Schedule - ok
12:13:48.0111 3528  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:13:48.0201 3528  Secdrv - ok
12:13:48.0272 3528  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:13:48.0442 3528  seclogon - ok
12:13:48.0472 3528  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\WINDOWS\system32\sens.dll
12:13:48.0602 3528  SENS - ok
12:13:48.0622 3528  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:13:48.0772 3528  serenum - ok
12:13:48.0802 3528  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:13:48.0952 3528  Serial - ok
12:13:49.0033 3528  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:13:49.0203 3528  Sfloppy - ok
12:13:49.0273 3528  [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:13:49.0513 3528  SharedAccess - ok
12:13:49.0553 3528  [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:13:49.0694 3528  ShellHWDetection - ok
12:13:49.0694 3528  Simbad - ok
12:13:49.0724 3528  [ 732D859B286DA692119F286B21A2A114 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:13:49.0874 3528  sisagp - ok
12:13:49.0914 3528  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:13:50.0014 3528  Sparrow - ok
12:13:50.0044 3528  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:13:50.0184 3528  splitter - ok
12:13:50.0234 3528  [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:13:50.0395 3528  Spooler - ok
12:13:50.0435 3528  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:13:50.0505 3528  sr - ok
12:13:50.0565 3528  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:13:50.0625 3528  srservice - ok
12:13:50.0705 3528  [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP           C:\WINDOWS\System32\Drivers\N360\1403010.016\SRTSP.SYS
12:13:50.0755 3528  SRTSP - ok
12:13:50.0855 3528  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\WINDOWS\system32\drivers\N360\1403010.016\SRTSPX.SYS
12:13:50.0875 3528  SRTSPX - ok
12:13:50.0925 3528  [ 20B7E396720353E4117D64D9DCB926CA ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:13:51.0116 3528  Srv - ok
12:13:51.0186 3528  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:13:51.0326 3528  SSDPSRV - ok
12:13:51.0676 3528  [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:13:51.0957 3528  stisvc - ok
12:13:52.0047 3528  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:13:52.0197 3528  swenum - ok
12:13:52.0668 3528  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:13:52.0808 3528  swmidi - ok
12:13:52.0818 3528  SwPrv - ok
12:13:52.0878 3528  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
12:13:53.0088 3528  symc810 - ok
12:13:53.0139 3528  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:13:53.0319 3528  symc8xx - ok
12:13:53.0539 3528  [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS           C:\WINDOWS\system32\drivers\N360\1403010.016\SYMDS.SYS
12:13:53.0649 3528  SymDS - ok
12:13:54.0050 3528  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\WINDOWS\system32\drivers\N360\1403010.016\SYMEFA.SYS
12:13:54.0140 3528  SymEFA - ok
12:13:54.0200 3528  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:13:54.0220 3528  SymEvent - ok
12:13:54.0280 3528  [ 123A13DCD5210F8A3BE5FC8CACBFE324 ] SymIM           C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:13:54.0300 3528  SymIM - ok
12:13:54.0310 3528  [ 123A13DCD5210F8A3BE5FC8CACBFE324 ] SymIMMP         C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:13:54.0340 3528  SymIMMP - ok
12:13:54.0400 3528  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\WINDOWS\system32\drivers\N360\1403010.016\Ironx86.SYS
12:13:54.0420 3528  SymIRON - ok
12:13:54.0460 3528  [ EC979002EBA25C9D109B2FE0E03457DA ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\1403010.016\SYMTDI.SYS
12:13:54.0521 3528  SYMTDI - ok
12:13:54.0621 3528  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:13:54.0761 3528  sym_hi - ok
12:13:54.0771 3528  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:13:54.0921 3528  sym_u3 - ok
12:13:54.0961 3528  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:13:55.0121 3528  sysaudio - ok
12:13:55.0171 3528  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:13:55.0332 3528  SysmonLog - ok
12:13:55.0412 3528  [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:13:55.0592 3528  TapiSrv - ok
12:13:55.0662 3528  [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:13:55.0862 3528  Tcpip - ok
12:13:55.0953 3528  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:13:56.0113 3528  TDPIPE - ok
12:13:56.0133 3528  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:13:56.0353 3528  TDTCP - ok
12:13:56.0463 3528  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:13:56.0764 3528  TermDD - ok
12:13:56.0924 3528  [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService     C:\WINDOWS\System32\termsrv.dll
12:13:57.0104 3528  TermService - ok
12:13:57.0224 3528  [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:13:57.0385 3528  Themes - ok
12:13:57.0415 3528  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
12:13:57.0575 3528  TosIde - ok
12:13:57.0735 3528  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:13:57.0905 3528  TrkWks - ok
12:13:58.0016 3528  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:13:58.0206 3528  Udfs - ok
12:13:58.0216 3528  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
12:13:58.0356 3528  ultra - ok
12:13:58.0466 3528  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:13:59.0027 3528  Update - ok
12:13:59.0177 3528  [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:13:59.0277 3528  upnphost - ok
12:13:59.0347 3528  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\WINDOWS\System32\ups.exe
12:13:59.0628 3528  UPS - ok
12:13:59.0798 3528  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:14:00.0048 3528  usbccgp - ok
12:14:00.0329 3528  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:14:00.0539 3528  usbehci - ok
12:14:00.0649 3528  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:14:00.0940 3528  usbhub - ok
12:14:00.0990 3528  [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:14:01.0270 3528  usbohci - ok
12:14:01.0320 3528  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:14:01.0621 3528  usbprint - ok
12:14:01.0701 3528  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:14:01.0911 3528  usbscan - ok
12:14:01.0981 3528  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:14:02.0222 3528  USBSTOR - ok
12:14:02.0252 3528  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:14:02.0412 3528  usbuhci - ok
12:14:02.0482 3528  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:14:02.0752 3528  VgaSave - ok
12:14:02.0792 3528  [ D92E7C8A30CFD14D8E15B5F7F032151B ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:14:03.0093 3528  viaagp - ok
12:14:03.0113 3528  [ 59CB1338AD3654417BEA49636457F65D ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
12:14:03.0373 3528  ViaIde - ok
12:14:03.0443 3528  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:14:03.0654 3528  VolSnap - ok
12:14:03.0774 3528  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\WINDOWS\System32\vssvc.exe
12:14:03.0924 3528  VSS - ok
12:14:04.0034 3528  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll
12:14:04.0184 3528  W32Time - ok
12:14:04.0224 3528  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:14:04.0385 3528  Wanarp - ok
12:14:04.0395 3528  WDICA - ok
12:14:04.0425 3528  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:14:04.0575 3528  wdmaud - ok
12:14:04.0625 3528  [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:14:04.0825 3528  WebClient - ok
12:14:04.0935 3528  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:14:05.0126 3528  winmgmt - ok
12:14:05.0206 3528  [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
12:14:05.0366 3528  WmdmPmSN - ok
12:14:05.0436 3528  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:14:05.0626 3528  WmiApSrv - ok
12:14:05.0827 3528  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:14:06.0187 3528  WPFFontCache_v0400 - ok
12:14:06.0237 3528  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:14:06.0448 3528  WS2IFSL - ok
12:14:06.0498 3528  [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:14:06.0748 3528  wscsvc - ok
12:14:06.0848 3528  [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:14:07.0139 3528  wuauserv - ok
12:14:07.0299 3528  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:14:07.0669 3528  WZCSVC - ok
12:14:07.0719 3528  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:14:08.0250 3528  xmlprov - ok
12:14:08.0260 3528  ================ Scan global ===============================
12:14:08.0661 3528  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
12:14:08.0801 3528  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
12:14:08.0831 3528  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
12:14:08.0961 3528  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
12:14:08.0971 3528  [Global] - ok
12:14:08.0971 3528  ================ Scan MBR ==================================
12:14:09.0111 3528  [ E9B468D3DCCBC07254F1F04D03465DF2 ] \Device\Harddisk0\DR0
12:14:11.0335 3528  \Device\Harddisk0\DR0 - ok
12:14:11.0345 3528  ================ Scan VBR ==================================
12:14:11.0375 3528  [ 3854457A40D1A6513ACB9DDB5CA354AE ] \Device\Harddisk0\DR0\Partition1
12:14:11.0375 3528  \Device\Harddisk0\DR0\Partition1 - ok
12:14:11.0475 3528  [ 106ADD2D8042064A246981C2F61360ED ] \Device\Harddisk0\DR0\Partition2
12:14:11.0505 3528  \Device\Harddisk0\DR0\Partition2 - ok
12:14:11.0505 3528  ============================================================
12:14:11.0505 3528  Scan finished
12:14:11.0505 3528  ============================================================
12:14:11.0525 0512  Detected object count: 3
12:14:11.0525 0512  Actual detected object count: 3
12:14:24.0994 0512  idsvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:24.0994 0512  idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:24.0994 0512  lxduCATSCustConnectService ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:24.0994 0512  lxduCATSCustConnectService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:25.0024 0512  NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - skipped by user
12:14:25.0024 0512  NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:14:29.0060 2588  Deinitialize success
 

 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 14 June 2013 - 10:07 AM

Important security issue
Support for Windows XP Service Pack 2 ended 13/07/2010
http://support.microsoft.com/lifecycle/?LN=en-gb&C2=1173

For continued support get the Service Pack 3.

http://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3

Note that Service Pack 2 must be installed before you proceed with the SP3 installation.
Information on the page.

====

For your additional information.
Windows XP SP3 and Office 2003
Support Ends April 8, 2014

http://www.microsoft.com/en-us/windows/endofsupport.aspx

Post a fresh DDS log if successful.

#12 Cristie

Cristie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:03:58 AM

Posted 14 June 2013 - 11:42 AM

After SP3 download

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512
Run by Owner at 9:34:39 on 2013-06-14
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1406.763 [GMT -7:00]
.
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hotmail.com/
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.3.1.22\ips\ipsbho.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - c:\program files\lexmark printable web\bho.dll
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3DCF40DC-A583-4612-9658-418BB3F7BDCF} : DHCPNameServer = 75.75.75.75 75.75.76.76
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\c8w9l99x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hotmail.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-28 08:03; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\IPSFFPlgn
FF - ExtSQL: 2013-05-28 08:11; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\coFFPlgn
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1403010.016\symds.sys [2013-5-29 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1403010.016\symefa.sys [2013-5-29 934488]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130531.001\BHDrvx86.sys [2013-5-31 1002072]
R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1403010.016\ccsetx86.sys [2013-5-29 134304]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1403010.016\ironx86.sys [2013-5-29 175264]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\20.3.1.22\ccsvchst.exe [2013-5-29 144520]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-5-28 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130613.002\IDSXpx86.sys [2013-6-14 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\virusdefs\20130614.001\NAVENG.SYS [2013-6-14 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\virusdefs\20130614.001\NAVEX15.SYS [2013-6-14 1611992]
S1 AntiLog32;AntiLog32;\??\c:\windows\system32\drivers\antilog32.sys --> c:\windows\system32\drivers\AntiLog32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2013-4-25 94208]
S3 keycrypt;keycrypt;c:\windows\system32\drivers\keycrypt32.sys --> c:\windows\system32\drivers\KeyCrypt32.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-14 16:05:17    --------    d-----w-    c:\windows\ServicePackFiles
2013-06-14 16:05:06    294912    ------w-    c:\program files\windows media player\dlimport.exe
2013-06-14 16:05:02    294912    -c----w-    c:\windows\system32\dllcache\dlimport.exe
2013-06-14 16:01:17    19569    ----a-w-    c:\windows\002757_.tmp
2013-06-14 16:01:10    --------    d-----w-    c:\windows\system32\ReinstallBackups
2013-06-14 15:58:00    --------    d-----w-    c:\windows\EHome
2013-06-07 16:49:14    --------    d-sha-r-    C:\cmdcons
2013-06-07 16:47:30    98816    ----a-w-    c:\windows\sed.exe
2013-06-07 16:47:30    256000    ----a-w-    c:\windows\PEV.exe
2013-06-07 16:47:30    208896    ----a-w-    c:\windows\MBR.exe
2013-06-05 15:06:53    18944    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2013-06-05 15:06:53    17920    ----a-w-    c:\windows\system32\mdimon.dll
2013-06-05 15:06:14    --------    d-----w-    c:\program files\Microsoft ActiveSync
2013-06-05 15:05:59    --------    d-----w-    c:\windows\SHELLNEW
2013-05-31 13:36:17    --------    d-----w-    c:\documents and settings\owner\local settings\application data\PCHealth
2013-05-31 13:35:15    44064    ----a-r-    c:\windows\system32\drivers\SymIM.sys
2013-05-29 20:16:27    934488    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\symefa.sys
2013-05-29 20:16:27    394656    ----a-r-    c:\windows\system32\drivers\n360\1403010.016\symtdi.sys
2013-05-29 20:16:27    367704    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\symds.sys
2013-05-29 20:16:27    350368    ----a-r-    c:\windows\system32\drivers\n360\1403010.016\symtdiv.sys
2013-05-29 20:16:27    338592    ----a-r-    c:\windows\system32\drivers\n360\1403010.016\symnets.sys
2013-05-29 20:16:27    32344    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\srtspx.sys
2013-05-29 20:16:27    21400    ----a-r-    c:\windows\system32\drivers\n360\1403010.016\symelam.sys
2013-05-29 20:16:26    602712    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\srtsp.sys
2013-05-29 20:16:26    175264    ----a-r-    c:\windows\system32\drivers\n360\1403010.016\ironx86.sys
2013-05-29 20:16:26    134304    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\ccsetx86.sys
2013-05-29 20:15:51    14818    ----a-w-    c:\windows\system32\drivers\n360\1403010.016\symvtcer.dat
2013-05-29 20:15:50    --------    d-----w-    c:\windows\system32\drivers\n360\1403010.016
2013-05-28 15:00:04    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-05-28 15:00:04    --------    d-----w-    c:\program files\Symantec
2013-05-28 15:00:04    --------    d-----w-    c:\program files\common files\Symantec Shared
2013-05-28 14:58:55    --------    d-----w-    c:\windows\system32\drivers\N360
2013-05-28 14:58:51    --------    d-----w-    c:\program files\Norton Security Suite
2013-05-28 14:56:18    --------    d-----w-    c:\program files\NortonInstaller
2013-05-28 14:56:18    --------    d-----w-    c:\documents and settings\all users\application data\NortonInstaller
2013-05-28 14:44:38    --------    d-----w-    c:\documents and settings\all users\application data\Norton
2013-05-28 13:34:10    --------    d-----w-    c:\windows\system32\XPSViewer
2013-05-28 13:33:17    27648    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-05-28 13:33:06    14048    ------w-    c:\windows\system32\spmsg2.dll
2013-05-28 13:25:36    --------    d-----w-    c:\documents and settings\all users\application data\White Sky, Inc
2013-05-24 16:13:10    262552    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-24 16:11:38    59288    ----a-w-    c:\program files\mozilla firefox\libEGL.dll
2013-05-24 16:11:38    478104    ----a-w-    c:\program files\mozilla firefox\libGLESv2.dll
2013-05-24 16:11:38    117144    ----a-w-    c:\program files\mozilla firefox\maintenanceservice.exe
2013-05-24 16:11:37    920472    ----a-w-    c:\program files\mozilla firefox\firefox.exe
2013-05-24 16:11:37    3076504    ----a-w-    c:\program files\mozilla firefox\gkmedias.dll
2013-05-24 16:11:37    279448    ----a-w-    c:\program files\mozilla firefox\freebl3.dll
2013-05-24 16:11:37    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-05-24 16:11:37    116120    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2013-05-24 16:11:36    74136    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2013-05-24 16:11:36    19352    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
.
==================== Find3M  ====================
.
2013-05-28 12:17:49    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-28 12:17:49    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-02 09:06:08    238872    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH:  9:35:15.46 ===============

 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 15 June 2013 - 07:22 AM

How is the computer running now?
Any persisting issues?

#14 Cristie

Cristie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:03:58 AM

Posted 18 June 2013 - 10:06 AM

Hi nasdaq;  Thanks so much for your assistance.  Nothing looming at this time.  I am still puzzled by the computer's behavior when I was attempting to find the DDS through Search.  It was as though someone pirated the DDS text for review before I posted it here. 

 

Not sure how to proceed from here.  Is it possible there is a keylogger or some other hacking program embedded in my software or in Windows?  Maybe through my IP?  I have reformatted a couple of times and absolutely certain my internet activity is being monitored.

 

Thank you so much for your time and assistance........Cristie



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,561 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:58 AM

Posted 18 June 2013 - 12:53 PM

Run the DDS tool one more time. See if you can get a clean log.

===

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users