Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads are running in the background with no windows open


  • Please log in to reply
15 replies to this topic

#1 inthemood

inthemood

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 02 August 2013 - 09:30 AM

I am using Firefox and all of a sudden ads started playing in the background with now windows open. Tried finding the route of the problem but failed. Need help. Thanks!


Edited by hamluis, 02 August 2013 - 10:19 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 PM

Posted 02 August 2013 - 10:23 AM

:welcome:

 

:step1: Install and run MBAM

:step2:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

 

:step3: ESET Online Scanner

==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 inthemood

inthemood
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 02 August 2013 - 11:48 AM

Here is step 1 results. Moving on to step 2.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: FNPCC-01 [administrator]

8/2/2013 11:44:58 AM
mbam-log-2013-08-02 (11-44-58).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 398495
Time elapsed: 50 minute(s), 10 second(s)

Memory Processes Detected: 1
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> 1836 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 29
HKLM\SYSTEM\CurrentControlSet\Services\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> No action taken.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken.
HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken.
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken.
HKCR\SWEETIE.IEToolbar.1 (PUP.Optional.SweetPacks) -> No action taken.
HKCR\SWEETIE.IEToolbar (PUP.Optional.SweetPacks) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken.
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken.
HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> No action taken.
HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken.
HKCR\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> No action taken.
HKCR\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} (PUP.Optional.SweetPacks) -> No action taken.
HKCR\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} (PUP.Optional.SweetPacks) -> No action taken.
HKCR\Extension.ExtensionHelperObject.1 (PUP.Optional.SweetPacks) -> No action taken.
HKCR\Extension.ExtensionHelperObject (PUP.Optional.SweetPacks) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> No action taken.
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> No action taken.
HKCR\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> No action taken.
HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> No action taken.
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.SweetIM) -> No action taken.
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook (PUP.Optional.SweetIM) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1 (PUP.Optional.SweetPacks.A) -> No action taken.

Registry Values Detected: 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data: 썛愘ᇜ犜ጀ유䞘 -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data:  -> No action taken.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> No action taken.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data:  -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> Data:  -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE (PUP.Optional.SweetIM) -> Data: 1 -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL (PUP.Optional.SweetIM) -> Data: 1 -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={C174DA19-AD04-11E2-BB4B-008EF28BB07D}) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 13
C:\Program Files\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale\en-US (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\skin (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\defaults (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\libraries (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\resources (PUP.Optional.SweetPacks.A) -> No action taken.

Files Detected: 31
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> No action taken.
C:\Program Files\Updater By SweetPacks\Extension32.dll (PUP.Optional.SweetPacks) -> No action taken.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe (PUP.Optional.SweetIM) -> No action taken.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (PUP.Optional.SweetIM) -> No action taken.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> No action taken.
C:\WINDOWS\Installer\4a53a2d8.msi (PUP.Optional.SweetIM) -> No action taken.
C:\Program Files\Updater By SweetPacks\DGChrome.exe (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\InstallerHelper.dll (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\source.crx (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\unins000.dat (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\unins000.exe (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome.manifest (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\install.rdf (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js.bak (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.xul (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries\DataExchangeScript.js (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources\localscript.js (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale\en-US\overlay.dtd (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\skin\overlay.css (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences\defaults.js (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\libraries\DataExchangeScript.js (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\resources\localscript.js (PUP.Optional.SweetPacks.A) -> No action taken.

(end)
 



#4 inthemood

inthemood
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 02 August 2013 - 11:52 AM

Here is Step 2)

 

12:49:44.0593 0592  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:49:45.0562 0592  ============================================================
12:49:45.0562 0592  Current date / time: 2013/08/02 12:49:45.0562
12:49:45.0562 0592  SystemInfo:
12:49:45.0562 0592  
12:49:45.0562 0592  OS Version: 5.1.2600 ServicePack: 3.0
12:49:45.0562 0592  Product type: Workstation
12:49:45.0562 0592  ComputerName: FNPCC-01
12:49:45.0562 0592  UserName: user
12:49:45.0562 0592  Windows directory: C:\WINDOWS
12:49:45.0562 0592  System windows directory: C:\WINDOWS
12:49:45.0562 0592  Processor architecture: Intel x86
12:49:45.0562 0592  Number of processors: 2
12:49:45.0562 0592  Page size: 0x1000
12:49:45.0562 0592  Boot type: Normal boot
12:49:45.0562 0592  ============================================================
12:49:49.0250 0592  Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:49:49.0484 0592  ============================================================
12:49:49.0484 0592  \Device\Harddisk0\DR0:
12:49:49.0500 0592  MBR partitions:
12:49:49.0500 0592  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A
12:49:49.0500 0592  ============================================================
12:49:49.0531 0592  C: <-> \Device\Harddisk0\DR0\Partition1
12:49:49.0546 0592  ============================================================
12:49:49.0546 0592  Initialize success
12:49:49.0546 0592  ============================================================
12:50:19.0515 4072  ============================================================
12:50:19.0515 4072  Scan started
12:50:19.0515 4072  Mode: Manual; TDLFS;
12:50:19.0515 4072  ============================================================
12:50:22.0359 4072  ================ Scan system memory ========================
12:50:22.0359 4072  System memory - ok
12:50:22.0359 4072  ================ Scan services =============================
12:50:22.0531 4072  Abiosdsk - ok
12:50:22.0593 4072  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:50:22.0609 4072  abp480n5 - ok
12:50:22.0625 4072  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:50:22.0640 4072  ACPI - ok
12:50:22.0656 4072  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:50:22.0656 4072  ACPIEC - ok
12:50:22.0703 4072  [ 803C7D4767132F2407431103055C9000 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
12:50:22.0718 4072  ADIHdAudAddService - ok
12:50:22.0781 4072  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:50:22.0781 4072  AdobeFlashPlayerUpdateSvc - ok
12:50:22.0828 4072  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:50:22.0828 4072  adpu160m - ok
12:50:22.0859 4072  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:50:22.0875 4072  aec - ok
12:50:22.0906 4072  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:50:22.0906 4072  AFD - ok
12:50:22.0953 4072  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
12:50:22.0953 4072  agp440 - ok
12:50:22.0984 4072  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:50:22.0984 4072  agpCPQ - ok
12:50:22.0984 4072  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:50:22.0984 4072  Aha154x - ok
12:50:22.0984 4072  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:50:23.0000 4072  aic78u2 - ok
12:50:23.0015 4072  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:50:23.0015 4072  aic78xx - ok
12:50:23.0046 4072  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:50:23.0046 4072  Alerter - ok
12:50:23.0062 4072  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
12:50:23.0062 4072  ALG - ok
12:50:23.0109 4072  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
12:50:23.0109 4072  AliIde - ok
12:50:23.0125 4072  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:50:23.0140 4072  alim1541 - ok
12:50:23.0156 4072  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:50:23.0156 4072  amdagp - ok
12:50:23.0171 4072  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
12:50:23.0171 4072  amsint - ok
12:50:23.0250 4072  [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
12:50:23.0250 4072  Apple Mobile Device - ok
12:50:23.0265 4072  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
12:50:23.0265 4072  AppMgmt - ok
12:50:23.0296 4072  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
12:50:23.0296 4072  asc - ok
12:50:23.0312 4072  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:50:23.0312 4072  asc3350p - ok
12:50:23.0312 4072  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:50:23.0312 4072  asc3550 - ok
12:50:23.0453 4072  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:50:23.0453 4072  aspnet_state - ok
12:50:23.0468 4072  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:50:23.0468 4072  AsyncMac - ok
12:50:23.0500 4072  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:50:23.0500 4072  atapi - ok
12:50:23.0500 4072  Atdisk - ok
12:50:23.0515 4072  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:50:23.0546 4072  Atmarpc - ok
12:50:23.0578 4072  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:50:23.0578 4072  AudioSrv - ok
12:50:23.0609 4072  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:50:23.0625 4072  audstub - ok
12:50:23.0656 4072  [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:50:23.0656 4072  b57w2k - ok
12:50:23.0718 4072  [ BCDF72DCE41874B3AD9143D537B493B2 ] BCMH43XX        C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
12:50:23.0750 4072  BCMH43XX - ok
12:50:23.0781 4072  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:50:23.0781 4072  Beep - ok
12:50:24.0000 4072  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys
12:50:24.0250 4072  BHDrvx86 - ok
12:50:24.0359 4072  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:50:24.0609 4072  BITS - ok
12:50:24.0671 4072  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
12:50:24.0671 4072  Browser - ok
12:50:24.0765 4072  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:50:24.0765 4072  cbidf - ok
12:50:24.0765 4072  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:50:24.0765 4072  cbidf2k - ok
12:50:24.0875 4072  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_NAV       C:\WINDOWS\system32\drivers\NAV\1404000.028\ccSetx86.sys
12:50:24.0875 4072  ccSet_NAV - ok
12:50:24.0937 4072  [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_NST       C:\WINDOWS\system32\drivers\NST\7DD01000.020\ccSetx86.sys
12:50:24.0937 4072  ccSet_NST - ok
12:50:24.0984 4072  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:50:24.0984 4072  cd20xrnt - ok
12:50:25.0078 4072  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:50:25.0078 4072  Cdaudio - ok
12:50:25.0125 4072  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:50:25.0125 4072  Cdfs - ok
12:50:25.0140 4072  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:50:25.0140 4072  Cdrom - ok
12:50:25.0218 4072  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
12:50:25.0218 4072  cercsr6 - ok
12:50:25.0218 4072  Changer - ok
12:50:25.0250 4072  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:50:25.0250 4072  CiSvc - ok
12:50:25.0281 4072  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:50:25.0281 4072  ClipSrv - ok
12:50:25.0343 4072  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:50:25.0468 4072  clr_optimization_v2.0.50727_32 - ok
12:50:25.0500 4072  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:50:25.0531 4072  clr_optimization_v4.0.30319_32 - ok
12:50:25.0609 4072  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:50:25.0609 4072  CmdIde - ok
12:50:25.0625 4072  COMSysApp - ok
12:50:25.0640 4072  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:50:25.0640 4072  Cpqarray - ok
12:50:25.0671 4072  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:50:25.0671 4072  CryptSvc - ok
12:50:25.0687 4072  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:50:25.0687 4072  dac2w2k - ok
12:50:25.0687 4072  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:50:25.0687 4072  dac960nt - ok
12:50:25.0734 4072  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:50:25.0734 4072  DcomLaunch - ok
12:50:25.0765 4072  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:50:25.0765 4072  Dhcp - ok
12:50:25.0781 4072  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:50:25.0781 4072  Disk - ok
12:50:25.0828 4072  [ C1E8F827343C65957F76487677711DFA ] DM150Drv        C:\WINDOWS\system32\DRIVERS\DM150Drv.sys
12:50:25.0828 4072  DM150Drv - ok
12:50:25.0828 4072  dmadmin - ok
12:50:25.0859 4072  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:50:25.0875 4072  dmboot - ok
12:50:25.0906 4072  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:50:25.0906 4072  dmio - ok
12:50:25.0921 4072  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:50:25.0921 4072  dmload - ok
12:50:25.0937 4072  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:50:25.0937 4072  dmserver - ok
12:50:25.0984 4072  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:50:25.0984 4072  DMusic - ok
12:50:26.0015 4072  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:50:26.0015 4072  Dnscache - ok
12:50:26.0062 4072  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:50:26.0062 4072  Dot3svc - ok
12:50:26.0140 4072  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:50:26.0140 4072  dpti2o - ok
12:50:26.0250 4072  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:50:26.0250 4072  drmkaud - ok
12:50:26.0265 4072  [ D60759140694150360BBEFD9CAB7C920 ] e1kexpress      C:\WINDOWS\system32\DRIVERS\e1k5132.sys
12:50:26.0265 4072  e1kexpress - ok
12:50:26.0281 4072  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:50:26.0281 4072  EapHost - ok
12:50:26.0328 4072  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:50:26.0328 4072  eeCtrl - ok
12:50:26.0359 4072  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:50:26.0359 4072  EraserUtilRebootDrv - ok
12:50:26.0375 4072  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:50:26.0390 4072  ERSvc - ok
12:50:26.0437 4072  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
12:50:26.0453 4072  Eventlog - ok
12:50:26.0531 4072  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
12:50:26.0531 4072  EventSystem - ok
12:50:26.0562 4072  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:50:26.0562 4072  Fastfat - ok
12:50:26.0593 4072  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:50:26.0609 4072  FastUserSwitchingCompatibility - ok
12:50:26.0640 4072  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:50:26.0640 4072  Fdc - ok
12:50:26.0656 4072  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:50:26.0656 4072  Fips - ok
12:50:26.0734 4072  [ 1C8401072E39784CDA54E1BA8D8EE845 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
12:50:26.0734 4072  FlipShare Service - ok
12:50:26.0765 4072  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:50:26.0781 4072  Flpydisk - ok
12:50:26.0796 4072  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
12:50:26.0812 4072  FltMgr - ok
12:50:26.0859 4072  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:50:26.0906 4072  FontCache3.0.0.0 - ok
12:50:26.0921 4072  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:50:27.0015 4072  Fs_Rec - ok
12:50:27.0140 4072  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:50:27.0140 4072  Ftdisk - ok
12:50:27.0359 4072  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:50:27.0359 4072  GEARAspiWDM - ok
12:50:27.0390 4072  [ 80D6EA9C46904608CEA146C4996A824A ] GoToAssist      C:\Program Files\Citrix\GoToAssist\822\g2aservice.exe
12:50:27.0390 4072  GoToAssist - ok
12:50:27.0421 4072  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:50:27.0421 4072  Gpc - ok
12:50:27.0468 4072  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:50:27.0468 4072  gupdate - ok
12:50:27.0468 4072  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:50:27.0468 4072  gupdatem - ok
12:50:27.0484 4072  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:50:27.0484 4072  HDAudBus - ok
12:50:27.0531 4072  [ E4A123AD734A3731D29EBD3A01B3E535 ] HECI            C:\WINDOWS\system32\DRIVERS\HECI.sys
12:50:27.0531 4072  HECI - ok
12:50:27.0593 4072  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:50:27.0593 4072  helpsvc - ok
12:50:27.0593 4072  HidServ - ok
12:50:27.0640 4072  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:50:27.0640 4072  hidusb - ok
12:50:27.0671 4072  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:50:27.0671 4072  hkmsvc - ok
12:50:27.0687 4072  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
12:50:27.0703 4072  hpn - ok
12:50:27.0734 4072  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:50:27.0734 4072  HTTP - ok
12:50:27.0765 4072  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:50:27.0781 4072  HTTPFilter - ok
12:50:27.0812 4072  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
12:50:27.0812 4072  i2omgmt - ok
12:50:27.0828 4072  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:50:27.0828 4072  i2omp - ok
12:50:27.0843 4072  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:50:27.0843 4072  i8042prt - ok
12:50:27.0953 4072  [ A01BB8DA8D73BCA83702A4CF1CD56DCE ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:50:28.0031 4072  ialm - ok
12:50:28.0093 4072  [ 6C44FA574A17B31E12DDBBE973171728 ] iastor          C:\WINDOWS\system32\drivers\iaStor.sys
12:50:28.0109 4072  iastor - ok
12:50:28.0156 4072  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:50:28.0171 4072  idsvc - ok
12:50:28.0250 4072  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130801.001\IDSxpx86.sys
12:50:28.0250 4072  IDSxpx86 - ok
12:50:28.0265 4072  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:50:28.0265 4072  Imapi - ok
12:50:28.0312 4072  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:50:28.0312 4072  ImapiService - ok
12:50:28.0359 4072  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:50:28.0359 4072  ini910u - ok
12:50:28.0468 4072  [ 1660E885A2BAC0CDD877AADAE2D23479 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtDHDAud.sys
12:50:28.0546 4072  IntcAzAudAddService - ok
12:50:28.0593 4072  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
12:50:28.0593 4072  IntelIde - ok
12:50:28.0625 4072  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:50:28.0625 4072  intelppm - ok
12:50:28.0640 4072  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
12:50:28.0656 4072  Ip6Fw - ok
12:50:28.0671 4072  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:50:28.0671 4072  IpFilterDriver - ok
12:50:28.0671 4072  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:50:28.0671 4072  IpInIp - ok
12:50:28.0687 4072  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:50:28.0687 4072  IpNat - ok
12:50:28.0734 4072  [ 31116E352808019E69ECA58D1A6C66B0 ] iPod Service    C:\Program Files\iTunes\iPod\bin\iPodService.exe
12:50:28.0750 4072  iPod Service - ok
12:50:28.0781 4072  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:50:28.0781 4072  IPSec - ok
12:50:28.0859 4072  [ D8107EAE1BAE51F2BE30B7FE95FB2F7F ] IQ.Core.UpdateFoundation.WindowsService C:\Program Files\iQmetrix\IQ.Core.UpdateFoundation.WindowsService.exe
12:50:28.0859 4072  IQ.Core.UpdateFoundation.WindowsService - ok
12:50:28.0875 4072  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:50:28.0875 4072  IRENUM - ok
12:50:28.0906 4072  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:50:28.0906 4072  isapnp - ok
12:50:28.0953 4072  [ 997190701BD80DD0F4412ED202CC7816 ] k57w2k          C:\WINDOWS\system32\DRIVERS\k57xp32.sys
12:50:28.0953 4072  k57w2k - ok
12:50:28.0953 4072  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:50:28.0953 4072  Kbdclass - ok
12:50:28.0984 4072  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:50:29.0000 4072  kbdhid - ok
12:50:29.0015 4072  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:50:29.0015 4072  kmixer - ok
12:50:29.0031 4072  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:50:29.0046 4072  KSecDD - ok
12:50:29.0078 4072  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
12:50:29.0078 4072  lanmanserver - ok
12:50:29.0125 4072  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:50:29.0140 4072  lanmanworkstation - ok
12:50:29.0140 4072  lbrtfdc - ok
12:50:29.0171 4072  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:50:29.0171 4072  LmHosts - ok
12:50:29.0265 4072  [ DABCB3AD9B60BFDA876CB4F6081E822F ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
12:50:29.0265 4072  LMIGuardianSvc - ok
12:50:29.0312 4072  [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049 ] LMIInfo         C:\Program Files\LogMeIn\x86\RaInfo.sys
12:50:29.0312 4072  LMIInfo - ok
12:50:29.0343 4072  [ AB73A7C8594ABE0A7418626F0E742F40 ] LMIMaint        C:\Program Files\LogMeIn\x86\RaMaint.exe
12:50:29.0343 4072  LMIMaint - ok
12:50:29.0375 4072  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr         C:\WINDOWS\system32\DRIVERS\lmimirr.sys
12:50:29.0375 4072  lmimirr - ok
12:50:29.0375 4072  LMIRfsClientNP - ok
12:50:29.0421 4072  [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver    C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
12:50:29.0421 4072  LMIRfsDriver - ok
12:50:29.0453 4072  [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe
12:50:29.0468 4072  LogMeIn - ok
12:50:29.0500 4072  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:50:29.0500 4072  Messenger - ok
12:50:29.0531 4072  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:50:29.0531 4072  mnmdd - ok
12:50:29.0562 4072  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:50:29.0562 4072  mnmsrvc - ok
12:50:29.0593 4072  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:50:29.0593 4072  Modem - ok
12:50:29.0609 4072  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:50:29.0609 4072  Mouclass - ok
12:50:29.0625 4072  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:50:29.0625 4072  mouhid - ok
12:50:29.0656 4072  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:50:29.0671 4072  MountMgr - ok
12:50:29.0734 4072  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:50:29.0734 4072  MozillaMaintenance - ok
12:50:29.0781 4072  [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys
12:50:29.0796 4072  MQAC - ok
12:50:29.0828 4072  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:50:29.0828 4072  mraid35x - ok
12:50:29.0921 4072  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:50:29.0953 4072  MRxDAV - ok
12:50:30.0046 4072  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:50:30.0140 4072  MRxSmb - ok
12:50:30.0187 4072  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:50:30.0187 4072  MSDTC - ok
12:50:30.0281 4072  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:50:30.0281 4072  Msfs - ok
12:50:30.0281 4072  MSIServer - ok
12:50:30.0312 4072  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:50:30.0312 4072  MSKSSRV - ok
12:50:30.0328 4072  [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] MSMQ            C:\WINDOWS\system32\mqsvc.exe
12:50:30.0328 4072  MSMQ - ok
12:50:30.0359 4072  [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] MSMQTriggers    C:\WINDOWS\system32\mqtgsvc.exe
12:50:30.0359 4072  MSMQTriggers - ok
12:50:30.0375 4072  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:50:30.0375 4072  MSPCLOCK - ok
12:50:30.0375 4072  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:50:30.0390 4072  MSPQM - ok
12:50:30.0406 4072  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:50:30.0421 4072  mssmbios - ok
12:50:30.0453 4072  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:50:30.0453 4072  Mup - ok
12:50:30.0484 4072  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:50:30.0500 4072  napagent - ok
12:50:30.0562 4072  [ 1BF9D6476061B31CD7FC2BF848529A56 ] NAV             C:\Program Files\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
12:50:30.0562 4072  NAV - ok
12:50:30.0625 4072  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130801.034\NAVENG.SYS
12:50:30.0640 4072  NAVENG - ok
12:50:30.0687 4072  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130801.034\NAVEX15.SYS
12:50:30.0734 4072  NAVEX15 - ok
12:50:30.0796 4072  [ 8D11DA92F83D8C8281689739BEF05FD5 ] NCO             C:\Program Files\Norton Identity Safe\Engine\2013.1.0.32\ccSvcHst.exe
12:50:30.0796 4072  NCO - ok
12:50:30.0828 4072  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:50:30.0828 4072  NDIS - ok
12:50:30.0875 4072  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:50:30.0875 4072  NdisTapi - ok
12:50:30.0906 4072  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:50:30.0906 4072  Ndisuio - ok
12:50:30.0906 4072  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:50:30.0906 4072  NdisWan - ok
12:50:30.0937 4072  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:50:30.0937 4072  NDProxy - ok
12:50:30.0984 4072  [ 284432E671F1AF6B09B81DA24D3ABCAE ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:50:31.0000 4072  Net Driver HPZ12 - ok
12:50:31.0031 4072  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:50:31.0031 4072  NetBIOS - ok
12:50:31.0046 4072  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:50:31.0046 4072  NetBT - ok
12:50:31.0078 4072  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:50:31.0078 4072  NetDDE - ok
12:50:31.0078 4072  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:50:31.0078 4072  NetDDEdsdm - ok
12:50:31.0109 4072  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:50:31.0109 4072  Netlogon - ok
12:50:31.0125 4072  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
12:50:31.0125 4072  Netman - ok
12:50:31.0156 4072  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:50:31.0156 4072  NetTcpPortSharing - ok
12:50:31.0187 4072  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:50:31.0203 4072  Nla - ok
12:50:31.0234 4072  [ 59194C84ACC776FD4B9A037030331E96 ] nlsX86cc        C:\WINDOWS\system32\NLSSRV32.EXE
12:50:31.0234 4072  nlsX86cc - ok
12:50:31.0281 4072  [ B9730495E0CF674680121E34BD95A73B ] NPF             C:\WINDOWS\system32\DRIVERS\npf.sys
12:50:31.0281 4072  NPF - ok
12:50:31.0312 4072  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:50:31.0312 4072  Npfs - ok
12:50:31.0343 4072  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:50:31.0359 4072  Ntfs - ok
12:50:31.0375 4072  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:50:31.0375 4072  NtLmSsp - ok
12:50:31.0406 4072  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:50:31.0406 4072  NtmsSvc - ok
12:50:31.0437 4072  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:50:31.0437 4072  Null - ok
12:50:31.0453 4072  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:50:31.0453 4072  NwlnkFlt - ok
12:50:31.0468 4072  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:50:31.0468 4072  NwlnkFwd - ok
12:50:31.0531 4072  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:50:31.0546 4072  ose - ok
12:50:31.0578 4072  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:50:31.0578 4072  Parport - ok
12:50:31.0593 4072  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:50:31.0609 4072  PartMgr - ok
12:50:31.0625 4072  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:50:31.0625 4072  ParVdm - ok
12:50:31.0625 4072  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:50:31.0640 4072  PCI - ok
12:50:31.0640 4072  PCIDump - ok
12:50:31.0671 4072  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:50:31.0671 4072  PCIIde - ok
12:50:31.0687 4072  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:50:31.0687 4072  Pcmcia - ok
12:50:31.0687 4072  PDCOMP - ok
12:50:31.0687 4072  PDFRAME - ok
12:50:31.0687 4072  PDRELI - ok
12:50:31.0687 4072  PDRFRAME - ok
12:50:31.0703 4072  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
12:50:31.0703 4072  perc2 - ok
12:50:31.0703 4072  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:50:31.0703 4072  perc2hib - ok
12:50:31.0750 4072  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:50:31.0750 4072  PlugPlay - ok
12:50:31.0828 4072  [ 4153912765F7F2DE2A5C9A241ABB03FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:50:31.0828 4072  Pml Driver HPZ12 - ok
12:50:31.0843 4072  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:50:31.0843 4072  PolicyAgent - ok
12:50:31.0875 4072  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:50:31.0875 4072  PptpMiniport - ok
12:50:31.0875 4072  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:50:31.0875 4072  ProtectedStorage - ok
12:50:31.0890 4072  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:50:31.0890 4072  PSched - ok
12:50:31.0906 4072  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:50:31.0906 4072  Ptilink - ok
12:50:31.0984 4072  [ 2631FC0676CC310B2E85FDE46B1560D9 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:50:31.0984 4072  QBCFMonitorService - ok
12:50:32.0015 4072  [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:50:32.0015 4072  QBFCService - ok
12:50:32.0031 4072  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:50:32.0031 4072  ql1080 - ok
12:50:32.0046 4072  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:50:32.0046 4072  Ql10wnt - ok
12:50:32.0046 4072  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:50:32.0046 4072  ql12160 - ok
12:50:32.0062 4072  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:50:32.0062 4072  ql1240 - ok
12:50:32.0062 4072  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:50:32.0062 4072  ql1280 - ok
12:50:32.0109 4072  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:50:32.0109 4072  RasAcd - ok
12:50:32.0140 4072  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:50:32.0140 4072  RasAuto - ok
12:50:32.0187 4072  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:50:32.0187 4072  Rasl2tp - ok
12:50:32.0218 4072  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:50:32.0234 4072  RasMan - ok
12:50:32.0234 4072  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:50:32.0250 4072  RasPppoe - ok
12:50:32.0281 4072  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:50:32.0281 4072  Raspti - ok
12:50:32.0281 4072  rcvpn - ok
12:50:32.0312 4072  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:50:32.0312 4072  Rdbss - ok
12:50:32.0328 4072  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:50:32.0328 4072  RDPCDD - ok
12:50:32.0343 4072  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:50:32.0343 4072  rdpdr - ok
12:50:32.0375 4072  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:50:32.0375 4072  RDPWD - ok
12:50:32.0390 4072  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:50:32.0406 4072  RDSessMgr - ok
12:50:32.0437 4072  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:50:32.0437 4072  redbook - ok
12:50:32.0468 4072  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:50:32.0468 4072  RemoteAccess - ok
12:50:32.0484 4072  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:50:32.0484 4072  RemoteRegistry - ok
12:50:32.0531 4072  [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial.sys
12:50:32.0531 4072  RimVSerPort - ok
12:50:32.0546 4072  [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST          C:\WINDOWS\system32\drivers\RMCast.sys
12:50:32.0562 4072  RMCAST - ok
12:50:32.0578 4072  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
12:50:32.0578 4072  ROOTMODEM - ok
12:50:32.0593 4072  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:50:32.0593 4072  RpcLocator - ok
12:50:32.0625 4072  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
12:50:32.0625 4072  RpcSs - ok
12:50:32.0656 4072  [ 0E11B35E972796042044BC27CE13B065 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
12:50:32.0656 4072  rspndr - ok
12:50:32.0687 4072  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:50:32.0687 4072  RSVP - ok
12:50:32.0718 4072  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:50:32.0718 4072  SamSs - ok
12:50:32.0734 4072  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:50:32.0734 4072  SCardSvr - ok
12:50:32.0781 4072  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:50:32.0781 4072  Schedule - ok
12:50:32.0843 4072  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:50:32.0843 4072  Secdrv - ok
12:50:32.0859 4072  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:50:32.0859 4072  seclogon - ok
12:50:32.0875 4072  senfilt - ok
12:50:32.0875 4072  SenFiltService - ok
12:50:32.0875 4072  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
12:50:32.0875 4072  SENS - ok
12:50:32.0906 4072  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:50:32.0906 4072  Serenum - ok
12:50:32.0921 4072  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:50:32.0921 4072  Serial - ok
12:50:32.0984 4072  [ B6401608579B6431994425BA7653F774 ] SFAUDIO         C:\WINDOWS\system32\drivers\sfaudio.sys
12:50:32.0984 4072  SFAUDIO - ok
12:50:33.0015 4072  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:50:33.0015 4072  Sfloppy - ok
12:50:33.0046 4072  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:50:33.0046 4072  SharedAccess - ok
12:50:33.0093 4072  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:50:33.0093 4072  ShellHWDetection - ok
12:50:33.0093 4072  Simbad - ok
12:50:33.0125 4072  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:50:33.0125 4072  sisagp - ok
12:50:33.0171 4072  smwdm - ok
12:50:33.0203 4072  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:50:33.0218 4072  Sparrow - ok
12:50:33.0296 4072  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:50:33.0296 4072  splitter - ok
12:50:33.0359 4072  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:50:33.0359 4072  Spooler - ok
12:50:33.0375 4072  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:50:33.0375 4072  sr - ok
12:50:33.0390 4072  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:50:33.0390 4072  srservice - ok
12:50:33.0437 4072  [ C743E384E9EFCA10B41C60D406DE39C0 ] SRTSP           C:\WINDOWS\System32\Drivers\NAV\1404000.028\SRTSP.SYS
12:50:33.0453 4072  SRTSP - ok
12:50:33.0484 4072  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\WINDOWS\system32\drivers\NAV\1404000.028\SRTSPX.SYS
12:50:33.0484 4072  SRTSPX - ok
12:50:33.0531 4072  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:50:33.0546 4072  Srv - ok
12:50:33.0578 4072  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:50:33.0578 4072  SSDPSRV - ok
12:50:33.0609 4072  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
12:50:33.0609 4072  StillCam - ok
12:50:33.0640 4072  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:50:33.0656 4072  stisvc - ok
12:50:33.0671 4072  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:50:33.0671 4072  swenum - ok
12:50:33.0718 4072  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:50:33.0718 4072  swmidi - ok
12:50:33.0718 4072  SwPrv - ok
12:50:33.0734 4072  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
12:50:33.0734 4072  symc810 - ok
12:50:33.0734 4072  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:50:33.0734 4072  symc8xx - ok
12:50:33.0750 4072  [ 5A193E5E0F0A776430E5D62A051C1E16 ] SymDS           C:\WINDOWS\system32\drivers\NAV\1404000.028\SYMDS.SYS
12:50:33.0765 4072  SymDS - ok
12:50:33.0781 4072  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\WINDOWS\system32\drivers\NAV\1404000.028\SYMEFA.SYS
12:50:33.0796 4072  SymEFA - ok
12:50:33.0859 4072  [ F50D81D3E0C7A353F205562B89CD06D6 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:50:33.0859 4072  SymEvent - ok
12:50:33.0890 4072  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\WINDOWS\system32\drivers\NAV\1404000.028\Ironx86.SYS
12:50:33.0890 4072  SymIRON - ok
12:50:33.0906 4072  [ E9C316262C48BF299E02FC8B1CE2B925 ] SYMTDI          C:\WINDOWS\System32\Drivers\NAV\1404000.028\SYMTDI.SYS
12:50:33.0906 4072  SYMTDI - ok
12:50:33.0968 4072  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:50:33.0968 4072  sym_hi - ok
12:50:33.0968 4072  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:50:33.0968 4072  sym_u3 - ok
12:50:34.0000 4072  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:50:34.0000 4072  sysaudio - ok
12:50:34.0031 4072  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:50:34.0031 4072  SysmonLog - ok
12:50:34.0062 4072  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:50:34.0078 4072  TapiSrv - ok
12:50:34.0093 4072  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:50:34.0093 4072  Tcpip - ok
12:50:34.0125 4072  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:50:34.0125 4072  TDPIPE - ok
12:50:34.0140 4072  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:50:34.0140 4072  TDTCP - ok
12:50:34.0156 4072  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:50:34.0156 4072  TermDD - ok
12:50:34.0187 4072  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
12:50:34.0187 4072  TermService - ok
12:50:34.0203 4072  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:50:34.0203 4072  Themes - ok
12:50:34.0234 4072  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
12:50:34.0234 4072  TlntSvr - ok
12:50:34.0250 4072  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
12:50:34.0250 4072  TosIde - ok
12:50:34.0265 4072  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:50:34.0265 4072  TrkWks - ok
12:50:34.0281 4072  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:50:34.0281 4072  Udfs - ok
12:50:34.0312 4072  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
12:50:34.0312 4072  ultra - ok
12:50:34.0343 4072  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:50:34.0343 4072  Update - ok
12:50:34.0406 4072  [ 78A13F566238A3112573743752FE589F ] Updater By SweetPacks C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
12:50:34.0406 4072  Updater By SweetPacks - ok
12:50:34.0453 4072  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:50:34.0453 4072  upnphost - ok
12:50:34.0468 4072  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
12:50:34.0468 4072  UPS - ok
12:50:34.0515 4072  [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
12:50:34.0515 4072  USBAAPL - ok
12:50:34.0531 4072  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:50:34.0546 4072  usbccgp - ok
12:50:34.0578 4072  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:50:34.0578 4072  usbehci - ok
12:50:34.0593 4072  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:50:34.0593 4072  usbhub - ok
12:50:34.0593 4072  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:50:34.0609 4072  usbprint - ok
12:50:34.0640 4072  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:50:34.0640 4072  usbscan - ok
12:50:34.0656 4072  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:50:34.0656 4072  USBSTOR - ok
12:50:34.0687 4072  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:50:34.0687 4072  usbuhci - ok
12:50:34.0687 4072  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:50:34.0703 4072  VgaSave - ok
12:50:34.0718 4072  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:50:34.0718 4072  viaagp - ok
12:50:34.0734 4072  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
12:50:34.0734 4072  ViaIde - ok
12:50:34.0734 4072  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:50:34.0734 4072  VolSnap - ok
12:50:34.0781 4072  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
12:50:34.0781 4072  VSS - ok
12:50:34.0796 4072  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
12:50:34.0796 4072  W32Time - ok
12:50:34.0812 4072  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:50:34.0812 4072  Wanarp - ok
12:50:34.0812 4072  WDICA - ok
12:50:34.0828 4072  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:50:34.0843 4072  wdmaud - ok
12:50:34.0843 4072  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:50:34.0859 4072  WebClient - ok
12:50:34.0937 4072  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:50:34.0937 4072  winmgmt - ok
12:50:34.0968 4072  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
12:50:34.0968 4072  WmdmPmSN - ok
12:50:35.0000 4072  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
12:50:35.0015 4072  Wmi - ok
12:50:35.0078 4072  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:50:35.0078 4072  WmiAcpi - ok
12:50:35.0109 4072  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:50:35.0109 4072  WmiApSrv - ok
12:50:35.0203 4072  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:50:35.0218 4072  WMPNetworkSvc - ok
12:50:35.0296 4072  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:50:35.0343 4072  WPFFontCache_v0400 - ok
12:50:35.0375 4072  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:50:35.0390 4072  wscsvc - ok
12:50:35.0453 4072  [ D161D62AE8D3F3EC1197B012D5E47431 ] WSWNDA3100v2    C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
12:50:35.0453 4072  WSWNDA3100v2 - ok
12:50:35.0500 4072  [ B72508649DAD03BCB5D708EDB1E3E57E ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:50:35.0515 4072  wuauserv - ok
12:50:35.0546 4072  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:50:35.0546 4072  WudfPf - ok
12:50:35.0562 4072  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:50:35.0562 4072  WudfRd - ok
12:50:35.0562 4072  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:50:35.0578 4072  WudfSvc - ok
12:50:35.0593 4072  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:50:35.0593 4072  WZCSVC - ok
12:50:35.0609 4072  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:50:35.0609 4072  xmlprov - ok
12:50:35.0640 4072  ================ Scan global ===============================
12:50:35.0671 4072  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:50:35.0703 4072  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:50:35.0718 4072  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:50:35.0718 4072  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:50:35.0718 4072  [Global] - ok
12:50:35.0718 4072  ================ Scan MBR ==================================
12:50:35.0734 4072  [ B8219E126CCFCA2511CA3F82E8C3CEDF ] \Device\Harddisk0\DR0
12:50:35.0734 4072  Suspicious mbr (Forged): \Device\Harddisk0\DR0
12:50:35.0765 4072  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected
12:50:35.0765 4072  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)
12:50:35.0906 4072  ================ Scan VBR ==================================
12:50:35.0906 4072  [ 90F43345D2187B0F75370E6F0DCEC885 ] \Device\Harddisk0\DR0\Partition1
12:50:35.0906 4072  \Device\Harddisk0\DR0\Partition1 - ok
12:50:35.0906 4072  ============================================================
12:50:35.0906 4072  Scan finished
12:50:35.0906 4072  ============================================================
12:50:35.0921 8504  Detected object count: 1
12:50:35.0921 8504  Actual detected object count: 1
12:50:54.0281 8504  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - skipped by user
12:50:54.0281 8504  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Skip
 



#5 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 PM

Posted 02 August 2013 - 12:26 PM

:step1: Quarantines the found infections by MBAM.

 

:step2:  Rerun TDSSKiller, cure:

 

12:50:54.0281 8504  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - skipped by user
12:50:54.0281 8504  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Skip


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#6 inthemood

inthemood
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 02 August 2013 - 12:42 PM

Step 3:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ryna1erp.default\extensions\dpukykkjkf@dpukykkjkf.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan
C:\Documents and Settings\All Users\Application Data\Ask\APN-Stub\AD5\APNIC.dll    a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\LogMeInRemoteUser\Application Data\Mozilla\Firefox\Profiles\ryna1erp.default\extensions\dpukykkjkf@dpukykkjkf.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan
C:\Documents and Settings\sysadmin\Application Data\Mozilla\Firefox\Profiles\ryna1erp.default\extensions\dpukykkjkf@dpukykkjkf.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan
C:\Documents and Settings\useradmin\Application Data\Mozilla\Firefox\Profiles\ryna1erp.default\extensions\dpukykkjkf@dpukykkjkf.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan
C:\Program Files\Updater By SweetPacks\Extension32.dll    a variant of Win32/Toolbar.Perion.A application
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe    a variant of Win32/Toolbar.BitCocktail.B application
C:\Program Files\Updater By SweetPacks\InstallerHelper.dll    a variant of Win32/Toolbar.BitCocktail.A application
C:\RECYCLER\S-1-5-21-600431266-3748241440-1411249840-1071\Dc212\extensions\dpukykkjkf@dpukykkjkf.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan
C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\ryna1erp.default\extensions\dpukykkjkf@dpukykkjkf.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan
Operating memory    a variant of Win32/Toolbar.BitCocktail.B application
 



:step1: Quarantines the found infections by MBAM.

 

:step2:  Rerun TDSSKiller, cure:

 

12:50:54.0281 8504  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - skipped by user
12:50:54.0281 8504  \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Skip

Only some of the infections in MBAM are checked off. Should I check them all or just the ones the program does?



#7 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 PM

Posted 02 August 2013 - 12:48 PM

I would check them all, so you got all the infections away. But this infections can cause also trouble after removing, because some of the .dll files of the toolbars will be removed.

Another note: It's very important to cure the Rootkit. Also after removal change your passwords and pay attention for homebanking, because this machine is been infected heavily. I will give advice afterwards, first we must remove all malware.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#8 inthemood

inthemood
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 02 August 2013 - 02:06 PM

Everything in MBAM is Quarantined and Cured Rootkit in TDSSKiller.



#9 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 PM

Posted 02 August 2013 - 02:14 PM

You may reboot the computer. Then run again MBAM and TDSSKiller.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#10 inthemood

inthemood
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 05 August 2013 - 08:19 AM

MBAM Results:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: FNPCC-01 [administrator]

8/5/2013 8:24:33 AM
mbam-log-2013-08-05 (08-24-33).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 396973
Time elapsed: 54 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#11 inthemood

inthemood
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 05 August 2013 - 08:21 AM

TDSS Killer Report did not show up but I pulled it anyways:

 

09:20:21.0951 210096  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:20:23.0951 210096  ============================================================
09:20:23.0951 210096  Current date / time: 2013/08/05 09:20:23.0951
09:20:23.0951 210096  SystemInfo:
09:20:23.0951 210096  
09:20:23.0951 210096  OS Version: 5.1.2600 ServicePack: 3.0
09:20:23.0951 210096  Product type: Workstation
09:20:23.0951 210096  ComputerName: FNPCC-01
09:20:23.0951 210096  UserName: user
09:20:23.0951 210096  Windows directory: C:\WINDOWS
09:20:23.0951 210096  System windows directory: C:\WINDOWS
09:20:23.0951 210096  Processor architecture: Intel x86
09:20:23.0951 210096  Number of processors: 2
09:20:23.0951 210096  Page size: 0x1000
09:20:23.0951 210096  Boot type: Normal boot
09:20:23.0951 210096  ============================================================
09:20:26.0357 210096  Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:20:26.0357 210096  ============================================================
09:20:26.0357 210096  \Device\Harddisk0\DR0:
09:20:26.0373 210096  MBR partitions:
09:20:26.0373 210096  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A
09:20:26.0373 210096  ============================================================
09:20:26.0404 210096  C: <-> \Device\Harddisk0\DR0\Partition1
09:20:26.0404 210096  ============================================================
09:20:26.0404 210096  Initialize success
09:20:26.0404 210096  ============================================================
09:20:52.0931 208820  ============================================================
09:20:52.0931 208820  Scan started
09:20:52.0931 208820  Mode: Manual; TDLFS;
09:20:52.0931 208820  ============================================================
09:20:53.0619 208820  ================ Scan system memory ========================
09:20:53.0619 208820  System memory - ok
09:20:53.0619 208820  ================ Scan services =============================
09:20:53.0681 208820  Abiosdsk - ok
09:20:53.0712 208820  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:20:53.0712 208820  abp480n5 - ok
09:20:53.0744 208820  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:20:53.0744 208820  ACPI - ok
09:20:53.0775 208820  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
09:20:53.0775 208820  ACPIEC - ok
09:20:53.0806 208820  [ 803C7D4767132F2407431103055C9000 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:20:53.0806 208820  ADIHdAudAddService - ok
09:20:53.0869 208820  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:20:53.0869 208820  AdobeFlashPlayerUpdateSvc - ok
09:20:53.0900 208820  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:20:53.0900 208820  adpu160m - ok
09:20:53.0947 208820  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
09:20:53.0947 208820  aec - ok
09:20:53.0978 208820  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
09:20:53.0978 208820  AFD - ok
09:20:54.0009 208820  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
09:20:54.0009 208820  agp440 - ok
09:20:54.0025 208820  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:20:54.0025 208820  agpCPQ - ok
09:20:54.0041 208820  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:20:54.0041 208820  Aha154x - ok
09:20:54.0056 208820  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:20:54.0056 208820  aic78u2 - ok
09:20:54.0056 208820  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:20:54.0056 208820  aic78xx - ok
09:20:54.0072 208820  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
09:20:54.0087 208820  Alerter - ok
09:20:54.0103 208820  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
09:20:54.0103 208820  ALG - ok
09:20:54.0119 208820  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
09:20:54.0119 208820  AliIde - ok
09:20:54.0134 208820  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:20:54.0134 208820  alim1541 - ok
09:20:54.0134 208820  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:20:54.0134 208820  amdagp - ok
09:20:54.0150 208820  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
09:20:54.0150 208820  amsint - ok
09:20:54.0228 208820  [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
09:20:54.0228 208820  Apple Mobile Device - ok
09:20:54.0244 208820  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
09:20:54.0244 208820  AppMgmt - ok
09:20:54.0275 208820  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
09:20:54.0275 208820  asc - ok
09:20:54.0275 208820  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:20:54.0275 208820  asc3350p - ok
09:20:54.0275 208820  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:20:54.0290 208820  asc3550 - ok
09:20:54.0369 208820  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:20:54.0369 208820  aspnet_state - ok
09:20:54.0384 208820  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:20:54.0384 208820  AsyncMac - ok
09:20:54.0400 208820  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
09:20:54.0400 208820  atapi - ok
09:20:54.0400 208820  Atdisk - ok
09:20:54.0415 208820  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:20:54.0415 208820  Atmarpc - ok
09:20:54.0447 208820  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
09:20:54.0447 208820  AudioSrv - ok
09:20:54.0478 208820  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
09:20:54.0478 208820  audstub - ok
09:20:54.0509 208820  [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:20:54.0509 208820  b57w2k - ok
09:20:54.0556 208820  [ BCDF72DCE41874B3AD9143D537B493B2 ] BCMH43XX        C:\WINDOWS\system32\DRIVERS\bcmwlhigh5.sys
09:20:54.0572 208820  BCMH43XX - ok
09:20:54.0603 208820  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
09:20:54.0603 208820  Beep - ok
09:20:54.0790 208820  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys
09:20:54.0806 208820  BHDrvx86 - ok
09:20:54.0837 208820  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
09:20:54.0837 208820  BITS - ok
09:20:54.0869 208820  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
09:20:54.0869 208820  Browser - ok
09:20:54.0900 208820  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:20:54.0900 208820  cbidf - ok
09:20:54.0900 208820  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
09:20:54.0900 208820  cbidf2k - ok
09:20:54.0947 208820  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\1404000.028\ccSetx86.sys
09:20:54.0962 208820  ccSet_N360 - ok
09:20:54.0962 208820  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:20:54.0962 208820  cd20xrnt - ok
09:20:54.0978 208820  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
09:20:54.0978 208820  Cdaudio - ok
09:20:54.0993 208820  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
09:20:55.0009 208820  Cdfs - ok
09:20:55.0025 208820  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:20:55.0025 208820  Cdrom - ok
09:20:55.0025 208820  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
09:20:55.0040 208820  cercsr6 - ok
09:20:55.0040 208820  Changer - ok
09:20:55.0056 208820  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
09:20:55.0056 208820  CiSvc - ok
09:20:55.0072 208820  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
09:20:55.0072 208820  ClipSrv - ok
09:20:55.0118 208820  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:20:55.0118 208820  clr_optimization_v2.0.50727_32 - ok
09:20:55.0165 208820  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:20:55.0165 208820  clr_optimization_v4.0.30319_32 - ok
09:20:55.0197 208820  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:20:55.0197 208820  CmdIde - ok
09:20:55.0197 208820  COMSysApp - ok
09:20:55.0212 208820  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:20:55.0212 208820  Cpqarray - ok
09:20:55.0243 208820  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
09:20:55.0243 208820  CryptSvc - ok
09:20:55.0259 208820  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:20:55.0259 208820  dac2w2k - ok
09:20:55.0259 208820  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:20:55.0259 208820  dac960nt - ok
09:20:55.0290 208820  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:20:55.0306 208820  DcomLaunch - ok
09:20:55.0337 208820  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
09:20:55.0337 208820  Dhcp - ok
09:20:55.0353 208820  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
09:20:55.0353 208820  Disk - ok
09:20:55.0384 208820  [ C1E8F827343C65957F76487677711DFA ] DM150Drv        C:\WINDOWS\system32\DRIVERS\DM150Drv.sys
09:20:55.0384 208820  DM150Drv - ok
09:20:55.0384 208820  dmadmin - ok
09:20:55.0415 208820  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
09:20:55.0431 208820  dmboot - ok
09:20:55.0431 208820  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
09:20:55.0447 208820  dmio - ok
09:20:55.0447 208820  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
09:20:55.0447 208820  dmload - ok
09:20:55.0462 208820  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
09:20:55.0478 208820  dmserver - ok
09:20:55.0509 208820  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
09:20:55.0509 208820  DMusic - ok
09:20:55.0540 208820  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:20:55.0540 208820  Dnscache - ok
09:20:55.0556 208820  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
09:20:55.0571 208820  Dot3svc - ok
09:20:55.0587 208820  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:20:55.0587 208820  dpti2o - ok
09:20:55.0603 208820  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
09:20:55.0603 208820  drmkaud - ok
09:20:55.0618 208820  [ D60759140694150360BBEFD9CAB7C920 ] e1kexpress      C:\WINDOWS\system32\DRIVERS\e1k5132.sys
09:20:55.0618 208820  e1kexpress - ok
09:20:55.0634 208820  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
09:20:55.0634 208820  EapHost - ok
09:20:55.0681 208820  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
09:20:55.0681 208820  eeCtrl - ok
09:20:55.0712 208820  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilDrv11220 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
09:20:55.0712 208820  EraserUtilDrv11220 - ok
09:20:55.0728 208820  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
09:20:55.0728 208820  ERSvc - ok
09:20:55.0759 208820  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
09:20:55.0759 208820  Eventlog - ok
09:20:55.0790 208820  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
09:20:55.0790 208820  EventSystem - ok
09:20:55.0806 208820  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
09:20:55.0806 208820  Fastfat - ok
09:20:55.0837 208820  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:20:55.0853 208820  FastUserSwitchingCompatibility - ok
09:20:55.0868 208820  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
09:20:55.0868 208820  Fdc - ok
09:20:55.0900 208820  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
09:20:55.0900 208820  Fips - ok
09:20:55.0962 208820  [ 1C8401072E39784CDA54E1BA8D8EE845 ] FlipShare Service C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
09:20:55.0978 208820  FlipShare Service - ok
09:20:55.0993 208820  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:20:55.0993 208820  Flpydisk - ok
09:20:56.0025 208820  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
09:20:56.0025 208820  FltMgr - ok
09:20:56.0103 208820  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:20:56.0103 208820  FontCache3.0.0.0 - ok
09:20:56.0118 208820  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:20:56.0118 208820  Fs_Rec - ok
09:20:56.0150 208820  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:20:56.0150 208820  Ftdisk - ok
09:20:56.0196 208820  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:20:56.0196 208820  GEARAspiWDM - ok
09:20:56.0243 208820  [ 80D6EA9C46904608CEA146C4996A824A ] GoToAssist      C:\Program Files\Citrix\GoToAssist\822\g2aservice.exe
09:20:56.0243 208820  GoToAssist - ok
09:20:56.0259 208820  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:20:56.0259 208820  Gpc - ok
09:20:56.0290 208820  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
09:20:56.0290 208820  gupdate - ok
09:20:56.0290 208820  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
09:20:56.0290 208820  gupdatem - ok
09:20:56.0306 208820  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:20:56.0306 208820  HDAudBus - ok
09:20:56.0321 208820  [ E4A123AD734A3731D29EBD3A01B3E535 ] HECI            C:\WINDOWS\system32\DRIVERS\HECI.sys
09:20:56.0337 208820  HECI - ok
09:20:56.0399 208820  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:20:56.0399 208820  helpsvc - ok
09:20:56.0399 208820  HidServ - ok
09:20:56.0415 208820  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:20:56.0415 208820  hidusb - ok
09:20:56.0446 208820  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
09:20:56.0446 208820  hkmsvc - ok
09:20:56.0478 208820  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
09:20:56.0478 208820  hpn - ok
09:20:56.0509 208820  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
09:20:56.0524 208820  HTTP - ok
09:20:56.0540 208820  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
09:20:56.0540 208820  HTTPFilter - ok
09:20:56.0556 208820  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
09:20:56.0556 208820  i2omgmt - ok
09:20:56.0556 208820  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:20:56.0556 208820  i2omp - ok
09:20:56.0571 208820  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:20:56.0571 208820  i8042prt - ok
09:20:56.0681 208820  [ A01BB8DA8D73BCA83702A4CF1CD56DCE ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:20:56.0821 208820  ialm - ok
09:20:56.0868 208820  [ 6C44FA574A17B31E12DDBBE973171728 ] iastor          C:\WINDOWS\system32\drivers\iaStor.sys
09:20:56.0868 208820  iastor - ok
09:20:56.0915 208820  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:20:56.0931 208820  idsvc - ok
09:20:56.0993 208820  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20130802.001\IDSxpx86.sys
09:20:56.0993 208820  IDSxpx86 - ok
09:20:57.0009 208820  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
09:20:57.0009 208820  Imapi - ok
09:20:57.0056 208820  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
09:20:57.0056 208820  ImapiService - ok
09:20:57.0087 208820  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:20:57.0087 208820  ini910u - ok
09:20:57.0196 208820  [ 1660E885A2BAC0CDD877AADAE2D23479 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtDHDAud.sys
09:20:57.0259 208820  IntcAzAudAddService - ok
09:20:57.0274 208820  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
09:20:57.0274 208820  IntelIde - ok
09:20:57.0306 208820  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:20:57.0306 208820  intelppm - ok
09:20:57.0337 208820  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
09:20:57.0337 208820  Ip6Fw - ok
09:20:57.0352 208820  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:20:57.0352 208820  IpFilterDriver - ok
09:20:57.0352 208820  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:20:57.0352 208820  IpInIp - ok
09:20:57.0384 208820  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:20:57.0384 208820  IpNat - ok
09:20:57.0446 208820  [ 31116E352808019E69ECA58D1A6C66B0 ] iPod Service    C:\Program Files\iTunes\iPod\bin\iPodService.exe
09:20:57.0446 208820  iPod Service - ok
09:20:57.0462 208820  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:20:57.0462 208820  IPSec - ok
09:20:57.0524 208820  [ D8107EAE1BAE51F2BE30B7FE95FB2F7F ] IQ.Core.UpdateFoundation.WindowsService C:\Program Files\iQmetrix\IQ.Core.UpdateFoundation.WindowsService.exe
09:20:57.0524 208820  IQ.Core.UpdateFoundation.WindowsService - ok
09:20:57.0540 208820  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
09:20:57.0555 208820  IRENUM - ok
09:20:57.0571 208820  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:20:57.0571 208820  isapnp - ok
09:20:57.0618 208820  [ 997190701BD80DD0F4412ED202CC7816 ] k57w2k          C:\WINDOWS\system32\DRIVERS\k57xp32.sys
09:20:57.0618 208820  k57w2k - ok
09:20:57.0618 208820  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:20:57.0618 208820  Kbdclass - ok
09:20:57.0649 208820  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:20:57.0649 208820  kbdhid - ok
09:20:57.0665 208820  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
09:20:57.0665 208820  kmixer - ok
09:20:57.0696 208820  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
09:20:57.0712 208820  KSecDD - ok
09:20:57.0743 208820  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
09:20:57.0743 208820  lanmanserver - ok
09:20:57.0774 208820  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:20:57.0774 208820  lanmanworkstation - ok
09:20:57.0774 208820  lbrtfdc - ok
09:20:57.0805 208820  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
09:20:57.0805 208820  LmHosts - ok
09:20:57.0884 208820  [ DABCB3AD9B60BFDA876CB4F6081E822F ] LMIGuardianSvc  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
09:20:57.0884 208820  LMIGuardianSvc - ok
09:20:57.0915 208820  [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049 ] LMIInfo         C:\Program Files\LogMeIn\x86\RaInfo.sys
09:20:57.0915 208820  LMIInfo - ok
09:20:57.0946 208820  [ AB73A7C8594ABE0A7418626F0E742F40 ] LMIMaint        C:\Program Files\LogMeIn\x86\RaMaint.exe
09:20:57.0946 208820  LMIMaint - ok
09:20:57.0977 208820  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr         C:\WINDOWS\system32\DRIVERS\lmimirr.sys
09:20:57.0977 208820  lmimirr - ok
09:20:57.0977 208820  LMIRfsClientNP - ok
09:20:57.0993 208820  [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver    C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
09:20:57.0993 208820  LMIRfsDriver - ok
09:20:58.0024 208820  [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn         C:\Program Files\LogMeIn\x86\LogMeIn.exe
09:20:58.0024 208820  LogMeIn - ok
09:20:58.0040 208820  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
09:20:58.0040 208820  Messenger - ok
09:20:58.0071 208820  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
09:20:58.0071 208820  mnmdd - ok
09:20:58.0087 208820  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
09:20:58.0102 208820  mnmsrvc - ok
09:20:58.0118 208820  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
09:20:58.0118 208820  Modem - ok
09:20:58.0133 208820  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:20:58.0133 208820  Mouclass - ok
09:20:58.0133 208820  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:20:58.0133 208820  mouhid - ok
09:20:58.0165 208820  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
09:20:58.0165 208820  MountMgr - ok
09:20:58.0212 208820  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:20:58.0212 208820  MozillaMaintenance - ok
09:20:58.0227 208820  [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys
09:20:58.0227 208820  MQAC - ok
09:20:58.0243 208820  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:20:58.0243 208820  mraid35x - ok
09:20:58.0274 208820  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:20:58.0274 208820  MRxDAV - ok
09:20:58.0305 208820  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:20:58.0305 208820  MRxSmb - ok
09:20:58.0337 208820  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
09:20:58.0337 208820  MSDTC - ok
09:20:58.0352 208820  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:20:58.0352 208820  Msfs - ok
09:20:58.0352 208820  MSIServer - ok
09:20:58.0368 208820  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:20:58.0368 208820  MSKSSRV - ok
09:20:58.0383 208820  [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] MSMQ            C:\WINDOWS\system32\mqsvc.exe
09:20:58.0383 208820  MSMQ - ok
09:20:58.0415 208820  [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] MSMQTriggers    C:\WINDOWS\system32\mqtgsvc.exe
09:20:58.0415 208820  MSMQTriggers - ok
09:20:58.0415 208820  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:20:58.0415 208820  MSPCLOCK - ok
09:20:58.0430 208820  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:20:58.0430 208820  MSPQM - ok
09:20:58.0446 208820  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:20:58.0446 208820  mssmbios - ok
09:20:58.0477 208820  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
09:20:58.0477 208820  Mup - ok
09:20:58.0540 208820  [ 1BF9D6476061B31CD7FC2BF848529A56 ] N360            C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
09:20:58.0540 208820  N360 - ok
09:20:58.0571 208820  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
09:20:58.0571 208820  napagent - ok
09:20:58.0649 208820  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130804.032\NAVENG.SYS
09:20:58.0649 208820  NAVENG - ok
09:20:58.0680 208820  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20130804.032\NAVEX15.SYS
09:20:58.0696 208820  NAVEX15 - ok
09:20:58.0727 208820  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
09:20:58.0743 208820  NDIS - ok
09:20:58.0774 208820  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:20:58.0774 208820  NdisTapi - ok
09:20:58.0805 208820  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:20:58.0805 208820  Ndisuio - ok
09:20:58.0805 208820  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:20:58.0821 208820  NdisWan - ok
09:20:58.0852 208820  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
09:20:58.0852 208820  NDProxy - ok
09:20:58.0883 208820  [ 284432E671F1AF6B09B81DA24D3ABCAE ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
09:20:58.0883 208820  Net Driver HPZ12 - ok
09:20:58.0883 208820  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:20:58.0883 208820  NetBIOS - ok
09:20:58.0899 208820  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
09:20:58.0899 208820  NetBT - ok
09:20:58.0915 208820  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
09:20:58.0930 208820  NetDDE - ok
09:20:58.0930 208820  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:20:58.0930 208820  NetDDEdsdm - ok
09:20:58.0946 208820  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
09:20:58.0946 208820  Netlogon - ok
09:20:58.0961 208820  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
09:20:58.0961 208820  Netman - ok
09:20:58.0993 208820  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:20:58.0993 208820  NetTcpPortSharing - ok
09:20:59.0024 208820  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
09:20:59.0024 208820  Nla - ok
09:20:59.0055 208820  [ 59194C84ACC776FD4B9A037030331E96 ] nlsX86cc        C:\WINDOWS\system32\NLSSRV32.EXE
09:20:59.0055 208820  nlsX86cc - ok
09:20:59.0086 208820  [ B9730495E0CF674680121E34BD95A73B ] NPF             C:\WINDOWS\system32\DRIVERS\npf.sys
09:20:59.0086 208820  NPF - ok
09:20:59.0118 208820  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:20:59.0118 208820  Npfs - ok
09:20:59.0133 208820  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:20:59.0149 208820  Ntfs - ok
09:20:59.0149 208820  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
09:20:59.0149 208820  NtLmSsp - ok
09:20:59.0180 208820  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
09:20:59.0180 208820  NtmsSvc - ok
09:20:59.0211 208820  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:20:59.0211 208820  Null - ok
09:20:59.0227 208820  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:20:59.0227 208820  NwlnkFlt - ok
09:20:59.0227 208820  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:20:59.0227 208820  NwlnkFwd - ok
09:20:59.0274 208820  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:20:59.0290 208820  ose - ok
09:20:59.0290 208820  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
09:20:59.0290 208820  Parport - ok
09:20:59.0321 208820  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
09:20:59.0336 208820  PartMgr - ok
09:20:59.0352 208820  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
09:20:59.0352 208820  ParVdm - ok
09:20:59.0352 208820  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
09:20:59.0352 208820  PCI - ok
09:20:59.0368 208820  PCIDump - ok
09:20:59.0368 208820  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
09:20:59.0368 208820  PCIIde - ok
09:20:59.0383 208820  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
09:20:59.0383 208820  Pcmcia - ok
09:20:59.0383 208820  PDCOMP - ok
09:20:59.0399 208820  PDFRAME - ok
09:20:59.0399 208820  PDRELI - ok
09:20:59.0399 208820  PDRFRAME - ok
09:20:59.0414 208820  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
09:20:59.0414 208820  perc2 - ok
09:20:59.0430 208820  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:20:59.0430 208820  perc2hib - ok
09:20:59.0430 208820  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
09:20:59.0430 208820  PlugPlay - ok
09:20:59.0446 208820  [ 4153912765F7F2DE2A5C9A241ABB03FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
09:20:59.0446 208820  Pml Driver HPZ12 - ok
09:20:59.0461 208820  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
09:20:59.0461 208820  PolicyAgent - ok
09:20:59.0493 208820  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:20:59.0493 208820  PptpMiniport - ok
09:20:59.0493 208820  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:20:59.0493 208820  ProtectedStorage - ok
09:20:59.0493 208820  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
09:20:59.0493 208820  PSched - ok
09:20:59.0539 208820  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:20:59.0539 208820  Ptilink - ok
09:20:59.0618 208820  [ 2631FC0676CC310B2E85FDE46B1560D9 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
09:20:59.0618 208820  QBCFMonitorService - ok
09:20:59.0649 208820  [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
09:20:59.0649 208820  QBFCService - ok
09:20:59.0664 208820  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:20:59.0664 208820  ql1080 - ok
09:20:59.0664 208820  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:20:59.0664 208820  Ql10wnt - ok
09:20:59.0664 208820  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:20:59.0664 208820  ql12160 - ok
09:20:59.0680 208820  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:20:59.0680 208820  ql1240 - ok
09:20:59.0680 208820  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:20:59.0680 208820  ql1280 - ok
09:20:59.0711 208820  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:20:59.0711 208820  RasAcd - ok
09:20:59.0743 208820  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
09:20:59.0743 208820  RasAuto - ok
09:20:59.0758 208820  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:20:59.0758 208820  Rasl2tp - ok
09:20:59.0805 208820  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:20:59.0805 208820  RasMan - ok
09:20:59.0821 208820  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:20:59.0821 208820  RasPppoe - ok
09:20:59.0821 208820  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
09:20:59.0821 208820  Raspti - ok
09:20:59.0836 208820  rcvpn - ok
09:20:59.0868 208820  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:20:59.0868 208820  Rdbss - ok
09:20:59.0868 208820  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:20:59.0868 208820  RDPCDD - ok
09:20:59.0883 208820  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:20:59.0883 208820  rdpdr - ok
09:20:59.0914 208820  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:20:59.0930 208820  RDPWD - ok
09:20:59.0946 208820  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
09:20:59.0946 208820  RDSessMgr - ok
09:20:59.0977 208820  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
09:20:59.0977 208820  redbook - ok
09:20:59.0992 208820  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:21:00.0008 208820  RemoteAccess - ok
09:21:00.0024 208820  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
09:21:00.0024 208820  RemoteRegistry - ok
09:21:00.0055 208820  [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:21:00.0055 208820  RimVSerPort - ok
09:21:00.0086 208820  [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST          C:\WINDOWS\system32\drivers\RMCast.sys
09:21:00.0086 208820  RMCAST - ok
09:21:00.0102 208820  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
09:21:00.0102 208820  ROOTMODEM - ok
09:21:00.0117 208820  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
09:21:00.0117 208820  RpcLocator - ok
09:21:00.0133 208820  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
09:21:00.0133 208820  RpcSs - ok
09:21:00.0164 208820  [ 0E11B35E972796042044BC27CE13B065 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
09:21:00.0164 208820  rspndr - ok
09:21:00.0180 208820  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
09:21:00.0180 208820  RSVP - ok
09:21:00.0211 208820  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
09:21:00.0211 208820  SamSs - ok
09:21:00.0227 208820  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
09:21:00.0242 208820  SCardSvr - ok
09:21:00.0258 208820  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:21:00.0258 208820  Schedule - ok
09:21:00.0289 208820  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:21:00.0289 208820  Secdrv - ok
09:21:00.0321 208820  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
09:21:00.0321 208820  seclogon - ok
09:21:00.0321 208820  senfilt - ok
09:21:00.0336 208820  SenFiltService - ok
09:21:00.0352 208820  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
09:21:00.0352 208820  SENS - ok
09:21:00.0367 208820  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
09:21:00.0367 208820  Serenum - ok
09:21:00.0367 208820  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
09:21:00.0367 208820  Serial - ok
09:21:00.0414 208820  [ B6401608579B6431994425BA7653F774 ] SFAUDIO         C:\WINDOWS\system32\drivers\sfaudio.sys
09:21:00.0414 208820  SFAUDIO - ok
09:21:00.0446 208820  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
09:21:00.0446 208820  Sfloppy - ok
09:21:00.0461 208820  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
09:21:00.0461 208820  SharedAccess - ok
09:21:00.0477 208820  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:21:00.0477 208820  ShellHWDetection - ok
09:21:00.0477 208820  Simbad - ok
09:21:00.0492 208820  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:21:00.0492 208820  sisagp - ok
09:21:00.0492 208820  smwdm - ok
09:21:00.0508 208820  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:21:00.0508 208820  Sparrow - ok
09:21:00.0539 208820  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
09:21:00.0539 208820  splitter - ok
09:21:00.0571 208820  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
09:21:00.0571 208820  Spooler - ok
09:21:00.0602 208820  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
09:21:00.0602 208820  sr - ok
09:21:00.0617 208820  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
09:21:00.0617 208820  srservice - ok
09:21:00.0680 208820  [ C743E384E9EFCA10B41C60D406DE39C0 ] SRTSP           C:\WINDOWS\system32\drivers\N360\1404000.028\SRTSP.SYS
09:21:00.0680 208820  SRTSP - ok
09:21:00.0695 208820  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\WINDOWS\system32\drivers\N360\1404000.028\SRTSPX.SYS
09:21:00.0695 208820  SRTSPX - ok
09:21:00.0727 208820  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
09:21:00.0742 208820  Srv - ok
09:21:00.0758 208820  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
09:21:00.0774 208820  SSDPSRV - ok
09:21:00.0805 208820  [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
09:21:00.0805 208820  StillCam - ok
09:21:00.0820 208820  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
09:21:00.0820 208820  stisvc - ok
09:21:00.0836 208820  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
09:21:00.0836 208820  swenum - ok
09:21:00.0867 208820  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
09:21:00.0867 208820  swmidi - ok
09:21:00.0867 208820  SwPrv - ok
09:21:00.0883 208820  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
09:21:00.0883 208820  symc810 - ok
09:21:00.0883 208820  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:21:00.0883 208820  symc8xx - ok
09:21:00.0930 208820  [ 5A193E5E0F0A776430E5D62A051C1E16 ] SymDS           C:\WINDOWS\system32\drivers\N360\1404000.028\SYMDS.SYS
09:21:00.0930 208820  SymDS - ok
09:21:01.0008 208820  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\WINDOWS\system32\drivers\N360\1404000.028\SYMEFA.SYS
09:21:01.0008 208820  SymEFA - ok
09:21:01.0039 208820  [ F50D81D3E0C7A353F205562B89CD06D6 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
09:21:01.0039 208820  SymEvent - ok
09:21:01.0070 208820  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\WINDOWS\system32\drivers\N360\1404000.028\Ironx86.SYS
09:21:01.0070 208820  SymIRON - ok
09:21:01.0117 208820  [ E9C316262C48BF299E02FC8B1CE2B925 ] SYMTDI          C:\WINDOWS\system32\drivers\N360\1404000.028\SYMTDI.SYS
09:21:01.0117 208820  SYMTDI - ok
09:21:01.0149 208820  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:21:01.0149 208820  sym_hi - ok
09:21:01.0149 208820  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:21:01.0149 208820  sym_u3 - ok
09:21:01.0180 208820  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
09:21:01.0195 208820  sysaudio - ok
09:21:01.0211 208820  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
09:21:01.0211 208820  SysmonLog - ok
09:21:01.0227 208820  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
09:21:01.0227 208820  TapiSrv - ok
09:21:01.0242 208820  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:21:01.0242 208820  Tcpip - ok
09:21:01.0273 208820  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
09:21:01.0273 208820  TDPIPE - ok
09:21:01.0289 208820  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
09:21:01.0289 208820  TDTCP - ok
09:21:01.0289 208820  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
09:21:01.0289 208820  TermDD - ok
09:21:01.0320 208820  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
09:21:01.0336 208820  TermService - ok
09:21:01.0336 208820  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
09:21:01.0336 208820  Themes - ok
09:21:01.0367 208820  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
09:21:01.0367 208820  TlntSvr - ok
09:21:01.0383 208820  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
09:21:01.0383 208820  TosIde - ok
09:21:01.0398 208820  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
09:21:01.0398 208820  TrkWks - ok
09:21:01.0414 208820  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
09:21:01.0414 208820  Udfs - ok
09:21:01.0430 208820  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
09:21:01.0430 208820  ultra - ok
09:21:01.0461 208820  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
09:21:01.0461 208820  Update - ok
09:21:01.0492 208820  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:21:01.0492 208820  upnphost - ok
09:21:01.0508 208820  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
09:21:01.0508 208820  UPS - ok
09:21:01.0523 208820  [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
09:21:01.0523 208820  USBAAPL - ok
09:21:01.0555 208820  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:21:01.0555 208820  usbccgp - ok
09:21:01.0555 208820  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:21:01.0555 208820  usbehci - ok
09:21:01.0570 208820  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:21:01.0570 208820  usbhub - ok
09:21:01.0586 208820  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:21:01.0586 208820  usbprint - ok
09:21:01.0602 208820  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:21:01.0602 208820  usbscan - ok
09:21:01.0617 208820  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:21:01.0617 208820  USBSTOR - ok
09:21:01.0648 208820  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:21:01.0648 208820  usbuhci - ok
09:21:01.0664 208820  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
09:21:01.0664 208820  VgaSave - ok
09:21:01.0680 208820  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:21:01.0680 208820  viaagp - ok
09:21:01.0695 208820  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
09:21:01.0695 208820  ViaIde - ok
09:21:01.0695 208820  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
09:21:01.0695 208820  VolSnap - ok
09:21:01.0727 208820  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
09:21:01.0727 208820  VSS - ok
09:21:01.0742 208820  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
09:21:01.0742 208820  W32Time - ok
09:21:01.0758 208820  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:21:01.0758 208820  Wanarp - ok
09:21:01.0758 208820  WDICA - ok
09:21:01.0789 208820  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
09:21:01.0789 208820  wdmaud - ok
09:21:01.0805 208820  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
09:21:01.0805 208820  WebClient - ok
09:21:01.0867 208820  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
09:21:01.0867 208820  winmgmt - ok
09:21:01.0883 208820  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
09:21:01.0883 208820  WmdmPmSN - ok
09:21:01.0930 208820  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
09:21:01.0945 208820  Wmi - ok
09:21:01.0976 208820  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:21:01.0976 208820  WmiAcpi - ok
09:21:01.0992 208820  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:21:01.0992 208820  WmiApSrv - ok
09:21:02.0055 208820  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
09:21:02.0070 208820  WMPNetworkSvc - ok
09:21:02.0148 208820  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:21:02.0164 208820  WPFFontCache_v0400 - ok
09:21:02.0195 208820  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
09:21:02.0211 208820  wscsvc - ok
09:21:02.0273 208820  [ D161D62AE8D3F3EC1197B012D5E47431 ] WSWNDA3100v2    C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
09:21:02.0273 208820  WSWNDA3100v2 - ok
09:21:02.0305 208820  [ B72508649DAD03BCB5D708EDB1E3E57E ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
09:21:02.0305 208820  wuauserv - ok
09:21:02.0336 208820  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:21:02.0336 208820  WudfPf - ok
09:21:02.0336 208820  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:21:02.0336 208820  WudfRd - ok
09:21:02.0351 208820  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
09:21:02.0351 208820  WudfSvc - ok
09:21:02.0383 208820  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:21:02.0383 208820  WZCSVC - ok
09:21:02.0398 208820  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
09:21:02.0398 208820  xmlprov - ok
09:21:02.0414 208820  ================ Scan global ===============================
09:21:02.0430 208820  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:21:02.0461 208820  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
09:21:02.0476 208820  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
09:21:02.0476 208820  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:21:02.0476 208820  [Global] - ok
09:21:02.0476 208820  ================ Scan MBR ==================================
09:21:02.0508 208820  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:21:02.0742 208820  \Device\Harddisk0\DR0 - ok
09:21:02.0742 208820  ================ Scan VBR ==================================
09:21:02.0742 208820  [ 90F43345D2187B0F75370E6F0DCEC885 ] \Device\Harddisk0\DR0\Partition1
09:21:02.0758 208820  \Device\Harddisk0\DR0\Partition1 - ok
09:21:02.0758 208820  ============================================================
09:21:02.0758 208820  Scan finished
09:21:02.0758 208820  ============================================================
09:21:02.0758 206892  Detected object count: 0
09:21:02.0758 206892  Actual detected object count: 0
 



#12 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 PM

Posted 05 August 2013 - 09:25 AM

Proceed with ESET (step 3).


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#13 inthemood

inthemood
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 05 August 2013 - 10:43 AM

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ryna1erp.default\extensions\dpukykkjkf@dpukykkjkf.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan
C:\Documents and Settings\LogMeInRemoteUser\Application Data\Mozilla\Firefox\Profiles\ryna1erp.default\extensions\dpukykkjkf@dpukykkjkf.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan
C:\Documents and Settings\sysadmin\Application Data\Mozilla\Firefox\Profiles\ryna1erp.default\extensions\dpukykkjkf@dpukykkjkf.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan
C:\Documents and Settings\useradmin\Application Data\Mozilla\Firefox\Profiles\ryna1erp.default\extensions\dpukykkjkf@dpukykkjkf.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan
C:\RECYCLER\S-1-5-21-600431266-3748241440-1411249840-1071\Dc212\extensions\dpukykkjkf@dpukykkjkf.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan
C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\ryna1erp.default\extensions\dpukykkjkf@dpukykkjkf.org.xpi    Win32/TrojanDownloader.Tracur.AD.Gen trojan
 



#14 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 PM

Posted 05 August 2013 - 02:33 PM

You can see, there are some extensions infected. Remove them from Firefox.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#15 inthemood

inthemood
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 06 August 2013 - 08:36 AM

I went to: Tools, add-on manager, Extensions and they are not listed on there. Where else would I be able to remove them?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users