Jump to content

LenardFleming

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Alrighty then, thanks once more for the help! BTW, just because I'm not to swift on all of this, what do you think it was? The alerts kept saying that MWB had "Blocked Access to a [potentialy] malicious website - as if my machine wass placing the call, and meantioned "TCPSVCS.EXE" along with the IP address. I'd just like to know what to look for in the future.
  2. Well something seems to be working...not sure which step did it, probably a bit of all. The alerts have stopped comming in a mad rush...haven't noticed any in some time now, since we began this process....Will re-run ComboFix and post log file here ASAP. Thanks again.
  3. 14:02:08.0193 5176 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 14:02:08.0974 5176 ============================================================ 14:02:08.0974 5176 Current date / time: 2012/05/14 14:02:08.0974 14:02:08.0974 5176 SystemInfo: 14:02:08.0974 5176 14:02:08.0974 5176 OS Version: 6.1.7601 ServicePack: 1.0 14:02:08.0974 5176 Product type: Workstation 14:02:08.0974 5176 ComputerName: SERENITY 14:02:08.0974 5176 UserName: Lenard 14:02:08.0974 5176 Windows directory: C:\Windows 14:02:08.0974 5176 System windows directory: C:\Windows 14:02:08.0974 5176 Processor architecture: Intel x86 14:02:08.0974 5176 Number of processors: 2 14:02:08.0974 5176 Page size: 0x1000 14:02:08.0974 5176 Boot type: Normal boot 14:02:08.0974 5176 ============================================================ 14:02:11.0958 5176 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:02:11.0974 5176 ============================================================ 14:02:11.0974 5176 \Device\Harddisk0\DR0: 14:02:11.0974 5176 MBR partitions: 14:02:11.0974 5176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1398600 14:02:11.0974 5176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139863F, BlocksNum 0x2D59F682 14:02:11.0974 5176 ============================================================ 14:02:12.0005 5176 C: <-> \Device\Harddisk0\DR0\Partition1 14:02:12.0021 5176 D: <-> \Device\Harddisk0\DR0\Partition0 14:02:12.0021 5176 ============================================================ 14:02:12.0021 5176 Initialize success 14:02:12.0021 5176 ============================================================ 14:02:17.0771 4400 ============================================================ 14:02:17.0771 4400 Scan started 14:02:17.0771 4400 Mode: Manual; SigCheck; TDLFS; 14:02:17.0771 4400 ============================================================ 14:02:20.0115 4400 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 14:02:20.0302 4400 1394ohci - ok 14:02:20.0333 4400 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 14:02:20.0365 4400 ACPI - ok 14:02:20.0412 4400 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 14:02:20.0505 4400 AcpiPmi - ok 14:02:20.0599 4400 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 14:02:20.0615 4400 AdobeARMservice - ok 14:02:20.0693 4400 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 14:02:20.0708 4400 AdobeFlashPlayerUpdateSvc - ok 14:02:20.0771 4400 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys 14:02:20.0787 4400 adp94xx - ok 14:02:20.0833 4400 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys 14:02:20.0849 4400 adpahci - ok 14:02:20.0865 4400 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys 14:02:20.0896 4400 adpu320 - ok 14:02:20.0912 4400 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 14:02:21.0052 4400 AeLookupSvc - ok 14:02:21.0099 4400 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 14:02:21.0162 4400 AFD - ok 14:02:21.0177 4400 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 14:02:21.0208 4400 agp440 - ok 14:02:21.0240 4400 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys 14:02:21.0255 4400 aic78xx - ok 14:02:21.0302 4400 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 14:02:21.0365 4400 ALG - ok 14:02:21.0380 4400 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 14:02:21.0412 4400 aliide - ok 14:02:21.0458 4400 AMD External Events Utility (f970ea885aefeb1b9eb97ca7f1eb226d) C:\Windows\system32\atiesrxx.exe 14:02:21.0521 4400 AMD External Events Utility - ok 14:02:21.0552 4400 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 14:02:21.0568 4400 amdagp - ok 14:02:21.0583 4400 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 14:02:21.0615 4400 amdide - ok 14:02:21.0646 4400 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys 14:02:21.0677 4400 AmdK8 - ok 14:02:22.0068 4400 amdkmdag (ab70f110143892eb41aa46500aa5cf00) C:\Windows\system32\DRIVERS\atikmdag.sys 14:02:22.0380 4400 amdkmdag - ok 14:02:22.0474 4400 amdkmdap (32d68d05b871eed5572d0c2c764ea4ec) C:\Windows\system32\DRIVERS\atikmpag.sys 14:02:22.0537 4400 amdkmdap - ok 14:02:22.0568 4400 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys 14:02:22.0599 4400 AmdPPM - ok 14:02:22.0708 4400 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 14:02:22.0755 4400 amdsata - ok 14:02:23.0068 4400 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys 14:02:23.0115 4400 amdsbs - ok 14:02:23.0200 4400 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 14:02:23.0235 4400 amdxata - ok 14:02:23.0493 4400 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll 14:02:23.0696 4400 AppHostSvc - ok 14:02:23.0829 4400 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 14:02:23.0875 4400 AppID - ok 14:02:23.0907 4400 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 14:02:23.0969 4400 AppIDSvc - ok 14:02:23.0985 4400 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 14:02:24.0047 4400 Appinfo - ok 14:02:24.0422 4400 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:02:24.0485 4400 Apple Mobile Device - ok 14:02:24.0719 4400 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys 14:02:24.0750 4400 arc - ok 14:02:24.0813 4400 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys 14:02:24.0860 4400 arcsas - ok 14:02:25.0157 4400 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 14:02:25.0235 4400 aspnet_state - ok 14:02:25.0282 4400 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 14:02:26.0000 4400 AsyncMac - ok 14:02:26.0141 4400 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 14:02:26.0157 4400 atapi - ok 14:02:26.0250 4400 atashost (da1b3ad3b06d5ded23f8e1a806731809) C:\Windows\system32\atashost.exe 14:02:26.0297 4400 atashost - ok 14:02:26.0469 4400 AtiHdmiService (f48d470154cc58cd6520771464fbec3f) C:\Windows\system32\drivers\AtiHdmi.sys 14:02:26.0579 4400 AtiHdmiService - ok 14:02:26.0938 4400 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 14:02:26.0985 4400 AudioEndpointBuilder - ok 14:02:27.0000 4400 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 14:02:27.0032 4400 Audiosrv - ok 14:02:27.0188 4400 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 14:02:27.0375 4400 AxInstSV - ok 14:02:27.0735 4400 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys 14:02:27.0829 4400 b06bdrv - ok 14:02:27.0922 4400 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 14:02:27.0969 4400 b57nd60x - ok 14:02:28.0079 4400 BBSvc (c68ef736cb6e92e885b9a085536b8c6f) C:\Program Files\Microsoft\BingBar\7.1.352.0\BBSvc.exe 14:02:28.0110 4400 BBSvc - ok 14:02:28.0125 4400 BBUpdate (d4b0ee780cf3c1918a8ff65865d3b91f) C:\Program Files\Microsoft\BingBar\7.1.352.0\SeaPort.exe 14:02:28.0172 4400 BBUpdate - ok 14:02:28.0204 4400 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 14:02:28.0235 4400 BcmSqlStartupSvc - ok 14:02:28.0266 4400 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 14:02:28.0329 4400 BDESVC - ok 14:02:28.0360 4400 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 14:02:28.0407 4400 Beep - ok 14:02:28.0469 4400 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 14:02:28.0516 4400 BFE - ok 14:02:28.0704 4400 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120507.001\BHDrvx86.sys 14:02:28.0750 4400 BHDrvx86 - ok 14:02:28.0844 4400 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll 14:02:28.0922 4400 BITS - ok 14:02:28.0954 4400 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 14:02:29.0000 4400 blbdrive - ok 14:02:29.0063 4400 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 14:02:29.0094 4400 Bonjour Service - ok 14:02:29.0141 4400 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 14:02:29.0204 4400 bowser - ok 14:02:29.0235 4400 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys 14:02:29.0266 4400 BrFiltLo - ok 14:02:29.0282 4400 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys 14:02:29.0329 4400 BrFiltUp - ok 14:02:29.0360 4400 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys 14:02:29.0422 4400 BridgeMP - ok 14:02:29.0454 4400 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 14:02:29.0500 4400 Browser - ok 14:02:29.0547 4400 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 14:02:29.0641 4400 Brserid - ok 14:02:29.0657 4400 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 14:02:29.0688 4400 BrSerWdm - ok 14:02:29.0704 4400 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:02:29.0735 4400 BrUsbMdm - ok 14:02:29.0750 4400 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 14:02:29.0797 4400 BrUsbSer - ok 14:02:29.0829 4400 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys 14:02:29.0907 4400 BTCFilterService - ok 14:02:29.0922 4400 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys 14:02:29.0969 4400 BTHMODEM - ok 14:02:30.0000 4400 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 14:02:30.0047 4400 bthserv - ok 14:02:30.0125 4400 catchme - ok 14:02:30.0219 4400 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602000.009\ccSetx86.sys 14:02:30.0235 4400 ccSet_N360 - ok 14:02:30.0297 4400 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 14:02:30.0329 4400 cdfs - ok 14:02:30.0391 4400 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 14:02:30.0422 4400 cdrom - ok 14:02:30.0454 4400 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 14:02:30.0500 4400 CertPropSvc - ok 14:02:30.0516 4400 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys 14:02:30.0547 4400 circlass - ok 14:02:30.0563 4400 CISVC (3e2afafa158c9ed670c106842bdcc81e) C:\Windows\system32\CISVC.EXE 14:02:30.0610 4400 CISVC - ok 14:02:30.0641 4400 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 14:02:30.0657 4400 CLFS - ok 14:02:30.0735 4400 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:02:30.0750 4400 clr_optimization_v2.0.50727_32 - ok 14:02:30.0813 4400 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:02:30.0860 4400 clr_optimization_v4.0.30319_32 - ok 14:02:30.0875 4400 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys 14:02:30.0907 4400 CmBatt - ok 14:02:30.0922 4400 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 14:02:30.0954 4400 cmdide - ok 14:02:30.0985 4400 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 14:02:31.0032 4400 CNG - ok 14:02:31.0032 4400 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys 14:02:31.0047 4400 Compbatt - ok 14:02:31.0094 4400 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys 14:02:31.0125 4400 CompositeBus - ok 14:02:31.0141 4400 COMSysApp - ok 14:02:31.0172 4400 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys 14:02:31.0188 4400 crcdisk - ok 14:02:31.0250 4400 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 14:02:31.0282 4400 CryptSvc - ok 14:02:31.0313 4400 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 14:02:31.0360 4400 DcomLaunch - ok 14:02:31.0391 4400 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 14:02:31.0438 4400 defragsvc - ok 14:02:31.0469 4400 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 14:02:31.0516 4400 DfsC - ok 14:02:31.0579 4400 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 14:02:31.0625 4400 Dhcp - ok 14:02:31.0672 4400 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 14:02:31.0719 4400 discache - ok 14:02:31.0750 4400 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys 14:02:31.0766 4400 Disk - ok 14:02:31.0907 4400 DiskDoctorService (7c85cc5570bf718d2b9ad9f53b1b5b55) C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe 14:02:31.0938 4400 DiskDoctorService - ok 14:02:31.0969 4400 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 14:02:32.0000 4400 Dnscache - ok 14:02:32.0032 4400 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 14:02:32.0079 4400 dot3svc - ok 14:02:32.0125 4400 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys 14:02:32.0172 4400 Dot4 - ok 14:02:32.0204 4400 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys 14:02:32.0235 4400 Dot4Print - ok 14:02:32.0235 4400 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys 14:02:32.0266 4400 dot4usb - ok 14:02:32.0282 4400 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 14:02:32.0329 4400 DPS - ok 14:02:32.0375 4400 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 14:02:32.0391 4400 drmkaud - ok 14:02:32.0454 4400 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 14:02:32.0485 4400 DXGKrnl - ok 14:02:32.0500 4400 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 14:02:32.0547 4400 EapHost - ok 14:02:32.0688 4400 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys 14:02:32.0797 4400 ebdrv - ok 14:02:32.0875 4400 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 14:02:32.0907 4400 eeCtrl - ok 14:02:32.0985 4400 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 14:02:33.0063 4400 EFS - ok 14:02:33.0110 4400 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 14:02:33.0157 4400 ehRecvr - ok 14:02:33.0172 4400 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 14:02:33.0204 4400 ehSched - ok 14:02:33.0266 4400 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys 14:02:33.0297 4400 elxstor - ok 14:02:33.0391 4400 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 14:02:33.0422 4400 EraserUtilRebootDrv - ok 14:02:33.0438 4400 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 14:02:33.0469 4400 ErrDev - ok 14:02:33.0516 4400 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 14:02:33.0563 4400 EventSystem - ok 14:02:33.0594 4400 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 14:02:33.0625 4400 exfat - ok 14:02:33.0657 4400 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 14:02:33.0704 4400 fastfat - ok 14:02:33.0766 4400 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 14:02:33.0844 4400 Fax - ok 14:02:33.0860 4400 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys 14:02:33.0891 4400 fdc - ok 14:02:33.0907 4400 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 14:02:33.0954 4400 fdPHost - ok 14:02:33.0985 4400 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 14:02:34.0016 4400 FDResPub - ok 14:02:34.0047 4400 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 14:02:34.0063 4400 FileInfo - ok 14:02:34.0079 4400 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 14:02:34.0125 4400 Filetrace - ok 14:02:34.0141 4400 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys 14:02:34.0172 4400 flpydisk - ok 14:02:34.0266 4400 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 14:02:34.0282 4400 FltMgr - ok 14:02:34.0407 4400 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 14:02:34.0500 4400 FontCache - ok 14:02:34.0579 4400 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 14:02:34.0594 4400 FontCache3.0.0.0 - ok 14:02:34.0610 4400 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 14:02:34.0641 4400 FsDepends - ok 14:02:34.0657 4400 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 14:02:34.0688 4400 Fs_Rec - ok 14:02:34.0735 4400 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 14:02:34.0750 4400 fvevol - ok 14:02:34.0782 4400 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys 14:02:34.0813 4400 gagp30kx - ok 14:02:34.0829 4400 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:02:34.0844 4400 GEARAspiWDM - ok 14:02:34.0875 4400 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 14:02:34.0938 4400 gpsvc - ok 14:02:35.0016 4400 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 14:02:35.0032 4400 gusvc - ok 14:02:35.0047 4400 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 14:02:35.0094 4400 hcw85cir - ok 14:02:35.0157 4400 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 14:02:35.0204 4400 HdAudAddService - ok 14:02:35.0250 4400 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:02:35.0266 4400 HDAudBus - ok 14:02:35.0297 4400 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys 14:02:35.0313 4400 HidBatt - ok 14:02:35.0329 4400 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys 14:02:35.0375 4400 HidBth - ok 14:02:35.0407 4400 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys 14:02:35.0422 4400 HidIr - ok 14:02:35.0454 4400 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll 14:02:35.0500 4400 hidserv - ok 14:02:35.0547 4400 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 14:02:35.0579 4400 HidUsb - ok 14:02:35.0594 4400 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 14:02:35.0625 4400 hkmsvc - ok 14:02:35.0641 4400 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 14:02:35.0704 4400 HomeGroupListener - ok 14:02:35.0719 4400 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 14:02:35.0766 4400 HomeGroupProvider - ok 14:02:35.0860 4400 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 14:02:35.0875 4400 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 14:02:35.0875 4400 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 14:02:35.0969 4400 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 14:02:36.0000 4400 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 14:02:36.0000 4400 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 14:02:36.0032 4400 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 14:02:36.0047 4400 HpSAMD - ok 14:02:36.0125 4400 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys 14:02:36.0204 4400 HSF_DPV - ok 14:02:36.0219 4400 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys 14:02:36.0266 4400 HSXHWBS2 - ok 14:02:36.0329 4400 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 14:02:36.0360 4400 HTTP - ok 14:02:36.0375 4400 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 14:02:36.0391 4400 hwpolicy - ok 14:02:36.0422 4400 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 14:02:36.0454 4400 i8042prt - ok 14:02:36.0516 4400 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 14:02:36.0547 4400 iaStorV - ok 14:02:36.0641 4400 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 14:02:36.0672 4400 IDriverT ( UnsignedFile.Multi.Generic ) - warning 14:02:36.0672 4400 IDriverT - detected UnsignedFile.Multi.Generic (1) 14:02:36.0782 4400 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:02:36.0829 4400 idsvc - ok 14:02:36.0969 4400 IDSVix86 (f9069ce7a7b9f9ba75d009b0ce3d7601) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120511.001\IDSvix86.sys 14:02:37.0000 4400 IDSVix86 - ok 14:02:37.0079 4400 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys 14:02:37.0110 4400 iirsp - ok 14:02:37.0172 4400 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 14:02:37.0250 4400 IKEEXT - ok 14:02:37.0375 4400 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys 14:02:37.0422 4400 IntcAzAudAddService - ok 14:02:37.0532 4400 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 14:02:37.0563 4400 intelide - ok 14:02:37.0594 4400 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 14:02:37.0625 4400 intelppm - ok 14:02:37.0657 4400 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 14:02:37.0688 4400 IPBusEnum - ok 14:02:37.0704 4400 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:02:37.0750 4400 IpFilterDriver - ok 14:02:37.0797 4400 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 14:02:37.0844 4400 iphlpsvc - ok 14:02:37.0875 4400 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 14:02:37.0891 4400 IPMIDRV - ok 14:02:37.0922 4400 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 14:02:37.0969 4400 IPNAT - ok 14:02:38.0063 4400 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe 14:02:38.0110 4400 iPod Service - ok 14:02:38.0141 4400 iprip (72dd56197db4af4de203efe0d9e5901e) C:\Windows\System32\iprip.dll 14:02:38.0172 4400 iprip - ok 14:02:38.0297 4400 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 14:02:38.0344 4400 IRENUM - ok 14:02:38.0391 4400 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 14:02:38.0422 4400 isapnp - ok 14:02:38.0610 4400 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 14:02:38.0657 4400 iScsiPrt - ok 14:02:38.0766 4400 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 14:02:38.0797 4400 kbdclass - ok 14:02:38.0907 4400 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 14:02:38.0954 4400 kbdhid - ok 14:02:39.0032 4400 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 14:02:39.0063 4400 KeyIso - ok 14:02:39.0094 4400 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 14:02:39.0125 4400 KSecDD - ok 14:02:39.0157 4400 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 14:02:39.0172 4400 KSecPkg - ok 14:02:39.0219 4400 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 14:02:39.0266 4400 KtmRm - ok 14:02:39.0360 4400 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll 14:02:39.0422 4400 LanmanServer - ok 14:02:39.0454 4400 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 14:02:39.0500 4400 LanmanWorkstation - ok 14:02:39.0547 4400 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 14:02:39.0594 4400 lltdio - ok 14:02:39.0610 4400 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 14:02:39.0657 4400 lltdsvc - ok 14:02:39.0672 4400 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 14:02:39.0719 4400 lmhosts - ok 14:02:39.0750 4400 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys 14:02:39.0782 4400 LSI_FC - ok 14:02:39.0813 4400 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys 14:02:39.0844 4400 LSI_SAS - ok 14:02:39.0860 4400 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys 14:02:39.0875 4400 LSI_SAS2 - ok 14:02:39.0907 4400 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys 14:02:39.0922 4400 LSI_SCSI - ok 14:02:39.0938 4400 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 14:02:40.0000 4400 luafv - ok 14:02:40.0016 4400 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 14:02:40.0032 4400 MBAMProtector - ok 14:02:40.0125 4400 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 14:02:40.0157 4400 MBAMService - ok 14:02:40.0219 4400 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 14:02:40.0313 4400 Mcx2Svc - ok 14:02:40.0360 4400 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 14:02:40.0422 4400 mdmxsdk - ok 14:02:40.0547 4400 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys 14:02:40.0594 4400 megasas - ok 14:02:40.0782 4400 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys 14:02:40.0813 4400 MegaSR - ok 14:02:40.0985 4400 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 14:02:41.0000 4400 Microsoft Office Groove Audit Service - ok 14:02:41.0063 4400 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 14:02:41.0125 4400 MMCSS - ok 14:02:41.0157 4400 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 14:02:41.0219 4400 Modem - ok 14:02:41.0282 4400 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 14:02:41.0313 4400 monitor - ok 14:02:41.0344 4400 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\Windows\system32\Drivers\motoandroid.sys 14:02:41.0438 4400 motandroidusb - ok 14:02:41.0469 4400 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\Windows\system32\DRIVERS\motccgp.sys 14:02:41.0532 4400 motccgp - ok 14:02:41.0563 4400 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys 14:02:41.0610 4400 motccgpfl - ok 14:02:41.0625 4400 motmodem (69814acd50a9d6d28296050ef6215d46) C:\Windows\system32\DRIVERS\motmodem.sys 14:02:41.0704 4400 motmodem - ok 14:02:41.0719 4400 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys 14:02:41.0735 4400 MotoSwitchService - ok 14:02:41.0750 4400 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys 14:02:41.0782 4400 Motousbnet - ok 14:02:41.0813 4400 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 14:02:41.0829 4400 mouclass - ok 14:02:41.0860 4400 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 14:02:41.0891 4400 mouhid - ok 14:02:41.0907 4400 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 14:02:41.0922 4400 mountmgr - ok 14:02:41.0985 4400 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 14:02:42.0032 4400 MozillaMaintenance - ok 14:02:42.0079 4400 mozyprobackup (bfef4138a016fab92f6d255416a9c967) C:\Program Files\MozyPro\mozyprobackup.exe 14:02:42.0094 4400 mozyprobackup - ok 14:02:42.0125 4400 mozyproFilter (7f4e5e7bbae245616c28a53b94dd7ddb) C:\Windows\system32\DRIVERS\mozypro.sys 14:02:42.0141 4400 mozyproFilter - ok 14:02:42.0157 4400 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 14:02:42.0188 4400 mpio - ok 14:02:42.0219 4400 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 14:02:42.0250 4400 mpsdrv - ok 14:02:42.0313 4400 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 14:02:42.0360 4400 MpsSvc - ok 14:02:42.0375 4400 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 14:02:42.0422 4400 MRxDAV - ok 14:02:42.0469 4400 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:02:42.0516 4400 mrxsmb - ok 14:02:42.0532 4400 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:02:42.0563 4400 mrxsmb10 - ok 14:02:42.0579 4400 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:02:42.0610 4400 mrxsmb20 - ok 14:02:42.0625 4400 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 14:02:42.0657 4400 msahci - ok 14:02:42.0672 4400 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 14:02:42.0688 4400 msdsm - ok 14:02:42.0719 4400 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 14:02:42.0750 4400 MSDTC - ok 14:02:42.0782 4400 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 14:02:42.0813 4400 Msfs - ok 14:02:42.0829 4400 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 14:02:42.0875 4400 mshidkmdf - ok 14:02:42.0891 4400 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 14:02:42.0907 4400 msisadrv - ok 14:02:42.0938 4400 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 14:02:43.0000 4400 MSiSCSI - ok 14:02:43.0000 4400 msiserver - ok 14:02:43.0047 4400 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 14:02:43.0094 4400 MSKSSRV - ok 14:02:43.0125 4400 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 14:02:43.0188 4400 MSPCLOCK - ok 14:02:43.0204 4400 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 14:02:43.0235 4400 MSPQM - ok 14:02:43.0266 4400 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 14:02:43.0282 4400 MsRPC - ok 14:02:43.0297 4400 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 14:02:43.0313 4400 mssmbios - ok 14:02:43.0375 4400 MSSQL$MSSMLBIZ - ok 14:02:43.0391 4400 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 14:02:43.0422 4400 MSSQLServerADHelper - ok 14:02:43.0454 4400 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 14:02:43.0485 4400 MSTEE - ok 14:02:43.0516 4400 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys 14:02:43.0547 4400 MTConfig - ok 14:02:43.0563 4400 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 14:02:43.0579 4400 Mup - ok 14:02:43.0625 4400 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe 14:02:43.0657 4400 N360 - ok 14:02:43.0688 4400 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 14:02:43.0735 4400 napagent - ok 14:02:43.0782 4400 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 14:02:43.0829 4400 NativeWifiP - ok 14:02:44.0016 4400 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120513.007\NAVENG.SYS 14:02:44.0032 4400 NAVENG - ok 14:02:44.0125 4400 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120513.007\NAVEX15.SYS 14:02:44.0188 4400 NAVEX15 - ok 14:02:44.0313 4400 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 14:02:44.0360 4400 NDIS - ok 14:02:44.0375 4400 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 14:02:44.0422 4400 NdisCap - ok 14:02:44.0454 4400 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 14:02:44.0516 4400 NdisTapi - ok 14:02:44.0532 4400 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 14:02:44.0579 4400 Ndisuio - ok 14:02:44.0610 4400 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 14:02:44.0657 4400 NdisWan - ok 14:02:44.0657 4400 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 14:02:44.0688 4400 NDProxy - ok 14:02:44.0719 4400 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 14:02:44.0782 4400 NetBIOS - ok 14:02:44.0797 4400 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 14:02:44.0844 4400 NetBT - ok 14:02:44.0860 4400 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 14:02:44.0875 4400 Netlogon - ok 14:02:44.0938 4400 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 14:02:44.0969 4400 Netman - ok 14:02:45.0063 4400 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 14:02:45.0094 4400 NetMsmqActivator - ok 14:02:45.0094 4400 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 14:02:45.0125 4400 NetPipeActivator - ok 14:02:45.0172 4400 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 14:02:45.0235 4400 netprofm - ok 14:02:45.0250 4400 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 14:02:45.0266 4400 NetTcpActivator - ok 14:02:45.0266 4400 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 14:02:45.0282 4400 NetTcpPortSharing - ok 14:02:45.0329 4400 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys 14:02:45.0344 4400 nfrd960 - ok 14:02:45.0375 4400 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 14:02:45.0422 4400 NlaSvc - ok 14:02:45.0438 4400 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 14:02:45.0485 4400 Npfs - ok 14:02:45.0500 4400 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 14:02:45.0547 4400 nsi - ok 14:02:45.0563 4400 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 14:02:45.0610 4400 nsiproxy - ok 14:02:45.0688 4400 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 14:02:45.0750 4400 Ntfs - ok 14:02:45.0844 4400 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 14:02:45.0891 4400 Null - ok 14:02:45.0922 4400 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 14:02:45.0954 4400 nvraid - ok 14:02:45.0985 4400 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 14:02:46.0016 4400 nvstor - ok 14:02:46.0032 4400 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 14:02:46.0047 4400 nv_agp - ok 14:02:46.0125 4400 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:02:46.0157 4400 odserv - ok 14:02:46.0235 4400 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 14:02:46.0282 4400 ohci1394 - ok 14:02:46.0329 4400 ose (067db5b067722997fcafe1858163d411) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:02:46.0344 4400 ose - ok 14:02:46.0391 4400 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 14:02:46.0469 4400 p2pimsvc - ok 14:02:46.0516 4400 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 14:02:46.0532 4400 p2psvc - ok 14:02:46.0594 4400 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 14:02:46.0610 4400 Parport - ok 14:02:46.0657 4400 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys 14:02:46.0672 4400 partmgr - ok 14:02:46.0688 4400 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 14:02:46.0719 4400 Parvdm - ok 14:02:46.0750 4400 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 14:02:46.0782 4400 PcaSvc - ok 14:02:46.0797 4400 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 14:02:46.0829 4400 pci - ok 14:02:46.0844 4400 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 14:02:46.0860 4400 pciide - ok 14:02:46.0891 4400 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys 14:02:46.0922 4400 pcmcia - ok 14:02:46.0922 4400 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 14:02:46.0954 4400 pcw - ok 14:02:47.0000 4400 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 14:02:47.0047 4400 PEAUTH - ok 14:02:47.0141 4400 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 14:02:47.0219 4400 pla - ok 14:02:47.0313 4400 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 14:02:47.0375 4400 PlugPlay - ok 14:02:47.0407 4400 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 14:02:47.0438 4400 PNRPAutoReg - ok 14:02:47.0454 4400 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 14:02:47.0485 4400 PNRPsvc - ok 14:02:47.0516 4400 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 14:02:47.0563 4400 PolicyAgent - ok 14:02:47.0594 4400 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 14:02:47.0625 4400 Power - ok 14:02:47.0672 4400 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 14:02:47.0735 4400 PptpMiniport - ok 14:02:47.0750 4400 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys 14:02:47.0766 4400 Processor - ok 14:02:47.0797 4400 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 14:02:47.0829 4400 ProfSvc - ok 14:02:47.0844 4400 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 14:02:47.0875 4400 ProtectedStorage - ok 14:02:47.0907 4400 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 14:02:47.0954 4400 Psched - ok 14:02:48.0016 4400 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\Windows\system32\Drivers\pssdk42.sys 14:02:48.0032 4400 PSSDK42 - ok 14:02:48.0047 4400 PSSDKLBF (0bec7b42f4093400509821c63f13f1d5) C:\Windows\system32\Drivers\pssdklbf.sys 14:02:48.0063 4400 PSSDKLBF - ok 14:02:48.0141 4400 QBCFMonitorService (5fa5863e603426b0b52762492a032dee) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 14:02:48.0188 4400 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning 14:02:48.0188 4400 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1) 14:02:48.0266 4400 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe 14:02:48.0313 4400 QBFCService ( UnsignedFile.Multi.Generic ) - warning 14:02:48.0313 4400 QBFCService - detected UnsignedFile.Multi.Generic (1) 14:02:48.0407 4400 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe 14:02:48.0469 4400 QBVSS ( UnsignedFile.Multi.Generic ) - warning 14:02:48.0469 4400 QBVSS - detected UnsignedFile.Multi.Generic (1) 14:02:48.0610 4400 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys 14:02:48.0657 4400 ql2300 - ok 14:02:48.0688 4400 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys 14:02:48.0719 4400 ql40xx - ok 14:02:48.0782 4400 QuickBooksDB21 - ok 14:02:48.0813 4400 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 14:02:48.0844 4400 QWAVE - ok 14:02:48.0860 4400 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 14:02:48.0891 4400 QWAVEdrv - ok 14:02:48.0907 4400 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 14:02:48.0954 4400 RasAcd - ok 14:02:49.0000 4400 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:02:49.0032 4400 RasAgileVpn - ok 14:02:49.0063 4400 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 14:02:49.0110 4400 RasAuto - ok 14:02:49.0125 4400 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:02:49.0172 4400 Rasl2tp - ok 14:02:49.0204 4400 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 14:02:49.0266 4400 RasMan - ok 14:02:49.0297 4400 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 14:02:49.0344 4400 RasPppoe - ok 14:02:49.0360 4400 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 14:02:49.0407 4400 RasSstp - ok 14:02:49.0422 4400 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 14:02:49.0485 4400 rdbss - ok 14:02:49.0500 4400 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys 14:02:49.0532 4400 rdpbus - ok 14:02:49.0532 4400 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:02:49.0579 4400 RDPCDD - ok 14:02:49.0594 4400 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 14:02:49.0641 4400 RDPENCDD - ok 14:02:49.0641 4400 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 14:02:49.0688 4400 RDPREFMP - ok 14:02:49.0719 4400 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys 14:02:49.0782 4400 RDPWD - ok 14:02:49.0813 4400 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 14:02:49.0844 4400 rdyboost - ok 14:02:49.0860 4400 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 14:02:49.0907 4400 RemoteAccess - ok 14:02:49.0922 4400 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 14:02:49.0954 4400 RemoteRegistry - ok 14:02:49.0985 4400 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys 14:02:50.0000 4400 Revoflt - ok 14:02:50.0047 4400 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys 14:02:50.0094 4400 RimUsb - ok 14:02:50.0141 4400 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 14:02:50.0204 4400 RimVSerPort - ok 14:02:50.0219 4400 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys 14:02:50.0266 4400 ROOTMODEM - ok 14:02:50.0282 4400 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 14:02:50.0329 4400 RpcEptMapper - ok 14:02:50.0375 4400 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 14:02:50.0407 4400 RpcLocator - ok 14:02:50.0563 4400 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 14:02:50.0610 4400 RpcSs - ok 14:02:50.0641 4400 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 14:02:50.0704 4400 rspndr - ok 14:02:50.0813 4400 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys 14:02:50.0891 4400 RTL8023xp - ok 14:02:50.0907 4400 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 14:02:50.0922 4400 SamSs - ok 14:02:50.0969 4400 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 14:02:50.0985 4400 sbp2port - ok 14:02:51.0016 4400 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 14:02:51.0079 4400 SCardSvr - ok 14:02:51.0094 4400 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 14:02:51.0141 4400 scfilter - ok 14:02:51.0172 4400 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 14:02:51.0235 4400 Schedule - ok 14:02:51.0250 4400 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 14:02:51.0282 4400 SCPolicySvc - ok 14:02:51.0329 4400 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 14:02:51.0407 4400 SDRSVC - ok 14:02:51.0438 4400 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 14:02:51.0485 4400 secdrv - ok 14:02:51.0500 4400 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 14:02:51.0563 4400 seclogon - ok 14:02:51.0594 4400 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll 14:02:51.0641 4400 SENS - ok 14:02:51.0672 4400 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 14:02:51.0750 4400 SensrSvc - ok 14:02:51.0797 4400 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 14:02:51.0813 4400 Serenum - ok 14:02:51.0829 4400 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 14:02:51.0844 4400 Serial - ok 14:02:51.0860 4400 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys 14:02:51.0891 4400 sermouse - ok 14:02:51.0922 4400 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 14:02:51.0969 4400 SessionEnv - ok 14:02:51.0985 4400 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 14:02:52.0016 4400 sffdisk - ok 14:02:52.0047 4400 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 14:02:52.0063 4400 sffp_mmc - ok 14:02:52.0079 4400 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 14:02:52.0110 4400 sffp_sd - ok 14:02:52.0125 4400 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys 14:02:52.0141 4400 sfloppy - ok 14:02:52.0172 4400 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 14:02:52.0235 4400 SharedAccess - ok 14:02:52.0282 4400 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 14:02:52.0313 4400 ShellHWDetection - ok 14:02:52.0329 4400 simptcp (f5aaa8cdda25b6387af590d676d25bad) C:\Windows\System32\tcpsvcs.exe 14:02:52.0360 4400 simptcp - ok 14:02:52.0375 4400 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 14:02:52.0391 4400 sisagp - ok 14:02:52.0438 4400 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys 14:02:52.0469 4400 SiSRaid2 - ok 14:02:52.0485 4400 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys 14:02:52.0500 4400 SiSRaid4 - ok 14:02:52.0563 4400 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 14:02:52.0579 4400 SkypeUpdate - ok 14:02:52.0625 4400 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 14:02:52.0657 4400 Smb - ok 14:02:52.0688 4400 SNMP (8f5171c837e64ff0ac48f0a29dd9e180) C:\Windows\System32\snmp.exe 14:02:52.0766 4400 SNMP - ok 14:02:52.0813 4400 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 14:02:52.0829 4400 SNMPTRAP - ok 14:02:52.0954 4400 SpeedDiskService (a8493e43f9d4b22bbed2d424d03ed273) C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe 14:02:53.0000 4400 SpeedDiskService - ok 14:02:53.0032 4400 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 14:02:53.0047 4400 spldr - ok 14:02:53.0094 4400 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 14:02:53.0157 4400 Spooler - ok 14:02:53.0485 4400 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 14:02:53.0579 4400 sppsvc - ok 14:02:53.0688 4400 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 14:02:53.0719 4400 sppuinotify - ok 14:02:53.0782 4400 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 14:02:53.0797 4400 SQLBrowser - ok 14:02:53.0829 4400 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 14:02:53.0844 4400 SQLWriter - ok 14:02:53.0954 4400 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\N360\0602000.009\SRTSP.SYS 14:02:53.0985 4400 SRTSP - ok 14:02:54.0000 4400 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602000.009\SRTSPX.SYS 14:02:54.0016 4400 SRTSPX - ok 14:02:54.0047 4400 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 14:02:54.0110 4400 srv - ok 14:02:54.0141 4400 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 14:02:54.0204 4400 srv2 - ok 14:02:54.0235 4400 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 14:02:54.0282 4400 srvnet - ok 14:02:54.0313 4400 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 14:02:54.0360 4400 SSDPSRV - ok 14:02:54.0422 4400 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 14:02:54.0485 4400 SstpSvc - ok 14:02:54.0516 4400 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys 14:02:54.0532 4400 stexstor - ok 14:02:54.0594 4400 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 14:02:54.0641 4400 StiSvc - ok 14:02:54.0657 4400 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 14:02:54.0672 4400 swenum - ok 14:02:54.0719 4400 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 14:02:54.0766 4400 swprv - ok 14:02:54.0891 4400 Symantec RemoteAssist (267c914667c94e5f47d342311c1c577f) C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe 14:02:54.0922 4400 Symantec RemoteAssist - ok 14:02:55.0000 4400 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602000.009\SYMDS.SYS 14:02:55.0032 4400 SymDS - ok 14:02:55.0079 4400 SymDSMon (4c155fa65cbf81513e4b9d088737e9cf) C:\Windows\system32\drivers\SymDSMon.sys 14:02:55.0094 4400 SymDSMon - ok 14:02:55.0141 4400 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602000.009\SYMEFA.SYS 14:02:55.0172 4400 SymEFA - ok 14:02:55.0219 4400 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS 14:02:55.0235 4400 SymEvent - ok 14:02:55.0282 4400 SymIM (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys 14:02:55.0313 4400 SymIM - ok 14:02:55.0344 4400 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602000.009\Ironx86.SYS 14:02:55.0375 4400 SymIRON - ok 14:02:55.0422 4400 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\N360\0602000.009\SYMNETS.SYS 14:02:55.0454 4400 SymNetS - ok 14:02:55.0485 4400 SYMSpeedDisk (e9983667331d463f1e5b34f9170a9ae0) C:\Windows\system32\drivers\SymSpeedDisk.sys 14:02:55.0500 4400 SYMSpeedDisk - ok 14:02:55.0563 4400 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 14:02:55.0610 4400 SysMain - ok 14:02:55.0625 4400 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 14:02:55.0657 4400 TabletInputService - ok 14:02:55.0688 4400 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 14:02:55.0735 4400 TapiSrv - ok 14:02:55.0766 4400 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 14:02:55.0813 4400 TBS - ok 14:02:55.0891 4400 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys 14:02:55.0938 4400 Tcpip - ok 14:02:56.0079 4400 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys 14:02:56.0125 4400 TCPIP6 - ok 14:02:56.0172 4400 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 14:02:56.0204 4400 tcpipreg - ok 14:02:56.0235 4400 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 14:02:56.0250 4400 TDPIPE - ok 14:02:56.0282 4400 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 14:02:56.0313 4400 TDTCP - ok 14:02:56.0329 4400 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 14:02:56.0375 4400 tdx - ok 14:02:56.0391 4400 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys 14:02:56.0407 4400 TermDD - ok 14:02:56.0454 4400 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 14:02:56.0500 4400 TermService - ok 14:02:56.0516 4400 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 14:02:56.0547 4400 Themes - ok 14:02:56.0579 4400 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 14:02:56.0625 4400 THREADORDER - ok 14:02:56.0641 4400 TlntSvr (ce92b84ed806f1c5c340a51dfd3e49bc) C:\Windows\System32\tlntsvr.exe 14:02:56.0704 4400 TlntSvr - ok 14:02:56.0735 4400 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 14:02:56.0782 4400 TrkWks - ok 14:02:56.0797 4400 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys 14:02:56.0844 4400 truecrypt - ok 14:02:56.0891 4400 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 14:02:56.0938 4400 TrustedInstaller - ok 14:02:56.0969 4400 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:02:57.0016 4400 tssecsrv - ok 14:02:57.0016 4400 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 14:02:57.0094 4400 TsUsbFlt - ok 14:02:57.0094 4400 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys 14:02:57.0141 4400 TsUsbGD - ok 14:02:57.0266 4400 TuneUp.UtilitiesSvc (86cd728fb5f6a409112662e1596d987b) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe 14:02:57.0329 4400 TuneUp.UtilitiesSvc - ok 14:02:57.0329 4400 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys 14:02:57.0360 4400 TuneUpUtilitiesDrv - ok 14:02:57.0469 4400 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 14:02:57.0500 4400 tunnel - ok 14:02:57.0579 4400 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files\TightVNC\tvnserver.exe 14:02:57.0625 4400 tvnserver - ok 14:02:57.0625 4400 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys 14:02:57.0641 4400 uagp35 - ok 14:02:57.0672 4400 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 14:02:57.0704 4400 udfs - ok 14:02:57.0750 4400 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 14:02:57.0782 4400 UI0Detect - ok 14:02:57.0829 4400 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 14:02:57.0844 4400 uliagpkx - ok 14:02:57.0875 4400 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 14:02:57.0922 4400 umbus - ok 14:02:57.0938 4400 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys 14:02:57.0954 4400 UmPass - ok 14:02:58.0000 4400 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 14:02:58.0047 4400 upnphost - ok 14:02:58.0094 4400 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 14:02:58.0141 4400 usbccgp - ok 14:02:58.0157 4400 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 14:02:58.0219 4400 usbcir - ok 14:02:58.0250 4400 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys 14:02:58.0282 4400 usbehci - ok 14:02:58.0313 4400 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 14:02:58.0375 4400 usbhub - ok 14:02:58.0391 4400 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 14:02:58.0454 4400 usbohci - ok 14:02:58.0469 4400 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 14:02:58.0500 4400 usbprint - ok 14:02:58.0532 4400 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 14:02:58.0563 4400 usbscan - ok 14:02:58.0594 4400 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:02:58.0672 4400 USBSTOR - ok 14:02:58.0688 4400 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys 14:02:58.0704 4400 usbuhci - ok 14:02:58.0735 4400 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 14:02:58.0766 4400 UxSms - ok 14:02:58.0797 4400 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 14:02:58.0813 4400 VaultSvc - ok 14:02:58.0860 4400 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 14:02:58.0875 4400 vdrvroot - ok 14:02:58.0907 4400 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 14:02:58.0954 4400 vds - ok 14:02:58.0985 4400 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 14:02:59.0000 4400 vga - ok 14:02:59.0016 4400 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 14:02:59.0047 4400 VgaSave - ok 14:02:59.0063 4400 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 14:02:59.0094 4400 vhdmp - ok 14:02:59.0125 4400 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 14:02:59.0141 4400 viaagp - ok 14:02:59.0172 4400 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys 14:02:59.0204 4400 ViaC7 - ok 14:02:59.0235 4400 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 14:02:59.0250 4400 viaide - ok 14:02:59.0266 4400 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 14:02:59.0282 4400 volmgr - ok 14:02:59.0313 4400 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 14:02:59.0344 4400 volmgrx - ok 14:02:59.0360 4400 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 14:02:59.0375 4400 volsnap - ok 14:02:59.0422 4400 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys 14:02:59.0438 4400 vsmraid - ok 14:02:59.0500 4400 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 14:02:59.0563 4400 VSS - ok 14:02:59.0579 4400 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 14:02:59.0625 4400 vwifibus - ok 14:02:59.0641 4400 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 14:02:59.0688 4400 W32Time - ok 14:02:59.0735 4400 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll 14:02:59.0766 4400 W3SVC - ok 14:02:59.0782 4400 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys 14:02:59.0813 4400 WacomPen - ok 14:02:59.0844 4400 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 14:02:59.0891 4400 WANARP - ok 14:02:59.0907 4400 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 14:02:59.0938 4400 Wanarpv6 - ok 14:02:59.0954 4400 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll 14:02:59.0969 4400 WAS - ok 14:03:00.0110 4400 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 14:03:00.0172 4400 WatAdminSvc - ok 14:03:00.0297 4400 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 14:03:00.0375 4400 wbengine - ok 14:03:00.0391 4400 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 14:03:00.0438 4400 WbioSrvc - ok 14:03:00.0469 4400 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 14:03:00.0500 4400 wcncsvc - ok 14:03:00.0532 4400 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 14:03:00.0579 4400 WcsPlugInService - ok 14:03:00.0625 4400 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys 14:03:00.0641 4400 Wd - ok 14:03:00.0672 4400 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 14:03:00.0704 4400 Wdf01000 - ok 14:03:00.0719 4400 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 14:03:00.0797 4400 WdiServiceHost - ok 14:03:00.0797 4400 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 14:03:00.0829 4400 WdiSystemHost - ok 14:03:00.0860 4400 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 14:03:00.0891 4400 WebClient - ok 14:03:00.0922 4400 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 14:03:00.0954 4400 Wecsvc - ok 14:03:00.0969 4400 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 14:03:01.0016 4400 wercplsupport - ok 14:03:01.0047 4400 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 14:03:01.0094 4400 WerSvc - ok 14:03:01.0125 4400 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 14:03:01.0172 4400 WfpLwf - ok 14:03:01.0188 4400 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 14:03:01.0219 4400 WIMMount - ok 14:03:01.0250 4400 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 14:03:01.0313 4400 winachsf - ok 14:03:01.0391 4400 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 14:03:01.0454 4400 WinDefend - ok 14:03:01.0469 4400 WinHttpAutoProxySvc - ok 14:03:01.0610 4400 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 14:03:01.0641 4400 Winmgmt - ok 14:03:01.0719 4400 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 14:03:01.0782 4400 WinRM - ok 14:03:01.0844 4400 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 14:03:01.0875 4400 WinUsb - ok 14:03:01.0922 4400 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 14:03:01.0969 4400 Wlansvc - ok 14:03:02.0094 4400 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:03:02.0157 4400 wlidsvc - ok 14:03:02.0250 4400 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 14:03:02.0282 4400 WmiAcpi - ok 14:03:02.0329 4400 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 14:03:02.0360 4400 wmiApSrv - ok 14:03:02.0469 4400 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 14:03:02.0532 4400 WMPNetworkSvc - ok 14:03:02.0641 4400 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 14:03:02.0704 4400 WPCSvc - ok 14:03:02.0719 4400 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 14:03:02.0750 4400 WPDBusEnum - ok 14:03:02.0797 4400 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 14:03:02.0844 4400 ws2ifsl - ok 14:03:02.0875 4400 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys 14:03:02.0891 4400 WsAudio_DeviceS(1) - ok 14:03:02.0907 4400 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys 14:03:02.0922 4400 WsAudio_DeviceS(2) - ok 14:03:02.0938 4400 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys 14:03:02.0954 4400 WsAudio_DeviceS(3) - ok 14:03:02.0969 4400 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys 14:03:03.0000 4400 WsAudio_DeviceS(4) - ok 14:03:03.0016 4400 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys 14:03:03.0032 4400 WsAudio_DeviceS(5) - ok 14:03:03.0094 4400 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll 14:03:03.0125 4400 wscsvc - ok 14:03:03.0125 4400 WSearch - ok 14:03:03.0219 4400 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 14:03:03.0297 4400 wuauserv - ok 14:03:03.0391 4400 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 14:03:03.0422 4400 WudfPf - ok 14:03:03.0469 4400 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:03:03.0516 4400 WUDFRd - ok 14:03:03.0547 4400 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 14:03:03.0610 4400 wudfsvc - ok 14:03:03.0625 4400 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 14:03:03.0657 4400 WwanSvc - ok 14:03:03.0750 4400 WysePocketCloud (7868f4758712393cb08a82917a8a9927) C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe 14:03:03.0782 4400 WysePocketCloud - ok 14:03:03.0797 4400 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys 14:03:03.0829 4400 XAudio - ok 14:03:03.0844 4400 XAudioService (96db5621857e1fddd1aa60733748bf17) C:\Windows\system32\DRIVERS\xaudio.exe 14:03:03.0875 4400 XAudioService - ok 14:03:03.0922 4400 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 14:03:04.0016 4400 \Device\Harddisk0\DR0 - ok 14:03:04.0016 4400 Boot (0x1200) (42453c69628f84743c244c56ca58f1c3) \Device\Harddisk0\DR0\Partition0 14:03:04.0016 4400 \Device\Harddisk0\DR0\Partition0 - ok 14:03:04.0032 4400 Boot (0x1200) (14dde3687721ef310b1fe392a2aa3644) \Device\Harddisk0\DR0\Partition1 14:03:04.0032 4400 \Device\Harddisk0\DR0\Partition1 - ok 14:03:04.0032 4400 ============================================================ 14:03:04.0032 4400 Scan finished 14:03:04.0032 4400 ============================================================ 14:03:04.0047 4172 Detected object count: 6 14:03:04.0047 4172 Actual detected object count: 6 14:03:10.0547 4172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 14:03:10.0547 4172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:03:10.0547 4172 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 14:03:10.0547 4172 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:03:10.0547 4172 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 14:03:10.0547 4172 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:03:10.0563 4172 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user 14:03:10.0563 4172 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:03:10.0563 4172 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user 14:03:10.0563 4172 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:03:10.0563 4172 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user 14:03:10.0563 4172 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip
  4. Hope I did all this right...Thanks for the fast reply and help! Scan Results are as follows: DDS.txt DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Lenard at 12:45:57 on 2012-05-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2048.701 [GMT -5:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k apphost C:\Windows\system32\atashost.exe C:\Program Files\Microsoft\BingBar\7.1.352.0\BBSvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Windows\system32\CISVC.EXE C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k ipripsvc C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Windows\System32\tcpsvcs.exe C:\Windows\System32\snmp.exe C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe C:\Program Files\TightVNC\tvnserver.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\SearchIndexer.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe C:\Windows\Explorer.EXE C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\TightVNC\tvnserver.exe C:\Program Files\Android-Sync\AndroidSync.exe C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe C:\Program Files\MozyPro\mozyprostat.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Android-Sync\bin\adb.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe C:\Program Files\MozyPro\mozyprobackup.exe C:\Program Files\MozyPro\mozyprobackup.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.suddenlink.net/ uInternet Settings,ProxyOverride = *.local;<local> mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.0.9\ips\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.352.0\BingExt.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.352.0\BingExt.dll" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave mRun: [AndroidSync] c:\program files\android-sync\AndroidSync.exe -m mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozypr~1.lnk - c:\program files\mozypro\mozyprostat.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL Trusted Zone: motive.com\pattta.att Trusted Zone: motive.com\patttbc.att DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271554470514 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://rim.webex.com/client/T27LB/support/ieatgpc1.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 TCP: Interfaces\{AE641B68-4657-4CCC-8018-56144A401206} : DhcpNameServer = 208.180.42.68 208.180.42.100 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\lenard\appdata\roaming\mozilla\firefox\profiles\piw7qjma.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://home.suddenlink.net/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=66604&q= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll FF - plugin: c:\programdata\best buy pc app\npBestBuyPcAppDetector.dll FF - plugin: c:\users\lenard\appdata\roaming\mozilla\firefox\profiles\piw7qjma.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll . ---- FIREFOX POLICIES ---- FF - user.js: extentions.y2layers.installId - 6dbad97e-9741-43d1-8783-0293a5144e86 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602000.009\SymDS.sys [2012-5-2 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602000.009\SymEFA.sys [2012-5-2 905336] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-8 821880] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602000.009\ccSetx86.sys [2012-5-2 132744] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\definitions\ipsdefs\20120511.001\IDSvix86.sys [2012-5-12 368248] R1 mozyproFilter;mozyproFilter;c:\windows\system32\drivers\mozypro.sys [2012-2-14 54776] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602000.009\Ironx86.sys [2012-5-2 149624] R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0602000.009\symnets.sys [2012-5-2 318584] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128] R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-9-9 43912] R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.352.0\BBSvc.EXE [2012-1-21 192792] R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\norton utilities 15\tools\disk doctor\DiskDoctorSrv.exe [2011-11-28 1029480] R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-14 654408] R2 mozyprobackup;MozyPro Backup Service;c:\program files\mozypro\mozyprobackup.exe [2011-9-29 53016] R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.0.9\ccSvcHst.exe [2012-5-2 138232] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256] R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\norton utilities 15\tools\speeddisk\SpeedDiskSrv.exe [2011-11-28 1037672] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-14 1514304] R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2011-8-3 828944] R2 WysePocketCloud;Wyse PocketCloud;c:\program files\wyse\pocketcloud windows companion\PocketCloudService.exe [2012-3-20 175520] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-11-10 8913920] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-11-10 263680] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-2 106104] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-24 22344] R3 QuickBooksDB21;QuickBooksDB21;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb21 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB21 [?] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 257696] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.352.0\SeaPort.EXE [2012-1-21 240408] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2012-3-7 6016] S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2012-3-7 25856] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-3-7 20480] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-3-7 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-3-7 23424] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 129976] S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2012-2-3 38976] S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2012-2-3 53312] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-9-24 27192] S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2011-11-28 128248] S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2011-11-28 108800] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-25 1343400] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-1-18 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-1-18 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-1-18 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-1-18 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-1-18 25704] . =============== Created Last 30 ================ . 2012-05-14 17:35:53 711240 ----a-w- c:\windows\isRS-000.tmp 2012-05-14 13:58:13 -------- d-sh--w- C:\$RECYCLE.BIN 2012-05-14 13:50:20 -------- d-----w- c:\users\lenard\appdata\local\temp 2012-05-14 13:32:18 98816 ----a-w- c:\windows\sed.exe 2012-05-14 13:32:18 518144 ----a-w- c:\windows\SWREG.exe 2012-05-14 13:32:18 256000 ----a-w- c:\windows\PEV.exe 2012-05-14 13:32:18 208896 ----a-w- c:\windows\MBR.exe 2012-05-09 20:34:02 -------- d-----w- c:\program files\InterActual 2012-05-09 09:47:40 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-09 09:47:38 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll 2012-05-09 09:47:38 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll 2012-05-09 09:47:38 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2012-05-09 09:47:38 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL 2012-05-09 09:47:35 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-09 09:47:34 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-09 09:47:34 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-05-09 09:47:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-09 09:47:27 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-05-05 18:01:07 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-05-02 23:31:47 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-02 23:31:41 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-05-02 23:31:41 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-05-02 15:37:43 318584 ----a-r- c:\windows\system32\drivers\n360\0602000.009\symnets.sys 2012-05-02 15:37:42 905336 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymEFA.sys 2012-05-02 15:37:42 574072 ----a-r- c:\windows\system32\drivers\n360\0602000.009\srtsp.sys 2012-05-02 15:37:42 340088 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymDS.sys 2012-05-02 15:37:42 32888 ----a-r- c:\windows\system32\drivers\n360\0602000.009\srtspx.sys 2012-05-02 15:37:42 149624 ----a-r- c:\windows\system32\drivers\n360\0602000.009\Ironx86.sys 2012-05-02 15:37:42 132744 ----a-r- c:\windows\system32\drivers\n360\0602000.009\ccSetx86.sys 2012-05-02 15:37:29 4782 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymVTcer.dat 2012-05-02 15:37:28 -------- d-----w- c:\windows\system32\drivers\n360\0602000.009 2012-05-01 07:05:04 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9269f4f4-1f47-4b79-91f6-aa1e26ff7753}\mpengine.dll 2012-04-19 14:06:36 -------- d-----w- c:\users\lenard\appdata\roaming\TightVNC . ==================== Find3M ==================== . 2012-05-05 19:01:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 19:01:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-02 15:42:49 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-29 06:28:34 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2012-03-19 15:10:30 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys . ============= FINISH: 12:48:06.38 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 9/24/2011 9:57:15 PM System Uptime: 5/14/2012 12:37:37 PM (0 hours ago) . Motherboard: ELITEGROUP | | 945GCT-M3 Processor: Genuine Intel® CPU 2160 @ 1.80GHz | Socket 775 | 1800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 363 GiB total, 228.881 GiB free. D: is FIXED (NTFS) - 10 GiB total, 4.511 GiB free. E: is CDROM (UDF) I: is Removable J: is Removable L: is Removable M: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP168: 5/14/2012 8:32:35 AM - ComboFix created restore point . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Alocet PDF Writer Amazon MP3 Downloader 1.0.15 Android-Sync v0.385 Apple Application Support Apple Mobile Device Support Apple Software Update AudibleManager BeerSmith 2 Bing Bar BlackBerry Desktop Software 6.1 Bonjour Google Toolbar for Internet Explorer GoToMeeting 4.8.0.723 iCloud iTunes Java Auto Updater Java™ 6 Update 31 Malwarebytes Anti-Malware version 1.61.0.1400 Marshall Plan® Novel Writing Software Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Ultimate 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Store Download Manager MobileMe Control Panel Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MozyPro Norton Utilities 15 PocketCloud Windows Companion ProMash QuickBooks QuickBooks Contact Sync QuickBooks Pro 2011 QuickTime Realtek High Definition Audio Driver RegZooka Revo Uninstaller Pro 2.5.8 Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 5.8 Soft Data Fax Modem with SmartCP Star Trek Online StrangeBrew TightVNC 2.0.4 TuneUp Utilities 2012 TuneUp Utilities Language Pack (en-US) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Ventrilo Client Windows Driver Package - Motorola (bqusbser) Modem (02/24/2009 1.1.0.0) Windows Driver Package - Motorola (bqusbser) Ports (02/24/2009 1.1.0.0) Windows Driver Package - Motorola (motandroidusb) USB (11/08/2011 1.2.9.0) Windows Driver Package - Motorola (motccgp) USB (11/08/2011 3.1.2.0) Windows Driver Package - Motorola (motmodem) Modem (11/08/2011 4.8.2.0) Windows Driver Package - Motorola (Motousbnet) Net (07/01/2011 2.4.7.0) Windows Driver Package - Motorola (motport) Ports (11/08/2011 4.8.2.0) Windows Driver Package - Motorola (motusbdevice) USB (11/08/2011 1.1.0.0) Windows Driver Package - Motorola Inc (MotDev) MOTUSB (11/08/2011 3.2.12.0) Windows Driver Package - Motorola Net (11/08/2011 1.0.5.0) ZumoCast . ==== Event Viewer Messages From Past Week ======== . 5/9/2012 12:52:09 AM, Error: IPRIP [29012] - IPRIP was unable to bind a socket to IP address 74.197.174.183. The data is the error code. 5/8/2012 2:07:40 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 5/8/2012 2:07:40 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173. 5/14/2012 8:50:47 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 5/14/2012 8:35:07 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s). 5/14/2012 8:31:39 AM, Error: Service Control Manager [7034] - The QuickBooksDB21 service terminated unexpectedly. It has done this 1 time(s). 5/14/2012 7:51:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 5/14/2012 7:51:57 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 5/14/2012 7:51:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/14/2012 7:51:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/14/2012 7:51:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/14/2012 7:51:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/14/2012 7:51:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 discache eeCtrl IDSVix86 mozyproFilter spldr SRTSP SRTSPX SymIRON SymNetS truecrypt Wanarpv6 5/14/2012 12:46:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 5/14/2012 12:38:22 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. 5/12/2012 9:42:16 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0. 5/11/2012 1:10:49 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6. . ==== End Of File =========================== RogueKiller.txt RogueKiller V7.4.4 [05/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Lenard [Admin rights] Mode: Scan -- Date: 05/14/2012 13:13:57 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 5 ¤¤¤ [sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sUSP PATH] Best Buy pc app.lnk @QBDataServiceUser21 : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[13] : NtAlertResumeThread @ 0x832E24E1 -> HOOKED (Unknown @ 0x867B3640) SSDT[14] : NtAlertThread @ 0x8326AB0F -> HOOKED (Unknown @ 0x85EA3E80) SSDT[19] : NtAllocateVirtualMemory @ 0x83217F65 -> HOOKED (Unknown @ 0x866211A0) SSDT[22] : NtAlpcConnectPort @ 0x8322B26B -> HOOKED (Unknown @ 0x866C5DB8) SSDT[43] : NtAssignProcessToJobObject @ 0x832837B4 -> HOOKED (Unknown @ 0x865FD248) SSDT[74] : NtCreateMutant @ 0x8327A1CE -> HOOKED (Unknown @ 0x86600E88) SSDT[86] : NtCreateSymbolicLinkObject @ 0x831F9189 -> HOOKED (Unknown @ 0x866248B0) SSDT[87] : NtCreateThread @ 0x832E0702 -> HOOKED (Unknown @ 0x867D72F0) SSDT[88] : NtCreateThreadEx @ 0x83269801 -> HOOKED (Unknown @ 0x86600460) SSDT[96] : NtDebugActiveProcess @ 0x832B2E88 -> HOOKED (Unknown @ 0x86600310) SSDT[111] : NtDuplicateObject @ 0x832658B5 -> HOOKED (Unknown @ 0x86621370) SSDT[131] : NtFreeVirtualMemory @ 0x8308B32E -> HOOKED (Unknown @ 0x86600D28) SSDT[145] : NtImpersonateAnonymousToken @ 0x8325E236 -> HOOKED (Unknown @ 0x86600F90) SSDT[147] : NtImpersonateThread @ 0x8323C252 -> HOOKED (Unknown @ 0x864B7250) SSDT[155] : NtLoadDriver @ 0x831AF442 -> HOOKED (Unknown @ 0x86527058) SSDT[168] : NtMapViewOfSection @ 0x83244B6D -> HOOKED (Unknown @ 0x86600C28) SSDT[177] : NtOpenEvent @ 0x8323AF76 -> HOOKED (Unknown @ 0x866244E0) SSDT[190] : NtOpenProcess @ 0x83226F07 -> HOOKED (Unknown @ 0x86621008) SSDT[191] : NtOpenProcessToken @ 0x8326425D -> HOOKED (Unknown @ 0x86621290) SSDT[194] : NtOpenSection @ 0x832739F0 -> HOOKED (Unknown @ 0x866FC008) SSDT[198] : NtOpenThread @ 0x8327CAF8 -> HOOKED (Unknown @ 0x86621460) SSDT[215] : NtProtectVirtualMemory @ 0x8324B483 -> HOOKED (Unknown @ 0x86600598) SSDT[304] : NtResumeThread @ 0x83236EF5 -> HOOKED (Unknown @ 0x866210C0) SSDT[316] : NtSetContextThread @ 0x832E1F8D -> HOOKED (Unknown @ 0x866006D0) SSDT[333] : NtSetInformationProcess @ 0x8321528F -> HOOKED (Unknown @ 0x86600A58) SSDT[350] : NtSetSystemInformation @ 0x831F2618 -> HOOKED (Unknown @ 0x866FCEC0) SSDT[366] : NtSuspendProcess @ 0x832E241B -> HOOKED (Unknown @ 0x86624380) SSDT[367] : NtSuspendThread @ 0x8329C333 -> HOOKED (Unknown @ 0x86624D10) SSDT[370] : NtTerminateProcess @ 0x832273E6 -> HOOKED (Unknown @ 0x86621990) SSDT[371] : NtTerminateThread @ 0x8323E936 -> HOOKED (Unknown @ 0x86600348) SSDT[385] : NtUnmapViewOfSection @ 0x83267508 -> HOOKED (Unknown @ 0x86600B48) SSDT[399] : NtWriteVirtualMemory @ 0x83257295 -> HOOKED (Unknown @ 0x86600DF8) S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x871DC868) S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x87036DE0) S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x871EAB80) S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x85E8E688) S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x871ED648) S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x871E8640) S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x871EAAB0) S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x871EA9E0) S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x87036EE8) S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x871E82B8) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT725040VLA380 ATA Device +++++ --- User --- [MBR] fd8deb240bf8098a38ec337a10315105 [bSP] 4c00e8bb74ce040920247e26d3ccae2b : Windows 7 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10032 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20547135 | Size: 371518 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  5. Hello, I'm pulling my hair out over a suspicious occurrence of MWB alerting me that it has blocked access to potentially malicious websites, and notices of "High CPU usage by MWB." I have NORTON 360 (and it’s all up to date), and MWB. I have run scan after scan with both and all comes back clean. I have also run Norton’s, NPE program, as well as ComboFix. The issue is still occurring. I do not have a static IP address. I cannot figure for the life of me, whether this activity is originating on my end, or if these websites are coming to me. The alert generally references: Incoming, Port 19 (sometimes other ports too), and TCPSVCS.EXE. I have looked up the IP address that the alert shows, and it says it’s in the Netherlands. I'm not a techie type guy, but this is beginning to wear me out. I have a business to run on this machine and need more knowledgeable advice from someone that knows what they are doing. Anything this community could do would be greatly appreciated. Thanks, L.Fleming
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.