Jump to content

jreilly

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. everything is working and I am no longer being redirected or sending outgoing messages. I want to thank you for ALL the effort that you applied to my post. It is with great appreciation and admiration that I bid you farewell. YOUR THE GREAtEST!!!!!!!!!
  2. kasperskey log... Status: Detected (events: 2) 6/9/2012 11:29:05 AM Detected Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\06.06.2012_08.41.28\mbr0000\mbr0000\tsk0000.dta High 6/9/2012 11:29:06 AM Detected Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\06.06.2012_08.41.28\mbr0000\mbr0000\tsk0001.dta//mbr High
  3. got it. log below C:\ProgramData\Microsoft\Windows\DRM\4271.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined C:\ProgramData\Microsoft\Windows\DRM\4282.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
  4. I can get to the 'accept' screen. But, after that I do not get the active x scrren prompt. A popup box box (blank) comes up and just stays there. But, on a different computer, if I go thru the steps, the prompt to insat,l the active x is displayed. Something on the infected laptop , I believe, is stopping me from getting the active x promt. Do you have an ideaa?
  5. combo fix log is below..... ComboFix 12-06-08.01 - Joshua 06/08/2012 9:25.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2137 [GMT -4:00] Running from: c:\users\Joshua\Desktop\ComboFix.exe AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\WanPacket.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 ))))))))))))))))))))))))))))))) . . 2012-06-06 12:44 . 2012-06-06 12:44 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-04 13:35 . 2012-06-04 13:35 -------- d-----w- C:\AI_RecycleBin 2012-06-01 19:21 . 2012-06-01 19:21 -------- d-----w- c:\users\Joshua\AppData\Roaming\Malwarebytes 2012-06-01 19:21 . 2012-06-01 19:21 -------- d-----w- c:\programdata\Malwarebytes 2012-06-01 19:21 . 2012-06-01 19:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-01 19:21 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-01 14:54 . 2012-06-01 14:54 -------- d-----w- c:\users\Joshua\AppData\Local\Microsoft Help 2012-06-01 14:54 . 2012-06-01 15:14 -------- d-----w- c:\programdata\Microsoft Help 2012-06-01 14:43 . 2012-06-01 14:43 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2012-06-01 14:43 . 2012-06-01 14:43 -------- d-----w- c:\program files\Symantec 2012-06-01 14:43 . 2012-06-01 14:43 -------- d-----w- c:\program files\Common Files\Symantec Shared 2012-06-01 14:40 . 2012-06-01 14:40 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-01 14:40 . 2012-06-02 16:53 -------- d-----w- c:\windows\system32\drivers\NAVx64 2012-06-01 14:40 . 2012-06-01 14:40 -------- d-----w- c:\program files (x86)\Norton AntiVirus 2012-06-01 13:45 . 2012-06-01 13:45 -------- d-----w- c:\windows\Sun 2012-05-29 16:51 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll 2012-05-29 16:51 . 2009-03-09 19:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll 2012-05-19 15:03 . 2012-05-19 15:04 -------- d-----w- C:\34656fc724f5a86b07cc264c4d 2012-05-19 13:24 . 2012-05-19 13:24 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-05-19 13:22 . 2012-05-19 13:22 -------- d-----w- c:\program files (x86)\Oracle 2012-05-19 13:22 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-05-19 13:17 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-19 13:17 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-19 13:16 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-19 13:16 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-19 13:16 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-19 13:16 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-19 13:11 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-19 13:07 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-19 13:07 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-19 13:07 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-01 14:40 . 2011-11-04 23:16 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 136176] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 257696] R3 ALSysIO;ALSysIO;c:\users\Joshua\AppData\Local\Temp\ALSysIO64.sys [x] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 136176] R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160] R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [2012-05-18 1160824] S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120606.001\IDSvia64.sys [2012-06-01 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-01 138912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 14:40] . 2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 17:11] . 2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 17:11] . 2012-05-29 c:\windows\Tasks\HPCeeScheduleForJoshua.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-WTA-af879c04-a80e-448c-bfbd-f3e8d121e7db - c:\program files (x86)\WildGames\Exorcist 2\uninstall\uninstaller.exe AddRemove-WTA-e9d25dd9-c3b1-4151-9add-06837c3422c6 - c:\program files (x86)\WildGames\FATE The Cursed King\uninstall\uninstaller.exe AddRemove-WTA-ff65c495-afff-4d11-a19a-11aada624f8e - c:\program files (x86)\WildGames\Torchlight\uninstall\uninstaller.exe AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe AddRemove-{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp - c:\program files (x86)\WildTangent Games\Touchpoints\hp\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV] "ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe . ************************************************************************** . Completion time: 2012-06-08 09:46:22 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-08 13:46 . Pre-Run: 428,305,473,536 bytes free Post-Run: 433,438,900,224 bytes free . - - End Of File - - 92CAD25930C99F4177DD0C27E3C9CDC3
  6. tds log file--------------- 08:41:28.0085 6752 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 08:41:28.0529 6752 ============================================================ 08:41:28.0530 6752 Current date / time: 2012/06/06 08:41:28.0529 08:41:28.0530 6752 SystemInfo: 08:41:28.0530 6752 08:41:28.0530 6752 OS Version: 6.1.7601 ServicePack: 1.0 08:41:28.0530 6752 Product type: Workstation 08:41:28.0530 6752 ComputerName: JOSHUA-HP 08:41:28.0530 6752 UserName: Joshua 08:41:28.0530 6752 Windows directory: C:\Windows 08:41:28.0530 6752 System windows directory: C:\Windows 08:41:28.0530 6752 Running under WOW64 08:41:28.0530 6752 Processor architecture: Intel x64 08:41:28.0530 6752 Number of processors: 4 08:41:28.0530 6752 Page size: 0x1000 08:41:28.0530 6752 Boot type: Normal boot 08:41:28.0530 6752 ============================================================ 08:41:29.0892 6752 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:41:29.0898 6752 ============================================================ 08:41:29.0898 6752 \Device\Harddisk0\DR0: 08:41:29.0899 6752 MBR partitions: 08:41:29.0899 6752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 08:41:29.0899 6752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3861F800 08:41:29.0899 6752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38683800, BlocksNum 0x1CCE800 08:41:29.0899 6752 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830 08:41:29.0899 6752 ============================================================ 08:41:29.0986 6752 C: <-> \Device\Harddisk0\DR0\Partition1 08:41:30.0172 6752 D: <-> \Device\Harddisk0\DR0\Partition2 08:41:30.0172 6752 ============================================================ 08:41:30.0172 6752 Initialize success 08:41:30.0172 6752 ============================================================ 08:42:58.0880 5736 ============================================================ 08:42:58.0880 5736 Scan started 08:42:58.0880 5736 Mode: Manual; SigCheck; TDLFS; 08:42:58.0880 5736 ============================================================ 08:43:02.0683 5736 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 08:43:02.0932 5736 1394ohci - ok 08:43:02.0990 5736 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys 08:43:03.0093 5736 Accelerometer - ok 08:43:03.0135 5736 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 08:43:03.0160 5736 ACPI - ok 08:43:03.0186 5736 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 08:43:03.0273 5736 AcpiPmi - ok 08:43:03.0445 5736 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 08:43:03.0491 5736 AdobeARMservice - ok 08:43:03.0660 5736 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 08:43:03.0678 5736 AdobeFlashPlayerUpdateSvc - ok 08:43:03.0913 5736 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 08:43:03.0979 5736 adp94xx - ok 08:43:04.0260 5736 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 08:43:04.0307 5736 adpahci - ok 08:43:04.0432 5736 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 08:43:04.0505 5736 adpu320 - ok 08:43:04.0557 5736 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 08:43:04.0690 5736 AeLookupSvc - ok 08:43:04.0800 5736 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe 08:43:04.0880 5736 AESTFilters - ok 08:43:05.0011 5736 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 08:43:05.0139 5736 AFD - ok 08:43:05.0214 5736 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 08:43:05.0243 5736 agp440 - ok 08:43:05.0288 5736 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 08:43:05.0374 5736 ALG - ok 08:43:05.0422 5736 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 08:43:05.0454 5736 aliide - ok 08:43:05.0599 5736 ALSysIO - ok 08:43:05.0640 5736 AMD External Events Utility (5580856001f78fecef19202a60334e7e) C:\Windows\system32\atiesrxx.exe 08:43:05.0723 5736 AMD External Events Utility - ok 08:43:05.0788 5736 AMD FUEL Service - ok 08:43:05.0842 5736 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 08:43:05.0859 5736 amdide - ok 08:43:05.0923 5736 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 08:43:05.0939 5736 amdiox64 - ok 08:43:05.0998 5736 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 08:43:06.0044 5736 AmdK8 - ok 08:43:06.0996 5736 amdkmdag (69bc235b7983d67b8967ce634023ced1) C:\Windows\system32\DRIVERS\atikmdag.sys 08:43:07.0320 5736 amdkmdag - ok 08:43:07.0644 5736 amdkmdap (2a8496af669f282777f9e17d04d0aa22) C:\Windows\system32\DRIVERS\atikmpag.sys 08:43:07.0726 5736 amdkmdap - ok 08:43:07.0768 5736 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 08:43:07.0814 5736 AmdPPM - ok 08:43:07.0879 5736 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 08:43:07.0899 5736 amdsata - ok 08:43:07.0934 5736 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 08:43:07.0965 5736 amdsbs - ok 08:43:07.0981 5736 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 08:43:08.0000 5736 amdxata - ok 08:43:08.0025 5736 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys 08:43:08.0042 5736 amd_sata - ok 08:43:08.0110 5736 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys 08:43:08.0147 5736 amd_xata - ok 08:43:08.0222 5736 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 08:43:08.0420 5736 AppID - ok 08:43:08.0461 5736 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 08:43:08.0551 5736 AppIDSvc - ok 08:43:08.0604 5736 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 08:43:08.0699 5736 Appinfo - ok 08:43:08.0738 5736 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 08:43:08.0758 5736 arc - ok 08:43:08.0791 5736 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 08:43:08.0824 5736 arcsas - ok 08:43:08.0922 5736 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 08:43:08.0937 5736 aspnet_state - ok 08:43:08.0949 5736 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 08:43:09.0026 5736 AsyncMac - ok 08:43:09.0050 5736 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 08:43:09.0067 5736 atapi - ok 08:43:09.0151 5736 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys 08:43:09.0169 5736 AtiHDAudioService - ok 08:43:09.0260 5736 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:43:09.0342 5736 AudioEndpointBuilder - ok 08:43:09.0352 5736 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:43:09.0411 5736 AudioSrv - ok 08:43:09.0461 5736 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 08:43:09.0545 5736 AxInstSV - ok 08:43:09.0616 5736 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 08:43:09.0715 5736 b06bdrv - ok 08:43:09.0770 5736 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 08:43:09.0820 5736 b57nd60a - ok 08:43:09.0921 5736 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys 08:43:09.0984 5736 BCM43XX - ok 08:43:10.0480 5736 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 08:43:10.0564 5736 BDESVC - ok 08:43:10.0817 5736 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 08:43:10.0896 5736 Beep - ok 08:43:10.0976 5736 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 08:43:11.0047 5736 BFE - ok 08:43:11.0715 5736 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys 08:43:11.0754 5736 BHDrvx64 - ok 08:43:12.0661 5736 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 08:43:12.0817 5736 BITS - ok 08:43:12.0905 5736 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 08:43:12.0960 5736 blbdrive - ok 08:43:13.0016 5736 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 08:43:13.0060 5736 bowser - ok 08:43:13.0088 5736 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 08:43:13.0144 5736 BrFiltLo - ok 08:43:13.0157 5736 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 08:43:13.0179 5736 BrFiltUp - ok 08:43:13.0219 5736 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 08:43:13.0310 5736 Browser - ok 08:43:13.0357 5736 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 08:43:13.0430 5736 Brserid - ok 08:43:13.0457 5736 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 08:43:13.0510 5736 BrSerWdm - ok 08:43:13.0538 5736 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 08:43:13.0572 5736 BrUsbMdm - ok 08:43:13.0593 5736 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 08:43:13.0629 5736 BrUsbSer - ok 08:43:13.0661 5736 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 08:43:13.0721 5736 BTHMODEM - ok 08:43:13.0774 5736 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 08:43:13.0850 5736 bthserv - ok 08:43:13.0959 5736 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys 08:43:13.0977 5736 ccSet_NAV - ok 08:43:14.0015 5736 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 08:43:14.0083 5736 cdfs - ok 08:43:14.0139 5736 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 08:43:14.0185 5736 cdrom - ok 08:43:14.0229 5736 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:43:14.0300 5736 CertPropSvc - ok 08:43:14.0349 5736 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 08:43:14.0399 5736 circlass - ok 08:43:14.0517 5736 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 08:43:14.0569 5736 CLFS - ok 08:43:14.0679 5736 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:43:14.0696 5736 clr_optimization_v2.0.50727_32 - ok 08:43:14.0860 5736 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 08:43:14.0890 5736 clr_optimization_v2.0.50727_64 - ok 08:43:14.0972 5736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:43:14.0993 5736 clr_optimization_v4.0.30319_32 - ok 08:43:15.0017 5736 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 08:43:15.0041 5736 clr_optimization_v4.0.30319_64 - ok 08:43:15.0058 5736 clwvd - ok 08:43:15.0087 5736 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 08:43:15.0124 5736 CmBatt - ok 08:43:15.0155 5736 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 08:43:15.0173 5736 cmdide - ok 08:43:15.0220 5736 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 08:43:15.0273 5736 CNG - ok 08:43:15.0342 5736 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 08:43:15.0359 5736 Compbatt - ok 08:43:15.0433 5736 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 08:43:15.0496 5736 CompositeBus - ok 08:43:15.0515 5736 COMSysApp - ok 08:43:15.0535 5736 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 08:43:15.0555 5736 crcdisk - ok 08:43:15.0599 5736 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 08:43:15.0661 5736 CryptSvc - ok 08:43:16.0393 5736 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 08:43:16.0427 5736 cvhsvc - ok 08:43:16.0496 5736 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:43:16.0564 5736 DcomLaunch - ok 08:43:16.0609 5736 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 08:43:16.0736 5736 defragsvc - ok 08:43:16.0865 5736 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 08:43:16.0935 5736 DfsC - ok 08:43:16.0991 5736 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 08:43:17.0063 5736 Dhcp - ok 08:43:17.0117 5736 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 08:43:17.0192 5736 discache - ok 08:43:17.0232 5736 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 08:43:17.0266 5736 Disk - ok 08:43:17.0305 5736 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 08:43:17.0351 5736 Dnscache - ok 08:43:17.0541 5736 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 08:43:17.0633 5736 dot3svc - ok 08:43:17.0711 5736 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 08:43:17.0780 5736 DPS - ok 08:43:17.0819 5736 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 08:43:17.0858 5736 drmkaud - ok 08:43:18.0157 5736 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 08:43:18.0248 5736 DXGKrnl - ok 08:43:18.0363 5736 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 08:43:18.0448 5736 EapHost - ok 08:43:19.0324 5736 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 08:43:19.0456 5736 ebdrv - ok 08:43:19.0670 5736 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 08:43:19.0698 5736 eeCtrl - ok 08:43:20.0113 5736 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 08:43:20.0177 5736 EFS - ok 08:43:20.0480 5736 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 08:43:20.0594 5736 ehRecvr - ok 08:43:20.0641 5736 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 08:43:20.0717 5736 ehSched - ok 08:43:20.0843 5736 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 08:43:20.0872 5736 elxstor - ok 08:43:21.0093 5736 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 08:43:21.0133 5736 EraserUtilRebootDrv - ok 08:43:21.0177 5736 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 08:43:21.0240 5736 ErrDev - ok 08:43:21.0316 5736 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 08:43:21.0387 5736 EventSystem - ok 08:43:21.0539 5736 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 08:43:21.0601 5736 exfat - ok 08:43:21.0632 5736 ezSharedSvc - ok 08:43:21.0688 5736 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 08:43:22.0041 5736 fastfat - ok 08:43:22.0310 5736 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 08:43:22.0441 5736 Fax - ok 08:43:22.0519 5736 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 08:43:22.0565 5736 fdc - ok 08:43:22.0613 5736 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 08:43:22.0679 5736 fdPHost - ok 08:43:22.0708 5736 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 08:43:22.0772 5736 FDResPub - ok 08:43:22.0840 5736 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 08:43:22.0869 5736 FileInfo - ok 08:43:22.0930 5736 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 08:43:23.0028 5736 Filetrace - ok 08:43:23.0089 5736 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 08:43:23.0113 5736 flpydisk - ok 08:43:23.0263 5736 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 08:43:23.0303 5736 FltMgr - ok 08:43:23.0656 5736 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 08:43:23.0750 5736 FontCache - ok 08:43:23.0898 5736 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:43:23.0912 5736 FontCache3.0.0.0 - ok 08:43:24.0053 5736 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 08:43:24.0070 5736 FsDepends - ok 08:43:24.0115 5736 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 08:43:24.0134 5736 Fs_Rec - ok 08:43:24.0160 5736 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 08:43:24.0187 5736 fvevol - ok 08:43:24.0210 5736 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 08:43:24.0244 5736 gagp30kx - ok 08:43:24.0283 5736 GamesAppService - ok 08:43:24.0629 5736 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 08:43:24.0705 5736 gpsvc - ok 08:43:24.0820 5736 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 08:43:24.0836 5736 gupdate - ok 08:43:24.0842 5736 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 08:43:24.0857 5736 gupdatem - ok 08:43:24.0908 5736 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 08:43:24.0976 5736 hcw85cir - ok 08:43:25.0037 5736 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 08:43:25.0096 5736 HdAudAddService - ok 08:43:25.0129 5736 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 08:43:25.0171 5736 HDAudBus - ok 08:43:25.0204 5736 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 08:43:25.0234 5736 HidBatt - ok 08:43:25.0254 5736 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 08:43:25.0291 5736 HidBth - ok 08:43:25.0335 5736 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 08:43:25.0357 5736 HidIr - ok 08:43:25.0381 5736 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 08:43:25.0448 5736 hidserv - ok 08:43:25.0495 5736 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 08:43:25.0530 5736 HidUsb - ok 08:43:25.0569 5736 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 08:43:25.0657 5736 hkmsvc - ok 08:43:25.0728 5736 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 08:43:25.0816 5736 HomeGroupListener - ok 08:43:25.0958 5736 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 08:43:26.0025 5736 HomeGroupProvider - ok 08:43:26.0889 5736 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 08:43:26.0905 5736 HP Support Assistant Service - ok 08:43:27.0121 5736 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 08:43:27.0144 5736 HPClientSvc - ok 08:43:27.0406 5736 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe 08:43:27.0444 5736 hpCMSrv - ok 08:43:27.0537 5736 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 08:43:27.0556 5736 HPDrvMntSvc.exe - ok 08:43:27.0774 5736 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys 08:43:27.0822 5736 hpdskflt - ok 08:43:28.0165 5736 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 08:43:28.0205 5736 hpqwmiex - ok 08:43:28.0247 5736 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 08:43:28.0267 5736 HpSAMD - ok 08:43:28.0338 5736 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe 08:43:28.0363 5736 hpsrv - ok 08:43:28.0450 5736 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 08:43:28.0463 5736 HPWMISVC - ok 08:43:28.0679 5736 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 08:43:28.0764 5736 HTTP - ok 08:43:28.0807 5736 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 08:43:28.0823 5736 hwpolicy - ok 08:43:28.0895 5736 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 08:43:28.0925 5736 i8042prt - ok 08:43:28.0970 5736 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 08:43:29.0024 5736 iaStorV - ok 08:43:29.0663 5736 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 08:43:29.0784 5736 IconMan_R ( UnsignedFile.Multi.Generic ) - warning 08:43:29.0784 5736 IconMan_R - detected UnsignedFile.Multi.Generic (1) 08:43:29.0918 5736 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 08:43:29.0955 5736 idsvc - ok 08:43:30.0144 5736 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120602.001\IDSvia64.sys 08:43:30.0183 5736 IDSVia64 - ok 08:43:30.0295 5736 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 08:43:30.0329 5736 iirsp - ok 08:43:30.0459 5736 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 08:43:30.0560 5736 IKEEXT - ok 08:43:30.0600 5736 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 08:43:30.0621 5736 intelide - ok 08:43:30.0687 5736 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys 08:43:30.0727 5736 intelppm - ok 08:43:30.0759 5736 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 08:43:30.0831 5736 IPBusEnum - ok 08:43:30.0870 5736 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:43:30.0920 5736 IpFilterDriver - ok 08:43:30.0998 5736 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 08:43:31.0066 5736 iphlpsvc - ok 08:43:31.0132 5736 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 08:43:31.0174 5736 IPMIDRV - ok 08:43:31.0218 5736 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 08:43:31.0283 5736 IPNAT - ok 08:43:31.0321 5736 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 08:43:31.0345 5736 IRENUM - ok 08:43:31.0368 5736 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 08:43:31.0385 5736 isapnp - ok 08:43:31.0415 5736 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 08:43:31.0441 5736 iScsiPrt - ok 08:43:31.0460 5736 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 08:43:31.0478 5736 kbdclass - ok 08:43:31.0495 5736 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 08:43:31.0524 5736 kbdhid - ok 08:43:31.0564 5736 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:43:31.0581 5736 KeyIso - ok 08:43:31.0645 5736 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 08:43:31.0664 5736 KSecDD - ok 08:43:31.0741 5736 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 08:43:31.0787 5736 KSecPkg - ok 08:43:31.0813 5736 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 08:43:31.0889 5736 ksthunk - ok 08:43:31.0955 5736 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 08:43:32.0031 5736 KtmRm - ok 08:43:32.0108 5736 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 08:43:32.0224 5736 LanmanServer - ok 08:43:32.0260 5736 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 08:43:32.0327 5736 LanmanWorkstation - ok 08:43:32.0471 5736 Linksys_adapter_H (584528bf596a54b2bf6be5067adda44a) C:\Windows\system32\DRIVERS\AE2500w764.sys 08:43:32.0544 5736 Linksys_adapter_H - ok 08:43:32.0597 5736 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 08:43:32.0664 5736 lltdio - ok 08:43:32.0772 5736 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 08:43:32.0844 5736 lltdsvc - ok 08:43:32.0858 5736 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 08:43:32.0920 5736 lmhosts - ok 08:43:32.0955 5736 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 08:43:32.0974 5736 LSI_FC - ok 08:43:33.0001 5736 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 08:43:33.0021 5736 LSI_SAS - ok 08:43:33.0051 5736 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 08:43:33.0092 5736 LSI_SAS2 - ok 08:43:33.0122 5736 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 08:43:33.0144 5736 LSI_SCSI - ok 08:43:33.0196 5736 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 08:43:33.0259 5736 luafv - ok 08:43:33.0575 5736 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 08:43:33.0593 5736 MBAMProtector - ok 08:43:34.0019 5736 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 08:43:34.0071 5736 MBAMService - ok 08:43:34.0155 5736 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 08:43:34.0222 5736 Mcx2Svc - ok 08:43:34.0261 5736 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 08:43:34.0294 5736 megasas - ok 08:43:34.0335 5736 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 08:43:34.0477 5736 MegaSR - ok 08:43:34.0623 5736 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:43:34.0779 5736 MMCSS - ok 08:43:34.0820 5736 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 08:43:34.0900 5736 Modem - ok 08:43:34.0978 5736 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 08:43:35.0013 5736 monitor - ok 08:43:35.0069 5736 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 08:43:35.0097 5736 mouclass - ok 08:43:35.0227 5736 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 08:43:35.0291 5736 mouhid - ok 08:43:35.0340 5736 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 08:43:35.0359 5736 mountmgr - ok 08:43:35.0565 5736 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 08:43:35.0585 5736 mpio - ok 08:43:35.0630 5736 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 08:43:35.0699 5736 mpsdrv - ok 08:43:35.0855 5736 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 08:43:35.0949 5736 MpsSvc - ok 08:43:35.0987 5736 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 08:43:36.0040 5736 MRxDAV - ok 08:43:36.0078 5736 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:43:36.0122 5736 mrxsmb - ok 08:43:36.0157 5736 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:43:36.0185 5736 mrxsmb10 - ok 08:43:36.0211 5736 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:43:36.0231 5736 mrxsmb20 - ok 08:43:36.0248 5736 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 08:43:36.0266 5736 msahci - ok 08:43:36.0301 5736 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 08:43:36.0321 5736 msdsm - ok 08:43:36.0359 5736 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 08:43:36.0399 5736 MSDTC - ok 08:43:36.0425 5736 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 08:43:36.0483 5736 Msfs - ok 08:43:36.0495 5736 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 08:43:36.0561 5736 mshidkmdf - ok 08:43:36.0587 5736 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 08:43:36.0604 5736 msisadrv - ok 08:43:36.0655 5736 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 08:43:36.0747 5736 MSiSCSI - ok 08:43:36.0751 5736 msiserver - ok 08:43:36.0797 5736 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 08:43:36.0865 5736 MSKSSRV - ok 08:43:36.0889 5736 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 08:43:36.0970 5736 MSPCLOCK - ok 08:43:36.0974 5736 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 08:43:37.0043 5736 MSPQM - ok 08:43:37.0086 5736 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 08:43:37.0124 5736 MsRPC - ok 08:43:37.0157 5736 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 08:43:37.0174 5736 mssmbios - ok 08:43:37.0202 5736 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 08:43:37.0271 5736 MSTEE - ok 08:43:37.0293 5736 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 08:43:37.0325 5736 MTConfig - ok 08:43:37.0356 5736 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 08:43:37.0393 5736 Mup - ok 08:43:37.0436 5736 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 08:43:37.0515 5736 napagent - ok 08:43:37.0573 5736 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 08:43:37.0624 5736 NativeWifiP - ok 08:43:37.0934 5736 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe 08:43:37.0955 5736 NAV - ok 08:43:38.0188 5736 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120604.033\ENG64.SYS 08:43:38.0217 5736 NAVENG - ok 08:43:38.0645 5736 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120604.033\EX64.SYS 08:43:38.0789 5736 NAVEX15 - ok 08:43:39.0442 5736 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 08:43:39.0504 5736 NDIS - ok 08:43:39.0579 5736 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 08:43:39.0658 5736 NdisCap - ok 08:43:39.0690 5736 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 08:43:39.0740 5736 NdisTapi - ok 08:43:39.0759 5736 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 08:43:39.0825 5736 Ndisuio - ok 08:43:39.0901 5736 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 08:43:39.0980 5736 NdisWan - ok 08:43:40.0016 5736 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 08:43:40.0086 5736 NDProxy - ok 08:43:40.0130 5736 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 08:43:40.0200 5736 NetBIOS - ok 08:43:40.0400 5736 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 08:43:40.0469 5736 NetBT - ok 08:43:40.0556 5736 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:43:40.0575 5736 Netlogon - ok 08:43:40.0655 5736 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 08:43:40.0734 5736 Netman - ok 08:43:40.0992 5736 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:43:41.0028 5736 NetMsmqActivator - ok 08:43:41.0073 5736 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:43:41.0091 5736 NetPipeActivator - ok 08:43:41.0825 5736 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 08:43:41.0925 5736 netprofm - ok 08:43:41.0930 5736 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:43:41.0946 5736 NetTcpActivator - ok 08:43:41.0952 5736 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:43:41.0969 5736 NetTcpPortSharing - ok 08:43:42.0065 5736 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 08:43:42.0095 5736 nfrd960 - ok 08:43:42.0163 5736 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 08:43:42.0248 5736 NlaSvc - ok 08:43:42.0322 5736 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 08:43:42.0373 5736 Npfs - ok 08:43:42.0413 5736 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 08:43:42.0513 5736 nsi - ok 08:43:42.0553 5736 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 08:43:42.0620 5736 nsiproxy - ok 08:43:43.0045 5736 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 08:43:43.0127 5736 Ntfs - ok 08:43:43.0286 5736 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 08:43:43.0339 5736 Null - ok 08:43:43.0389 5736 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 08:43:43.0433 5736 NVENETFD - ok 08:43:43.0489 5736 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 08:43:43.0510 5736 nvraid - ok 08:43:43.0538 5736 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 08:43:43.0572 5736 nvstor - ok 08:43:43.0644 5736 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 08:43:43.0690 5736 nv_agp - ok 08:43:43.0720 5736 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 08:43:43.0770 5736 ohci1394 - ok 08:43:43.0879 5736 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:43:43.0900 5736 ose - ok 08:43:44.0500 5736 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 08:43:44.0706 5736 osppsvc - ok 08:43:44.0894 5736 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:43:44.0965 5736 p2pimsvc - ok 08:43:45.0007 5736 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 08:43:45.0034 5736 p2psvc - ok 08:43:45.0098 5736 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 08:43:45.0123 5736 Parport - ok 08:43:45.0183 5736 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 08:43:45.0221 5736 partmgr - ok 08:43:45.0260 5736 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 08:43:45.0308 5736 PcaSvc - ok 08:43:45.0375 5736 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 08:43:45.0397 5736 pci - ok 08:43:45.0424 5736 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 08:43:45.0442 5736 pciide - ok 08:43:45.0494 5736 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 08:43:45.0527 5736 pcmcia - ok 08:43:45.0587 5736 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 08:43:45.0622 5736 pcw - ok 08:43:45.0781 5736 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 08:43:45.0886 5736 PEAUTH - ok 08:43:46.0039 5736 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 08:43:46.0089 5736 PerfHost - ok 08:43:46.0538 5736 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 08:43:46.0760 5736 pla - ok 08:43:46.0824 5736 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 08:43:46.0891 5736 PlugPlay - ok 08:43:46.0931 5736 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 08:43:46.0970 5736 PNRPAutoReg - ok 08:43:46.0999 5736 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:43:47.0034 5736 PNRPsvc - ok 08:43:47.0109 5736 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 08:43:47.0187 5736 PolicyAgent - ok 08:43:47.0243 5736 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 08:43:47.0330 5736 Power - ok 08:43:47.0416 5736 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 08:43:47.0486 5736 PptpMiniport - ok 08:43:47.0517 5736 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 08:43:47.0557 5736 Processor - ok 08:43:47.0609 5736 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 08:43:47.0687 5736 ProfSvc - ok 08:43:47.0769 5736 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:43:47.0788 5736 ProtectedStorage - ok 08:43:47.0827 5736 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 08:43:47.0893 5736 Psched - ok 08:43:48.0102 5736 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 08:43:48.0190 5736 ql2300 - ok 08:43:48.0329 5736 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 08:43:48.0350 5736 ql40xx - ok 08:43:48.0397 5736 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 08:43:48.0429 5736 QWAVE - ok 08:43:48.0487 5736 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 08:43:48.0554 5736 QWAVEdrv - ok 08:43:48.0573 5736 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 08:43:48.0641 5736 RasAcd - ok 08:43:48.0719 5736 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 08:43:48.0782 5736 RasAgileVpn - ok 08:43:48.0851 5736 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 08:43:48.0935 5736 RasAuto - ok 08:43:48.0979 5736 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:43:49.0064 5736 Rasl2tp - ok 08:43:49.0158 5736 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 08:43:49.0237 5736 RasMan - ok 08:43:49.0267 5736 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 08:43:49.0352 5736 RasPppoe - ok 08:43:49.0375 5736 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 08:43:49.0458 5736 RasSstp - ok 08:43:49.0508 5736 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 08:43:49.0583 5736 rdbss - ok 08:43:49.0614 5736 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 08:43:49.0649 5736 rdpbus - ok 08:43:49.0684 5736 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:43:49.0767 5736 RDPCDD - ok 08:43:49.0803 5736 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 08:43:49.0864 5736 RDPENCDD - ok 08:43:49.0929 5736 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 08:43:50.0006 5736 RDPREFMP - ok 08:43:50.0113 5736 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 08:43:50.0204 5736 RDPWD - ok 08:43:50.0239 5736 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 08:43:50.0262 5736 rdyboost - ok 08:43:50.0325 5736 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 08:43:50.0451 5736 RemoteAccess - ok 08:43:50.0507 5736 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 08:43:50.0598 5736 RemoteRegistry - ok 08:43:50.0643 5736 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 08:43:50.0724 5736 RpcEptMapper - ok 08:43:50.0748 5736 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 08:43:50.0794 5736 RpcLocator - ok 08:43:50.0903 5736 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:43:50.0965 5736 RpcSs - ok 08:43:51.0072 5736 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys 08:43:51.0099 5736 RSPCIESTOR - ok 08:43:51.0138 5736 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 08:43:51.0212 5736 rspndr - ok 08:43:51.0283 5736 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys 08:43:51.0316 5736 RTL8167 - ok 08:43:51.0699 5736 RTL8192Ce (177963a6eebaa9ef3b56a2dbe9d5d0fc) C:\Windows\system32\DRIVERS\rtl8192Ce.sys 08:43:51.0796 5736 RTL8192Ce - ok 08:43:51.0847 5736 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:43:51.0875 5736 SamSs - ok 08:43:51.0970 5736 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 08:43:51.0996 5736 sbp2port - ok 08:43:52.0507 5736 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 08:43:52.0621 5736 SCardSvr - ok 08:43:52.0769 5736 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 08:43:52.0861 5736 scfilter - ok 08:43:52.0996 5736 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 08:43:53.0102 5736 Schedule - ok 08:43:53.0155 5736 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:43:53.0227 5736 SCPolicySvc - ok 08:43:53.0269 5736 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys 08:43:53.0322 5736 sdbus - ok 08:43:53.0350 5736 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 08:43:53.0447 5736 SDRSVC - ok 08:43:53.0475 5736 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 08:43:53.0544 5736 secdrv - ok 08:43:53.0565 5736 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 08:43:53.0647 5736 seclogon - ok 08:43:53.0704 5736 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 08:43:53.0785 5736 SENS - ok 08:43:53.0820 5736 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 08:43:53.0876 5736 SensrSvc - ok 08:43:53.0906 5736 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 08:43:53.0956 5736 Serenum - ok 08:43:53.0988 5736 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 08:43:54.0027 5736 Serial - ok 08:43:54.0113 5736 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 08:43:54.0152 5736 sermouse - ok 08:43:54.0230 5736 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 08:43:54.0321 5736 SessionEnv - ok 08:43:54.0369 5736 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 08:43:54.0422 5736 sffdisk - ok 08:43:54.0452 5736 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 08:43:54.0540 5736 sffp_mmc - ok 08:43:54.0545 5736 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 08:43:54.0623 5736 sffp_sd - ok 08:43:54.0796 5736 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 08:43:54.0845 5736 sfloppy - ok 08:43:54.0954 5736 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 08:43:54.0998 5736 Sftfs - ok 08:43:55.0165 5736 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 08:43:55.0201 5736 sftlist - ok 08:43:55.0287 5736 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 08:43:55.0327 5736 Sftplay - ok 08:43:55.0342 5736 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 08:43:55.0370 5736 Sftredir - ok 08:43:55.0407 5736 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 08:43:55.0441 5736 Sftvol - ok 08:43:55.0463 5736 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 08:43:55.0487 5736 sftvsa - ok 08:43:55.0545 5736 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 08:43:55.0610 5736 SharedAccess - ok 08:43:55.0662 5736 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 08:43:55.0739 5736 ShellHWDetection - ok 08:43:55.0788 5736 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 08:43:55.0818 5736 SiSRaid2 - ok 08:43:55.0858 5736 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 08:43:55.0879 5736 SiSRaid4 - ok 08:43:55.0917 5736 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 08:43:56.0013 5736 Smb - ok 08:43:56.0121 5736 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 08:43:56.0180 5736 SNMPTRAP - ok 08:43:56.0233 5736 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 08:43:56.0263 5736 spldr - ok 08:43:56.0755 5736 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 08:43:56.0834 5736 Spooler - ok 08:43:57.0270 5736 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 08:43:57.0453 5736 sppsvc - ok 08:43:57.0643 5736 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 08:43:57.0699 5736 sppuinotify - ok 08:43:57.0893 5736 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NAVx64\1307010.005\SRTSP64.SYS 08:43:57.0928 5736 SRTSP - ok 08:43:57.0956 5736 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307010.005\SRTSPX64.SYS 08:43:57.0991 5736 SRTSPX - ok 08:43:58.0262 5736 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 08:43:58.0352 5736 srv - ok 08:43:58.0435 5736 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 08:43:58.0500 5736 srv2 - ok 08:43:58.0576 5736 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 08:43:58.0599 5736 SrvHsfHDA - ok 08:43:59.0059 5736 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 08:43:59.0184 5736 SrvHsfV92 - ok 08:43:59.0395 5736 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 08:43:59.0441 5736 SrvHsfWinac - ok 08:43:59.0472 5736 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 08:43:59.0495 5736 srvnet - ok 08:43:59.0526 5736 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 08:43:59.0612 5736 SSDPSRV - ok 08:43:59.0660 5736 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 08:43:59.0715 5736 SstpSvc - ok 08:43:59.0822 5736 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe 08:43:59.0851 5736 STacSV - ok 08:43:59.0889 5736 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 08:43:59.0906 5736 stexstor - ok 08:43:59.0979 5736 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys 08:44:00.0028 5736 STHDA - ok 08:44:00.0409 5736 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 08:44:00.0448 5736 stisvc - ok 08:44:00.0501 5736 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 08:44:00.0522 5736 swenum - ok 08:44:00.0577 5736 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 08:44:00.0665 5736 swprv - ok 08:44:00.0809 5736 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS 08:44:00.0852 5736 SymDS - ok 08:44:01.0006 5736 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS 08:44:01.0073 5736 SymEFA - ok 08:44:01.0127 5736 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 08:44:01.0156 5736 SymEvent - ok 08:44:01.0216 5736 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS 08:44:01.0249 5736 SymIRON - ok 08:44:01.0321 5736 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS 08:44:01.0360 5736 SymNetS - ok 08:44:01.0763 5736 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys 08:44:01.0861 5736 SynTP - ok 08:44:02.0422 5736 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 08:44:02.0539 5736 SysMain - ok 08:44:02.0754 5736 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 08:44:02.0854 5736 TabletInputService - ok 08:44:02.0959 5736 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 08:44:03.0049 5736 TapiSrv - ok 08:44:03.0124 5736 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 08:44:03.0192 5736 TBS - ok 08:44:03.0523 5736 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 08:44:03.0653 5736 Tcpip - ok 08:44:03.0967 5736 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 08:44:04.0041 5736 TCPIP6 - ok 08:44:04.0477 5736 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 08:44:04.0567 5736 tcpipreg - ok 08:44:04.0588 5736 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 08:44:04.0630 5736 TDPIPE - ok 08:44:04.0704 5736 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 08:44:04.0775 5736 TDTCP - ok 08:44:04.0838 5736 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 08:44:04.0926 5736 tdx - ok 08:44:04.0996 5736 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 08:44:05.0019 5736 TermDD - ok 08:44:05.0146 5736 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 08:44:05.0277 5736 TermService - ok 08:44:05.0299 5736 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 08:44:05.0329 5736 Themes - ok 08:44:05.0358 5736 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:44:05.0413 5736 THREADORDER - ok 08:44:05.0445 5736 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 08:44:05.0521 5736 TrkWks - ok 08:44:05.0612 5736 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 08:44:05.0755 5736 TrustedInstaller - ok 08:44:05.0793 5736 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:44:05.0874 5736 tssecsrv - ok 08:44:05.0912 5736 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 08:44:05.0942 5736 TsUsbFlt - ok 08:44:05.0959 5736 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 08:44:06.0019 5736 TsUsbGD - ok 08:44:06.0718 5736 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 08:44:06.0818 5736 tunnel - ok 08:44:06.0992 5736 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 08:44:07.0011 5736 uagp35 - ok 08:44:07.0132 5736 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 08:44:07.0214 5736 udfs - ok 08:44:07.0327 5736 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 08:44:07.0351 5736 UI0Detect - ok 08:44:07.0448 5736 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 08:44:07.0504 5736 uliagpkx - ok 08:44:07.0565 5736 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 08:44:07.0601 5736 umbus - ok 08:44:07.0632 5736 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 08:44:07.0690 5736 UmPass - ok 08:44:07.0730 5736 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 08:44:07.0828 5736 upnphost - ok 08:44:07.0883 5736 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 08:44:07.0928 5736 usbccgp - ok 08:44:07.0962 5736 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 08:44:07.0990 5736 usbcir - ok 08:44:08.0010 5736 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 08:44:08.0042 5736 usbehci - ok 08:44:08.0247 5736 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys 08:44:08.0289 5736 usbfilter - ok 08:44:08.0348 5736 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 08:44:08.0444 5736 usbhub - ok 08:44:08.0514 5736 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 08:44:08.0563 5736 usbohci - ok 08:44:08.0614 5736 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 08:44:08.0676 5736 usbprint - ok 08:44:08.0809 5736 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 08:44:08.0865 5736 usbscan - ok 08:44:08.0912 5736 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:44:08.0987 5736 USBSTOR - ok 08:44:09.0020 5736 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 08:44:09.0058 5736 usbuhci - ok 08:44:09.0111 5736 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 08:44:09.0142 5736 usbvideo - ok 08:44:09.0170 5736 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 08:44:09.0260 5736 UxSms - ok 08:44:09.0300 5736 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:44:09.0320 5736 VaultSvc - ok 08:44:09.0394 5736 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 08:44:09.0422 5736 vdrvroot - ok 08:44:09.0609 5736 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 08:44:09.0702 5736 vds - ok 08:44:09.0762 5736 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 08:44:09.0796 5736 vga - ok 08:44:09.0858 5736 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 08:44:09.0949 5736 VgaSave - ok 08:44:09.0981 5736 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 08:44:10.0005 5736 vhdmp - ok 08:44:10.0019 5736 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 08:44:10.0037 5736 viaide - ok 08:44:10.0080 5736 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 08:44:10.0134 5736 volmgr - ok 08:44:10.0186 5736 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 08:44:10.0214 5736 volmgrx - ok 08:44:10.0269 5736 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 08:44:10.0293 5736 volsnap - ok 08:44:10.0348 5736 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 08:44:10.0410 5736 vsmraid - ok 08:44:10.0576 5736 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 08:44:10.0678 5736 VSS - ok 08:44:10.0900 5736 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 08:44:10.0954 5736 vwifibus - ok 08:44:10.0971 5736 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 08:44:11.0016 5736 vwififlt - ok 08:44:11.0054 5736 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 08:44:11.0079 5736 vwifimp - ok 08:44:11.0133 5736 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 08:44:11.0190 5736 W32Time - ok 08:44:11.0265 5736 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 08:44:11.0310 5736 WacomPen - ok 08:44:11.0362 5736 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:44:11.0441 5736 WANARP - ok 08:44:11.0445 5736 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:44:11.0496 5736 Wanarpv6 - ok 08:44:11.0718 5736 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 08:44:11.0790 5736 WatAdminSvc - ok 08:44:11.0975 5736 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 08:44:12.0272 5736 wbengine - ok 08:44:12.0527 5736 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 08:44:12.0559 5736 WbioSrvc - ok 08:44:12.0816 5736 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 08:44:12.0871 5736 wcncsvc - ok 08:44:12.0903 5736 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 08:44:12.0959 5736 WcsPlugInService - ok 08:44:13.0024 5736 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 08:44:13.0041 5736 Wd - ok 08:44:13.0090 5736 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 08:44:13.0131 5736 Wdf01000 - ok 08:44:13.0157 5736 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:44:13.0244 5736 WdiServiceHost - ok 08:44:13.0251 5736 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:44:13.0276 5736 WdiSystemHost - ok 08:44:13.0345 5736 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 08:44:13.0411 5736 WebClient - ok 08:44:13.0474 5736 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 08:44:13.0556 5736 Wecsvc - ok 08:44:13.0614 5736 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 08:44:13.0671 5736 wercplsupport - ok 08:44:13.0710 5736 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 08:44:13.0783 5736 WerSvc - ok 08:44:13.0854 5736 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 08:44:13.0924 5736 WfpLwf - ok 08:44:13.0946 5736 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 08:44:13.0964 5736 WIMMount - ok 08:44:13.0986 5736 WinDefend - ok 08:44:13.0999 5736 WinHttpAutoProxySvc - ok 08:44:14.0304 5736 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 08:44:14.0358 5736 Winmgmt - ok 08:44:14.0551 5736 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 08:44:14.0671 5736 WinRM - ok 08:44:14.0864 5736 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 08:44:14.0928 5736 Wlansvc - ok 08:44:15.0028 5736 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 08:44:15.0049 5736 wlcrasvc - ok 08:44:15.0341 5736 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 08:44:15.0443 5736 wlidsvc - ok 08:44:15.0582 5736 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 08:44:15.0618 5736 WmiAcpi - ok 08:44:15.0696 5736 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 08:44:15.0779 5736 wmiApSrv - ok 08:44:15.0813 5736 WMPNetworkSvc - ok 08:44:15.0846 5736 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 08:44:15.0893 5736 WPCSvc - ok 08:44:15.0927 5736 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 08:44:15.0953 5736 WPDBusEnum - ok 08:44:15.0992 5736 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 08:44:16.0047 5736 ws2ifsl - ok 08:44:16.0106 5736 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 08:44:16.0149 5736 wscsvc - ok 08:44:16.0153 5736 WSearch - ok 08:44:16.0312 5736 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 08:44:16.0440 5736 wuauserv - ok 08:44:16.0613 5736 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 08:44:16.0707 5736 WudfPf - ok 08:44:16.0772 5736 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:44:16.0841 5736 WUDFRd - ok 08:44:16.0875 5736 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 08:44:16.0926 5736 wudfsvc - ok 08:44:16.0958 5736 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 08:44:17.0021 5736 WwanSvc - ok 08:44:17.0341 5736 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 08:44:17.0376 5736 YahooAUService - ok 08:44:17.0444 5736 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0 08:44:17.0475 5736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 08:44:17.0475 5736 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 08:44:17.0577 5736 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 08:44:17.0577 5736 \Device\Harddisk0\DR0 - detected TDSS File System (1) 08:44:17.0623 5736 Boot (0x1200) (b5378ed36db579e7dbfbceb4c77e126d) \Device\Harddisk0\DR0\Partition0 08:44:17.0626 5736 \Device\Harddisk0\DR0\Partition0 - ok 08:44:17.0641 5736 Boot (0x1200) (daaf8b37463f767c79070f29f422f8dd) \Device\Harddisk0\DR0\Partition1 08:44:17.0666 5736 \Device\Harddisk0\DR0\Partition1 - ok 08:44:17.0708 5736 Boot (0x1200) (c49b3350f638022c8b4898712cf4adc9) \Device\Harddisk0\DR0\Partition2 08:44:17.0710 5736 \Device\Harddisk0\DR0\Partition2 - ok 08:44:17.0730 5736 Boot (0x1200) (72339e092699b51c22f36c5a603daeb9) \Device\Harddisk0\DR0\Partition3 08:44:17.0731 5736 \Device\Harddisk0\DR0\Partition3 - ok 08:44:17.0732 5736 ============================================================ 08:44:17.0732 5736 Scan finished 08:44:17.0732 5736 ============================================================ 08:44:17.0746 4112 Detected object count: 3 08:44:17.0746 4112 Actual detected object count: 3 08:44:47.0396 4112 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user 08:44:47.0396 4112 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:44:48.0856 4112 \Device\Harddisk0\DR0\# - copied to quarantine 08:44:48.0857 4112 \Device\Harddisk0\DR0 - copied to quarantine 08:44:48.0924 4112 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 08:44:48.0927 4112 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 08:44:48.0932 4112 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 08:44:48.0937 4112 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 08:44:48.0947 4112 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 08:44:48.0957 4112 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 08:44:48.0960 4112 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 08:44:48.0965 4112 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 08:44:48.0968 4112 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 08:44:48.0972 4112 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 08:44:48.0977 4112 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 08:44:48.0979 4112 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 08:44:49.0010 4112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 08:44:49.0011 4112 \Device\Harddisk0\DR0 - ok 08:44:51.0643 4112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 08:44:51.0644 4112 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 08:44:51.0644 4112 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 08:46:46.0960 6740 Deinitialize success
  7. i am trying to paste all the files into the message body. However, when I paste them into the message and click post I get a message that the post is being saved and then the web site does not respond. A message is displayed ' ..is not respondind due to long running script..' (the file size is 1.72 meg) I have attached a single file with all the log files included in this file as an interum to trying to get arounf my problem of not being able to post the log files inside this message. Is there something that I am doing wrong that the system will not save my post so I can get you the information that you hjave requested. 6-6-12 all files.txt
  8. MBR000/object [infectedObject] Type: MBR Name: \Device\Harddisk0\DR0 --------------------------------- mbr0000/tsk0000 [infectedFile] Type: Raw image --------------------------------------- mbr0000\tsk0001 [infectedFile] Type: Raw BB image ----------------------------------------- tdlsf0000/object [infectedObject] Verdict: TDSS File System Name: \Device\Harddisk0\DR0 ------------------------------------ tdlsf0000/tsk0000 [infectedFile] Name: ph.dll Size: 28672 File time: 2012/02/15 21:04:18.0685 ---------------------------------- tdlsf0000/tsk0001 [infectedFile] Name: phx.dll Size: 3072 File time: 2012/02/15 21:04:18.0685 --------------------------------------------- tdlsf0000/tsk0002 [infectedFile] Name: sub.dll Size: 8704 File time: 2012/02/15 21:04:18.0685 ---------------------------------- tdlsf0000/tsk0003 [infectedFile] Name: subx.dll Size: 10752 File time: 2012/02/15 21:04:18.0685 ------------------------------- tdlsf0000/tsk0004 [infectedFile] Name: phd Size: 30208 File time: 2012/02/15 21:04:18.0685 ---------------------------------- tdlsf/tsk005 [infectedFile] Name: phdx Size: 22016 File time: 2012/02/15 21:04:18.0685 -------------------------------- tdlsf/tsk0006 [infectedFile] Name: phs Size: 200 File time: 2012/02/15 21:04:18.0685 -------------------------- tdlsf/tsk0007 [infectedFile] Name: phdata Size: 232 File time: 2012/02/15 21:04:18.0685 ------------------------- tdlsf/tsk0008 [infectedFile] Name: phld Size: 1233 File time: 2012/02/15 21:04:18.0685 --------------------------------- tdlsf/tsk0009 [infectedFile] Name: phln Size: 3142 File time: 2012/02/15 21:04:18.0685 ---------------------------------- tdlsf/tsk0010 [infectedFile] Name: phlx Size: 3656 File time: 2012/02/15 21:04:18.0685 ----------------------------- tdlsf/tsk0011 [infectedFile] Name: phm Size: 512 File time: 2012/02/15 21:04:18.0685 ----------------------------------- object [infectedObject] Verdict: Rootkit.Boot.Pihar.b
  9. i have run the programs that you requested and attached the files that I could. The The tdsskiller quartine created multiple folders with multiple files in the folders and the system will not allow me to attach them. How can I get this data to you? The object file has the following data in it. [infectedObject] Verdict: Rootkit.Boot.Pihar.b Attach 6-6-12.txt DDS 6-6-12.txt mbam-log-2012-06-06 (08-51-34).txt
  10. Extra svchost.exe *32 is eating up memory (wirth a description of winrscmde). Additionally, when malwarebytes is turned on, the system is displaying messages that outgoing attempts to contact a web site were blocked (see log ). Also attached are logs from 'attach' , 'dds' and 'protection' I need help in getting rid of these problems. Attach.txt DDS.txt mbam-log-2012-06-04 (10-21-54).txt protection-log-2012-06-04.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.