jreilly
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by jreilly
-
-
kasperskey log...
Status: Detected (events: 2)
6/9/2012 11:29:05 AM Detected Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\06.06.2012_08.41.28\mbr0000\mbr0000\tsk0000.dta High
6/9/2012 11:29:06 AM Detected Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\06.06.2012_08.41.28\mbr0000\mbr0000\tsk0001.dta//mbr High
-
got it. log below
C:\ProgramData\Microsoft\Windows\DRM\4271.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\4282.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
-
I can get to the 'accept' screen. But, after that I do not get the active x scrren prompt. A popup box box (blank) comes up and just stays there. But, on a different computer, if I go thru the steps, the prompt to insat,l the active x is displayed. Something on the infected laptop , I believe, is stopping me from getting the active x promt. Do you have an ideaa?
-
combo fix log is below.....
ComboFix 12-06-08.01 - Joshua 06/08/2012 9:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2137 [GMT -4:00]
Running from: c:\users\Joshua\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-06 12:44 . 2012-06-06 12:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-04 13:35 . 2012-06-04 13:35 -------- d-----w- C:\AI_RecycleBin
2012-06-01 19:21 . 2012-06-01 19:21 -------- d-----w- c:\users\Joshua\AppData\Roaming\Malwarebytes
2012-06-01 19:21 . 2012-06-01 19:21 -------- d-----w- c:\programdata\Malwarebytes
2012-06-01 19:21 . 2012-06-01 19:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-01 19:21 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 14:54 . 2012-06-01 14:54 -------- d-----w- c:\users\Joshua\AppData\Local\Microsoft Help
2012-06-01 14:54 . 2012-06-01 15:14 -------- d-----w- c:\programdata\Microsoft Help
2012-06-01 14:43 . 2012-06-01 14:43 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-01 14:43 . 2012-06-01 14:43 -------- d-----w- c:\program files\Symantec
2012-06-01 14:43 . 2012-06-01 14:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-06-01 14:40 . 2012-06-01 14:40 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-01 14:40 . 2012-06-02 16:53 -------- d-----w- c:\windows\system32\drivers\NAVx64
2012-06-01 14:40 . 2012-06-01 14:40 -------- d-----w- c:\program files (x86)\Norton AntiVirus
2012-06-01 13:45 . 2012-06-01 13:45 -------- d-----w- c:\windows\Sun
2012-05-29 16:51 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-05-29 16:51 . 2009-03-09 19:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll
2012-05-19 15:03 . 2012-05-19 15:04 -------- d-----w- C:\34656fc724f5a86b07cc264c4d
2012-05-19 13:24 . 2012-05-19 13:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-19 13:22 . 2012-05-19 13:22 -------- d-----w- c:\program files (x86)\Oracle
2012-05-19 13:22 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-19 13:17 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-19 13:17 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-19 13:16 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-19 13:16 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-19 13:16 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-19 13:16 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-19 13:11 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-19 13:07 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-19 13:07 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-19 13:07 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 14:40 . 2011-11-04 23:16 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 257696]
R3 ALSysIO;ALSysIO;c:\users\Joshua\AppData\Local\Temp\ALSysIO64.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 136176]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [2012-05-18 1160824]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120606.001\IDSvia64.sys [2012-06-01 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-01 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 14:40]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 17:11]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 17:11]
.
2012-05-29 c:\windows\Tasks\HPCeeScheduleForJoshua.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-WTA-af879c04-a80e-448c-bfbd-f3e8d121e7db - c:\program files (x86)\WildGames\Exorcist 2\uninstall\uninstaller.exe
AddRemove-WTA-e9d25dd9-c3b1-4151-9add-06837c3422c6 - c:\program files (x86)\WildGames\FATE The Cursed King\uninstall\uninstaller.exe
AddRemove-WTA-ff65c495-afff-4d11-a19a-11aada624f8e - c:\program files (x86)\WildGames\Torchlight\uninstall\uninstaller.exe
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp - c:\program files (x86)\WildTangent Games\Touchpoints\hp\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-06-08 09:46:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-08 13:46
.
Pre-Run: 428,305,473,536 bytes free
Post-Run: 433,438,900,224 bytes free
.
- - End Of File - - 92CAD25930C99F4177DD0C27E3C9CDC3
-
tds log file---------------
08:41:28.0085 6752 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:41:28.0529 6752 ============================================================
08:41:28.0530 6752 Current date / time: 2012/06/06 08:41:28.0529
08:41:28.0530 6752 SystemInfo:
08:41:28.0530 6752
08:41:28.0530 6752 OS Version: 6.1.7601 ServicePack: 1.0
08:41:28.0530 6752 Product type: Workstation
08:41:28.0530 6752 ComputerName: JOSHUA-HP
08:41:28.0530 6752 UserName: Joshua
08:41:28.0530 6752 Windows directory: C:\Windows
08:41:28.0530 6752 System windows directory: C:\Windows
08:41:28.0530 6752 Running under WOW64
08:41:28.0530 6752 Processor architecture: Intel x64
08:41:28.0530 6752 Number of processors: 4
08:41:28.0530 6752 Page size: 0x1000
08:41:28.0530 6752 Boot type: Normal boot
08:41:28.0530 6752 ============================================================
08:41:29.0892 6752 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:41:29.0898 6752 ============================================================
08:41:29.0898 6752 \Device\Harddisk0\DR0:
08:41:29.0899 6752 MBR partitions:
08:41:29.0899 6752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
08:41:29.0899 6752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3861F800
08:41:29.0899 6752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38683800, BlocksNum 0x1CCE800
08:41:29.0899 6752 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
08:41:29.0899 6752 ============================================================
08:41:29.0986 6752 C: <-> \Device\Harddisk0\DR0\Partition1
08:41:30.0172 6752 D: <-> \Device\Harddisk0\DR0\Partition2
08:41:30.0172 6752 ============================================================
08:41:30.0172 6752 Initialize success
08:41:30.0172 6752 ============================================================
08:42:58.0880 5736 ============================================================
08:42:58.0880 5736 Scan started
08:42:58.0880 5736 Mode: Manual; SigCheck; TDLFS;
08:42:58.0880 5736 ============================================================
08:43:02.0683 5736 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:43:02.0932 5736 1394ohci - ok
08:43:02.0990 5736 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
08:43:03.0093 5736 Accelerometer - ok
08:43:03.0135 5736 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:43:03.0160 5736 ACPI - ok
08:43:03.0186 5736 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:43:03.0273 5736 AcpiPmi - ok
08:43:03.0445 5736 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:43:03.0491 5736 AdobeARMservice - ok
08:43:03.0660 5736 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:43:03.0678 5736 AdobeFlashPlayerUpdateSvc - ok
08:43:03.0913 5736 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:43:03.0979 5736 adp94xx - ok
08:43:04.0260 5736 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:43:04.0307 5736 adpahci - ok
08:43:04.0432 5736 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:43:04.0505 5736 adpu320 - ok
08:43:04.0557 5736 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:43:04.0690 5736 AeLookupSvc - ok
08:43:04.0800 5736 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
08:43:04.0880 5736 AESTFilters - ok
08:43:05.0011 5736 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:43:05.0139 5736 AFD - ok
08:43:05.0214 5736 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:43:05.0243 5736 agp440 - ok
08:43:05.0288 5736 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:43:05.0374 5736 ALG - ok
08:43:05.0422 5736 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:43:05.0454 5736 aliide - ok
08:43:05.0599 5736 ALSysIO - ok
08:43:05.0640 5736 AMD External Events Utility (5580856001f78fecef19202a60334e7e) C:\Windows\system32\atiesrxx.exe
08:43:05.0723 5736 AMD External Events Utility - ok
08:43:05.0788 5736 AMD FUEL Service - ok
08:43:05.0842 5736 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:43:05.0859 5736 amdide - ok
08:43:05.0923 5736 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
08:43:05.0939 5736 amdiox64 - ok
08:43:05.0998 5736 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:43:06.0044 5736 AmdK8 - ok
08:43:06.0996 5736 amdkmdag (69bc235b7983d67b8967ce634023ced1) C:\Windows\system32\DRIVERS\atikmdag.sys
08:43:07.0320 5736 amdkmdag - ok
08:43:07.0644 5736 amdkmdap (2a8496af669f282777f9e17d04d0aa22) C:\Windows\system32\DRIVERS\atikmpag.sys
08:43:07.0726 5736 amdkmdap - ok
08:43:07.0768 5736 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:43:07.0814 5736 AmdPPM - ok
08:43:07.0879 5736 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:43:07.0899 5736 amdsata - ok
08:43:07.0934 5736 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:43:07.0965 5736 amdsbs - ok
08:43:07.0981 5736 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:43:08.0000 5736 amdxata - ok
08:43:08.0025 5736 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys
08:43:08.0042 5736 amd_sata - ok
08:43:08.0110 5736 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys
08:43:08.0147 5736 amd_xata - ok
08:43:08.0222 5736 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:43:08.0420 5736 AppID - ok
08:43:08.0461 5736 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:43:08.0551 5736 AppIDSvc - ok
08:43:08.0604 5736 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:43:08.0699 5736 Appinfo - ok
08:43:08.0738 5736 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:43:08.0758 5736 arc - ok
08:43:08.0791 5736 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:43:08.0824 5736 arcsas - ok
08:43:08.0922 5736 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:43:08.0937 5736 aspnet_state - ok
08:43:08.0949 5736 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:43:09.0026 5736 AsyncMac - ok
08:43:09.0050 5736 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:43:09.0067 5736 atapi - ok
08:43:09.0151 5736 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
08:43:09.0169 5736 AtiHDAudioService - ok
08:43:09.0260 5736 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:43:09.0342 5736 AudioEndpointBuilder - ok
08:43:09.0352 5736 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:43:09.0411 5736 AudioSrv - ok
08:43:09.0461 5736 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:43:09.0545 5736 AxInstSV - ok
08:43:09.0616 5736 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:43:09.0715 5736 b06bdrv - ok
08:43:09.0770 5736 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:43:09.0820 5736 b57nd60a - ok
08:43:09.0921 5736 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:43:09.0984 5736 BCM43XX - ok
08:43:10.0480 5736 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:43:10.0564 5736 BDESVC - ok
08:43:10.0817 5736 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:43:10.0896 5736 Beep - ok
08:43:10.0976 5736 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:43:11.0047 5736 BFE - ok
08:43:11.0715 5736 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys
08:43:11.0754 5736 BHDrvx64 - ok
08:43:12.0661 5736 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:43:12.0817 5736 BITS - ok
08:43:12.0905 5736 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
08:43:12.0960 5736 blbdrive - ok
08:43:13.0016 5736 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:43:13.0060 5736 bowser - ok
08:43:13.0088 5736 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:43:13.0144 5736 BrFiltLo - ok
08:43:13.0157 5736 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:43:13.0179 5736 BrFiltUp - ok
08:43:13.0219 5736 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:43:13.0310 5736 Browser - ok
08:43:13.0357 5736 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:43:13.0430 5736 Brserid - ok
08:43:13.0457 5736 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:43:13.0510 5736 BrSerWdm - ok
08:43:13.0538 5736 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:43:13.0572 5736 BrUsbMdm - ok
08:43:13.0593 5736 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:43:13.0629 5736 BrUsbSer - ok
08:43:13.0661 5736 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:43:13.0721 5736 BTHMODEM - ok
08:43:13.0774 5736 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:43:13.0850 5736 bthserv - ok
08:43:13.0959 5736 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys
08:43:13.0977 5736 ccSet_NAV - ok
08:43:14.0015 5736 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:43:14.0083 5736 cdfs - ok
08:43:14.0139 5736 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:43:14.0185 5736 cdrom - ok
08:43:14.0229 5736 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:43:14.0300 5736 CertPropSvc - ok
08:43:14.0349 5736 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:43:14.0399 5736 circlass - ok
08:43:14.0517 5736 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:43:14.0569 5736 CLFS - ok
08:43:14.0679 5736 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:43:14.0696 5736 clr_optimization_v2.0.50727_32 - ok
08:43:14.0860 5736 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:43:14.0890 5736 clr_optimization_v2.0.50727_64 - ok
08:43:14.0972 5736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:43:14.0993 5736 clr_optimization_v4.0.30319_32 - ok
08:43:15.0017 5736 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:43:15.0041 5736 clr_optimization_v4.0.30319_64 - ok
08:43:15.0058 5736 clwvd - ok
08:43:15.0087 5736 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:43:15.0124 5736 CmBatt - ok
08:43:15.0155 5736 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:43:15.0173 5736 cmdide - ok
08:43:15.0220 5736 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:43:15.0273 5736 CNG - ok
08:43:15.0342 5736 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:43:15.0359 5736 Compbatt - ok
08:43:15.0433 5736 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:43:15.0496 5736 CompositeBus - ok
08:43:15.0515 5736 COMSysApp - ok
08:43:15.0535 5736 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:43:15.0555 5736 crcdisk - ok
08:43:15.0599 5736 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:43:15.0661 5736 CryptSvc - ok
08:43:16.0393 5736 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:43:16.0427 5736 cvhsvc - ok
08:43:16.0496 5736 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:43:16.0564 5736 DcomLaunch - ok
08:43:16.0609 5736 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:43:16.0736 5736 defragsvc - ok
08:43:16.0865 5736 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:43:16.0935 5736 DfsC - ok
08:43:16.0991 5736 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:43:17.0063 5736 Dhcp - ok
08:43:17.0117 5736 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:43:17.0192 5736 discache - ok
08:43:17.0232 5736 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:43:17.0266 5736 Disk - ok
08:43:17.0305 5736 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:43:17.0351 5736 Dnscache - ok
08:43:17.0541 5736 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:43:17.0633 5736 dot3svc - ok
08:43:17.0711 5736 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:43:17.0780 5736 DPS - ok
08:43:17.0819 5736 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:43:17.0858 5736 drmkaud - ok
08:43:18.0157 5736 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:43:18.0248 5736 DXGKrnl - ok
08:43:18.0363 5736 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:43:18.0448 5736 EapHost - ok
08:43:19.0324 5736 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:43:19.0456 5736 ebdrv - ok
08:43:19.0670 5736 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
08:43:19.0698 5736 eeCtrl - ok
08:43:20.0113 5736 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:43:20.0177 5736 EFS - ok
08:43:20.0480 5736 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:43:20.0594 5736 ehRecvr - ok
08:43:20.0641 5736 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:43:20.0717 5736 ehSched - ok
08:43:20.0843 5736 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:43:20.0872 5736 elxstor - ok
08:43:21.0093 5736 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:43:21.0133 5736 EraserUtilRebootDrv - ok
08:43:21.0177 5736 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:43:21.0240 5736 ErrDev - ok
08:43:21.0316 5736 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:43:21.0387 5736 EventSystem - ok
08:43:21.0539 5736 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:43:21.0601 5736 exfat - ok
08:43:21.0632 5736 ezSharedSvc - ok
08:43:21.0688 5736 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:43:22.0041 5736 fastfat - ok
08:43:22.0310 5736 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:43:22.0441 5736 Fax - ok
08:43:22.0519 5736 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:43:22.0565 5736 fdc - ok
08:43:22.0613 5736 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:43:22.0679 5736 fdPHost - ok
08:43:22.0708 5736 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:43:22.0772 5736 FDResPub - ok
08:43:22.0840 5736 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:43:22.0869 5736 FileInfo - ok
08:43:22.0930 5736 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:43:23.0028 5736 Filetrace - ok
08:43:23.0089 5736 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:43:23.0113 5736 flpydisk - ok
08:43:23.0263 5736 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:43:23.0303 5736 FltMgr - ok
08:43:23.0656 5736 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:43:23.0750 5736 FontCache - ok
08:43:23.0898 5736 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:43:23.0912 5736 FontCache3.0.0.0 - ok
08:43:24.0053 5736 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:43:24.0070 5736 FsDepends - ok
08:43:24.0115 5736 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:43:24.0134 5736 Fs_Rec - ok
08:43:24.0160 5736 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:43:24.0187 5736 fvevol - ok
08:43:24.0210 5736 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:43:24.0244 5736 gagp30kx - ok
08:43:24.0283 5736 GamesAppService - ok
08:43:24.0629 5736 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:43:24.0705 5736 gpsvc - ok
08:43:24.0820 5736 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:43:24.0836 5736 gupdate - ok
08:43:24.0842 5736 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:43:24.0857 5736 gupdatem - ok
08:43:24.0908 5736 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:43:24.0976 5736 hcw85cir - ok
08:43:25.0037 5736 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:43:25.0096 5736 HdAudAddService - ok
08:43:25.0129 5736 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:43:25.0171 5736 HDAudBus - ok
08:43:25.0204 5736 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:43:25.0234 5736 HidBatt - ok
08:43:25.0254 5736 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:43:25.0291 5736 HidBth - ok
08:43:25.0335 5736 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:43:25.0357 5736 HidIr - ok
08:43:25.0381 5736 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:43:25.0448 5736 hidserv - ok
08:43:25.0495 5736 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:43:25.0530 5736 HidUsb - ok
08:43:25.0569 5736 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:43:25.0657 5736 hkmsvc - ok
08:43:25.0728 5736 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:43:25.0816 5736 HomeGroupListener - ok
08:43:25.0958 5736 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:43:26.0025 5736 HomeGroupProvider - ok
08:43:26.0889 5736 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
08:43:26.0905 5736 HP Support Assistant Service - ok
08:43:27.0121 5736 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
08:43:27.0144 5736 HPClientSvc - ok
08:43:27.0406 5736 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
08:43:27.0444 5736 hpCMSrv - ok
08:43:27.0537 5736 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
08:43:27.0556 5736 HPDrvMntSvc.exe - ok
08:43:27.0774 5736 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
08:43:27.0822 5736 hpdskflt - ok
08:43:28.0165 5736 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
08:43:28.0205 5736 hpqwmiex - ok
08:43:28.0247 5736 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:43:28.0267 5736 HpSAMD - ok
08:43:28.0338 5736 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
08:43:28.0363 5736 hpsrv - ok
08:43:28.0450 5736 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
08:43:28.0463 5736 HPWMISVC - ok
08:43:28.0679 5736 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:43:28.0764 5736 HTTP - ok
08:43:28.0807 5736 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:43:28.0823 5736 hwpolicy - ok
08:43:28.0895 5736 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:43:28.0925 5736 i8042prt - ok
08:43:28.0970 5736 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:43:29.0024 5736 iaStorV - ok
08:43:29.0663 5736 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
08:43:29.0784 5736 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
08:43:29.0784 5736 IconMan_R - detected UnsignedFile.Multi.Generic (1)
08:43:29.0918 5736 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:43:29.0955 5736 idsvc - ok
08:43:30.0144 5736 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120602.001\IDSvia64.sys
08:43:30.0183 5736 IDSVia64 - ok
08:43:30.0295 5736 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:43:30.0329 5736 iirsp - ok
08:43:30.0459 5736 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:43:30.0560 5736 IKEEXT - ok
08:43:30.0600 5736 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:43:30.0621 5736 intelide - ok
08:43:30.0687 5736 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
08:43:30.0727 5736 intelppm - ok
08:43:30.0759 5736 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:43:30.0831 5736 IPBusEnum - ok
08:43:30.0870 5736 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:43:30.0920 5736 IpFilterDriver - ok
08:43:30.0998 5736 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:43:31.0066 5736 iphlpsvc - ok
08:43:31.0132 5736 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:43:31.0174 5736 IPMIDRV - ok
08:43:31.0218 5736 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:43:31.0283 5736 IPNAT - ok
08:43:31.0321 5736 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:43:31.0345 5736 IRENUM - ok
08:43:31.0368 5736 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:43:31.0385 5736 isapnp - ok
08:43:31.0415 5736 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:43:31.0441 5736 iScsiPrt - ok
08:43:31.0460 5736 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:43:31.0478 5736 kbdclass - ok
08:43:31.0495 5736 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:43:31.0524 5736 kbdhid - ok
08:43:31.0564 5736 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:31.0581 5736 KeyIso - ok
08:43:31.0645 5736 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:43:31.0664 5736 KSecDD - ok
08:43:31.0741 5736 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:43:31.0787 5736 KSecPkg - ok
08:43:31.0813 5736 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:43:31.0889 5736 ksthunk - ok
08:43:31.0955 5736 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:43:32.0031 5736 KtmRm - ok
08:43:32.0108 5736 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
08:43:32.0224 5736 LanmanServer - ok
08:43:32.0260 5736 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:43:32.0327 5736 LanmanWorkstation - ok
08:43:32.0471 5736 Linksys_adapter_H (584528bf596a54b2bf6be5067adda44a) C:\Windows\system32\DRIVERS\AE2500w764.sys
08:43:32.0544 5736 Linksys_adapter_H - ok
08:43:32.0597 5736 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:43:32.0664 5736 lltdio - ok
08:43:32.0772 5736 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:43:32.0844 5736 lltdsvc - ok
08:43:32.0858 5736 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:43:32.0920 5736 lmhosts - ok
08:43:32.0955 5736 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:43:32.0974 5736 LSI_FC - ok
08:43:33.0001 5736 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:43:33.0021 5736 LSI_SAS - ok
08:43:33.0051 5736 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:43:33.0092 5736 LSI_SAS2 - ok
08:43:33.0122 5736 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:43:33.0144 5736 LSI_SCSI - ok
08:43:33.0196 5736 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:43:33.0259 5736 luafv - ok
08:43:33.0575 5736 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
08:43:33.0593 5736 MBAMProtector - ok
08:43:34.0019 5736 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:43:34.0071 5736 MBAMService - ok
08:43:34.0155 5736 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:43:34.0222 5736 Mcx2Svc - ok
08:43:34.0261 5736 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:43:34.0294 5736 megasas - ok
08:43:34.0335 5736 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:43:34.0477 5736 MegaSR - ok
08:43:34.0623 5736 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:43:34.0779 5736 MMCSS - ok
08:43:34.0820 5736 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:43:34.0900 5736 Modem - ok
08:43:34.0978 5736 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:43:35.0013 5736 monitor - ok
08:43:35.0069 5736 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:43:35.0097 5736 mouclass - ok
08:43:35.0227 5736 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:43:35.0291 5736 mouhid - ok
08:43:35.0340 5736 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:43:35.0359 5736 mountmgr - ok
08:43:35.0565 5736 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:43:35.0585 5736 mpio - ok
08:43:35.0630 5736 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:43:35.0699 5736 mpsdrv - ok
08:43:35.0855 5736 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:43:35.0949 5736 MpsSvc - ok
08:43:35.0987 5736 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:43:36.0040 5736 MRxDAV - ok
08:43:36.0078 5736 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:43:36.0122 5736 mrxsmb - ok
08:43:36.0157 5736 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:43:36.0185 5736 mrxsmb10 - ok
08:43:36.0211 5736 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:43:36.0231 5736 mrxsmb20 - ok
08:43:36.0248 5736 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:43:36.0266 5736 msahci - ok
08:43:36.0301 5736 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:43:36.0321 5736 msdsm - ok
08:43:36.0359 5736 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:43:36.0399 5736 MSDTC - ok
08:43:36.0425 5736 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:43:36.0483 5736 Msfs - ok
08:43:36.0495 5736 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:43:36.0561 5736 mshidkmdf - ok
08:43:36.0587 5736 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:43:36.0604 5736 msisadrv - ok
08:43:36.0655 5736 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:43:36.0747 5736 MSiSCSI - ok
08:43:36.0751 5736 msiserver - ok
08:43:36.0797 5736 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:43:36.0865 5736 MSKSSRV - ok
08:43:36.0889 5736 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:43:36.0970 5736 MSPCLOCK - ok
08:43:36.0974 5736 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:43:37.0043 5736 MSPQM - ok
08:43:37.0086 5736 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:43:37.0124 5736 MsRPC - ok
08:43:37.0157 5736 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:43:37.0174 5736 mssmbios - ok
08:43:37.0202 5736 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:43:37.0271 5736 MSTEE - ok
08:43:37.0293 5736 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:43:37.0325 5736 MTConfig - ok
08:43:37.0356 5736 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:43:37.0393 5736 Mup - ok
08:43:37.0436 5736 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:43:37.0515 5736 napagent - ok
08:43:37.0573 5736 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:43:37.0624 5736 NativeWifiP - ok
08:43:37.0934 5736 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
08:43:37.0955 5736 NAV - ok
08:43:38.0188 5736 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120604.033\ENG64.SYS
08:43:38.0217 5736 NAVENG - ok
08:43:38.0645 5736 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120604.033\EX64.SYS
08:43:38.0789 5736 NAVEX15 - ok
08:43:39.0442 5736 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:43:39.0504 5736 NDIS - ok
08:43:39.0579 5736 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:43:39.0658 5736 NdisCap - ok
08:43:39.0690 5736 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:43:39.0740 5736 NdisTapi - ok
08:43:39.0759 5736 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:43:39.0825 5736 Ndisuio - ok
08:43:39.0901 5736 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:43:39.0980 5736 NdisWan - ok
08:43:40.0016 5736 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:43:40.0086 5736 NDProxy - ok
08:43:40.0130 5736 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:43:40.0200 5736 NetBIOS - ok
08:43:40.0400 5736 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:43:40.0469 5736 NetBT - ok
08:43:40.0556 5736 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:40.0575 5736 Netlogon - ok
08:43:40.0655 5736 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:43:40.0734 5736 Netman - ok
08:43:40.0992 5736 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:43:41.0028 5736 NetMsmqActivator - ok
08:43:41.0073 5736 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:43:41.0091 5736 NetPipeActivator - ok
08:43:41.0825 5736 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:43:41.0925 5736 netprofm - ok
08:43:41.0930 5736 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:43:41.0946 5736 NetTcpActivator - ok
08:43:41.0952 5736 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:43:41.0969 5736 NetTcpPortSharing - ok
08:43:42.0065 5736 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:43:42.0095 5736 nfrd960 - ok
08:43:42.0163 5736 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:43:42.0248 5736 NlaSvc - ok
08:43:42.0322 5736 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:43:42.0373 5736 Npfs - ok
08:43:42.0413 5736 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:43:42.0513 5736 nsi - ok
08:43:42.0553 5736 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:43:42.0620 5736 nsiproxy - ok
08:43:43.0045 5736 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:43:43.0127 5736 Ntfs - ok
08:43:43.0286 5736 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:43:43.0339 5736 Null - ok
08:43:43.0389 5736 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
08:43:43.0433 5736 NVENETFD - ok
08:43:43.0489 5736 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:43:43.0510 5736 nvraid - ok
08:43:43.0538 5736 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:43:43.0572 5736 nvstor - ok
08:43:43.0644 5736 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:43:43.0690 5736 nv_agp - ok
08:43:43.0720 5736 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:43:43.0770 5736 ohci1394 - ok
08:43:43.0879 5736 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:43:43.0900 5736 ose - ok
08:43:44.0500 5736 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:43:44.0706 5736 osppsvc - ok
08:43:44.0894 5736 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:43:44.0965 5736 p2pimsvc - ok
08:43:45.0007 5736 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:43:45.0034 5736 p2psvc - ok
08:43:45.0098 5736 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:43:45.0123 5736 Parport - ok
08:43:45.0183 5736 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:43:45.0221 5736 partmgr - ok
08:43:45.0260 5736 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:43:45.0308 5736 PcaSvc - ok
08:43:45.0375 5736 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:43:45.0397 5736 pci - ok
08:43:45.0424 5736 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:43:45.0442 5736 pciide - ok
08:43:45.0494 5736 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:43:45.0527 5736 pcmcia - ok
08:43:45.0587 5736 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:43:45.0622 5736 pcw - ok
08:43:45.0781 5736 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:43:45.0886 5736 PEAUTH - ok
08:43:46.0039 5736 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:43:46.0089 5736 PerfHost - ok
08:43:46.0538 5736 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:43:46.0760 5736 pla - ok
08:43:46.0824 5736 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:43:46.0891 5736 PlugPlay - ok
08:43:46.0931 5736 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:43:46.0970 5736 PNRPAutoReg - ok
08:43:46.0999 5736 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:43:47.0034 5736 PNRPsvc - ok
08:43:47.0109 5736 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:43:47.0187 5736 PolicyAgent - ok
08:43:47.0243 5736 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:43:47.0330 5736 Power - ok
08:43:47.0416 5736 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:43:47.0486 5736 PptpMiniport - ok
08:43:47.0517 5736 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:43:47.0557 5736 Processor - ok
08:43:47.0609 5736 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:43:47.0687 5736 ProfSvc - ok
08:43:47.0769 5736 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:47.0788 5736 ProtectedStorage - ok
08:43:47.0827 5736 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:43:47.0893 5736 Psched - ok
08:43:48.0102 5736 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:43:48.0190 5736 ql2300 - ok
08:43:48.0329 5736 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:43:48.0350 5736 ql40xx - ok
08:43:48.0397 5736 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:43:48.0429 5736 QWAVE - ok
08:43:48.0487 5736 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:43:48.0554 5736 QWAVEdrv - ok
08:43:48.0573 5736 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:43:48.0641 5736 RasAcd - ok
08:43:48.0719 5736 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:43:48.0782 5736 RasAgileVpn - ok
08:43:48.0851 5736 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:43:48.0935 5736 RasAuto - ok
08:43:48.0979 5736 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:43:49.0064 5736 Rasl2tp - ok
08:43:49.0158 5736 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:43:49.0237 5736 RasMan - ok
08:43:49.0267 5736 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:43:49.0352 5736 RasPppoe - ok
08:43:49.0375 5736 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:43:49.0458 5736 RasSstp - ok
08:43:49.0508 5736 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:43:49.0583 5736 rdbss - ok
08:43:49.0614 5736 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
08:43:49.0649 5736 rdpbus - ok
08:43:49.0684 5736 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:43:49.0767 5736 RDPCDD - ok
08:43:49.0803 5736 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:43:49.0864 5736 RDPENCDD - ok
08:43:49.0929 5736 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:43:50.0006 5736 RDPREFMP - ok
08:43:50.0113 5736 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:43:50.0204 5736 RDPWD - ok
08:43:50.0239 5736 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:43:50.0262 5736 rdyboost - ok
08:43:50.0325 5736 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:43:50.0451 5736 RemoteAccess - ok
08:43:50.0507 5736 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:43:50.0598 5736 RemoteRegistry - ok
08:43:50.0643 5736 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:43:50.0724 5736 RpcEptMapper - ok
08:43:50.0748 5736 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:43:50.0794 5736 RpcLocator - ok
08:43:50.0903 5736 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:43:50.0965 5736 RpcSs - ok
08:43:51.0072 5736 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys
08:43:51.0099 5736 RSPCIESTOR - ok
08:43:51.0138 5736 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:43:51.0212 5736 rspndr - ok
08:43:51.0283 5736 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:43:51.0316 5736 RTL8167 - ok
08:43:51.0699 5736 RTL8192Ce (177963a6eebaa9ef3b56a2dbe9d5d0fc) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
08:43:51.0796 5736 RTL8192Ce - ok
08:43:51.0847 5736 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:51.0875 5736 SamSs - ok
08:43:51.0970 5736 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:43:51.0996 5736 sbp2port - ok
08:43:52.0507 5736 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:43:52.0621 5736 SCardSvr - ok
08:43:52.0769 5736 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:43:52.0861 5736 scfilter - ok
08:43:52.0996 5736 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:43:53.0102 5736 Schedule - ok
08:43:53.0155 5736 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:43:53.0227 5736 SCPolicySvc - ok
08:43:53.0269 5736 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
08:43:53.0322 5736 sdbus - ok
08:43:53.0350 5736 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:43:53.0447 5736 SDRSVC - ok
08:43:53.0475 5736 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:43:53.0544 5736 secdrv - ok
08:43:53.0565 5736 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:43:53.0647 5736 seclogon - ok
08:43:53.0704 5736 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:43:53.0785 5736 SENS - ok
08:43:53.0820 5736 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:43:53.0876 5736 SensrSvc - ok
08:43:53.0906 5736 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:43:53.0956 5736 Serenum - ok
08:43:53.0988 5736 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:43:54.0027 5736 Serial - ok
08:43:54.0113 5736 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:43:54.0152 5736 sermouse - ok
08:43:54.0230 5736 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:43:54.0321 5736 SessionEnv - ok
08:43:54.0369 5736 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:43:54.0422 5736 sffdisk - ok
08:43:54.0452 5736 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:43:54.0540 5736 sffp_mmc - ok
08:43:54.0545 5736 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:43:54.0623 5736 sffp_sd - ok
08:43:54.0796 5736 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:43:54.0845 5736 sfloppy - ok
08:43:54.0954 5736 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
08:43:54.0998 5736 Sftfs - ok
08:43:55.0165 5736 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
08:43:55.0201 5736 sftlist - ok
08:43:55.0287 5736 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
08:43:55.0327 5736 Sftplay - ok
08:43:55.0342 5736 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
08:43:55.0370 5736 Sftredir - ok
08:43:55.0407 5736 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
08:43:55.0441 5736 Sftvol - ok
08:43:55.0463 5736 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
08:43:55.0487 5736 sftvsa - ok
08:43:55.0545 5736 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:43:55.0610 5736 SharedAccess - ok
08:43:55.0662 5736 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:43:55.0739 5736 ShellHWDetection - ok
08:43:55.0788 5736 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:43:55.0818 5736 SiSRaid2 - ok
08:43:55.0858 5736 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:43:55.0879 5736 SiSRaid4 - ok
08:43:55.0917 5736 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:43:56.0013 5736 Smb - ok
08:43:56.0121 5736 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:43:56.0180 5736 SNMPTRAP - ok
08:43:56.0233 5736 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:43:56.0263 5736 spldr - ok
08:43:56.0755 5736 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:43:56.0834 5736 Spooler - ok
08:43:57.0270 5736 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:43:57.0453 5736 sppsvc - ok
08:43:57.0643 5736 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:43:57.0699 5736 sppuinotify - ok
08:43:57.0893 5736 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NAVx64\1307010.005\SRTSP64.SYS
08:43:57.0928 5736 SRTSP - ok
08:43:57.0956 5736 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307010.005\SRTSPX64.SYS
08:43:57.0991 5736 SRTSPX - ok
08:43:58.0262 5736 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:43:58.0352 5736 srv - ok
08:43:58.0435 5736 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:43:58.0500 5736 srv2 - ok
08:43:58.0576 5736 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:43:58.0599 5736 SrvHsfHDA - ok
08:43:59.0059 5736 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
08:43:59.0184 5736 SrvHsfV92 - ok
08:43:59.0395 5736 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
08:43:59.0441 5736 SrvHsfWinac - ok
08:43:59.0472 5736 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:43:59.0495 5736 srvnet - ok
08:43:59.0526 5736 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:43:59.0612 5736 SSDPSRV - ok
08:43:59.0660 5736 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:43:59.0715 5736 SstpSvc - ok
08:43:59.0822 5736 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe
08:43:59.0851 5736 STacSV - ok
08:43:59.0889 5736 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:43:59.0906 5736 stexstor - ok
08:43:59.0979 5736 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys
08:44:00.0028 5736 STHDA - ok
08:44:00.0409 5736 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:44:00.0448 5736 stisvc - ok
08:44:00.0501 5736 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:44:00.0522 5736 swenum - ok
08:44:00.0577 5736 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:44:00.0665 5736 swprv - ok
08:44:00.0809 5736 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS
08:44:00.0852 5736 SymDS - ok
08:44:01.0006 5736 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS
08:44:01.0073 5736 SymEFA - ok
08:44:01.0127 5736 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
08:44:01.0156 5736 SymEvent - ok
08:44:01.0216 5736 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS
08:44:01.0249 5736 SymIRON - ok
08:44:01.0321 5736 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS
08:44:01.0360 5736 SymNetS - ok
08:44:01.0763 5736 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
08:44:01.0861 5736 SynTP - ok
08:44:02.0422 5736 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:44:02.0539 5736 SysMain - ok
08:44:02.0754 5736 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:44:02.0854 5736 TabletInputService - ok
08:44:02.0959 5736 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:44:03.0049 5736 TapiSrv - ok
08:44:03.0124 5736 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:44:03.0192 5736 TBS - ok
08:44:03.0523 5736 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:44:03.0653 5736 Tcpip - ok
08:44:03.0967 5736 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:44:04.0041 5736 TCPIP6 - ok
08:44:04.0477 5736 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:44:04.0567 5736 tcpipreg - ok
08:44:04.0588 5736 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:44:04.0630 5736 TDPIPE - ok
08:44:04.0704 5736 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:44:04.0775 5736 TDTCP - ok
08:44:04.0838 5736 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:44:04.0926 5736 tdx - ok
08:44:04.0996 5736 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:44:05.0019 5736 TermDD - ok
08:44:05.0146 5736 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:44:05.0277 5736 TermService - ok
08:44:05.0299 5736 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:44:05.0329 5736 Themes - ok
08:44:05.0358 5736 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:44:05.0413 5736 THREADORDER - ok
08:44:05.0445 5736 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:44:05.0521 5736 TrkWks - ok
08:44:05.0612 5736 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:44:05.0755 5736 TrustedInstaller - ok
08:44:05.0793 5736 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:44:05.0874 5736 tssecsrv - ok
08:44:05.0912 5736 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:44:05.0942 5736 TsUsbFlt - ok
08:44:05.0959 5736 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:44:06.0019 5736 TsUsbGD - ok
08:44:06.0718 5736 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:44:06.0818 5736 tunnel - ok
08:44:06.0992 5736 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:44:07.0011 5736 uagp35 - ok
08:44:07.0132 5736 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:44:07.0214 5736 udfs - ok
08:44:07.0327 5736 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:44:07.0351 5736 UI0Detect - ok
08:44:07.0448 5736 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:44:07.0504 5736 uliagpkx - ok
08:44:07.0565 5736 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:44:07.0601 5736 umbus - ok
08:44:07.0632 5736 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:44:07.0690 5736 UmPass - ok
08:44:07.0730 5736 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:44:07.0828 5736 upnphost - ok
08:44:07.0883 5736 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:44:07.0928 5736 usbccgp - ok
08:44:07.0962 5736 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:44:07.0990 5736 usbcir - ok
08:44:08.0010 5736 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:44:08.0042 5736 usbehci - ok
08:44:08.0247 5736 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys
08:44:08.0289 5736 usbfilter - ok
08:44:08.0348 5736 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:44:08.0444 5736 usbhub - ok
08:44:08.0514 5736 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:44:08.0563 5736 usbohci - ok
08:44:08.0614 5736 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
08:44:08.0676 5736 usbprint - ok
08:44:08.0809 5736 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:44:08.0865 5736 usbscan - ok
08:44:08.0912 5736 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:44:08.0987 5736 USBSTOR - ok
08:44:09.0020 5736 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:44:09.0058 5736 usbuhci - ok
08:44:09.0111 5736 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
08:44:09.0142 5736 usbvideo - ok
08:44:09.0170 5736 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:44:09.0260 5736 UxSms - ok
08:44:09.0300 5736 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:44:09.0320 5736 VaultSvc - ok
08:44:09.0394 5736 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:44:09.0422 5736 vdrvroot - ok
08:44:09.0609 5736 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:44:09.0702 5736 vds - ok
08:44:09.0762 5736 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:44:09.0796 5736 vga - ok
08:44:09.0858 5736 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:44:09.0949 5736 VgaSave - ok
08:44:09.0981 5736 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:44:10.0005 5736 vhdmp - ok
08:44:10.0019 5736 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:44:10.0037 5736 viaide - ok
08:44:10.0080 5736 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:44:10.0134 5736 volmgr - ok
08:44:10.0186 5736 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:44:10.0214 5736 volmgrx - ok
08:44:10.0269 5736 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:44:10.0293 5736 volsnap - ok
08:44:10.0348 5736 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:44:10.0410 5736 vsmraid - ok
08:44:10.0576 5736 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:44:10.0678 5736 VSS - ok
08:44:10.0900 5736 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:44:10.0954 5736 vwifibus - ok
08:44:10.0971 5736 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:44:11.0016 5736 vwififlt - ok
08:44:11.0054 5736 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:44:11.0079 5736 vwifimp - ok
08:44:11.0133 5736 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:44:11.0190 5736 W32Time - ok
08:44:11.0265 5736 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:44:11.0310 5736 WacomPen - ok
08:44:11.0362 5736 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:44:11.0441 5736 WANARP - ok
08:44:11.0445 5736 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:44:11.0496 5736 Wanarpv6 - ok
08:44:11.0718 5736 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:44:11.0790 5736 WatAdminSvc - ok
08:44:11.0975 5736 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:44:12.0272 5736 wbengine - ok
08:44:12.0527 5736 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:44:12.0559 5736 WbioSrvc - ok
08:44:12.0816 5736 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:44:12.0871 5736 wcncsvc - ok
08:44:12.0903 5736 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:44:12.0959 5736 WcsPlugInService - ok
08:44:13.0024 5736 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:44:13.0041 5736 Wd - ok
08:44:13.0090 5736 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:44:13.0131 5736 Wdf01000 - ok
08:44:13.0157 5736 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:44:13.0244 5736 WdiServiceHost - ok
08:44:13.0251 5736 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:44:13.0276 5736 WdiSystemHost - ok
08:44:13.0345 5736 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:44:13.0411 5736 WebClient - ok
08:44:13.0474 5736 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:44:13.0556 5736 Wecsvc - ok
08:44:13.0614 5736 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:44:13.0671 5736 wercplsupport - ok
08:44:13.0710 5736 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:44:13.0783 5736 WerSvc - ok
08:44:13.0854 5736 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:44:13.0924 5736 WfpLwf - ok
08:44:13.0946 5736 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:44:13.0964 5736 WIMMount - ok
08:44:13.0986 5736 WinDefend - ok
08:44:13.0999 5736 WinHttpAutoProxySvc - ok
08:44:14.0304 5736 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:44:14.0358 5736 Winmgmt - ok
08:44:14.0551 5736 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:44:14.0671 5736 WinRM - ok
08:44:14.0864 5736 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:44:14.0928 5736 Wlansvc - ok
08:44:15.0028 5736 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:44:15.0049 5736 wlcrasvc - ok
08:44:15.0341 5736 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:44:15.0443 5736 wlidsvc - ok
08:44:15.0582 5736 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:44:15.0618 5736 WmiAcpi - ok
08:44:15.0696 5736 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:44:15.0779 5736 wmiApSrv - ok
08:44:15.0813 5736 WMPNetworkSvc - ok
08:44:15.0846 5736 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:44:15.0893 5736 WPCSvc - ok
08:44:15.0927 5736 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:44:15.0953 5736 WPDBusEnum - ok
08:44:15.0992 5736 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:44:16.0047 5736 ws2ifsl - ok
08:44:16.0106 5736 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
08:44:16.0149 5736 wscsvc - ok
08:44:16.0153 5736 WSearch - ok
08:44:16.0312 5736 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:44:16.0440 5736 wuauserv - ok
08:44:16.0613 5736 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:44:16.0707 5736 WudfPf - ok
08:44:16.0772 5736 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:44:16.0841 5736 WUDFRd - ok
08:44:16.0875 5736 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:44:16.0926 5736 wudfsvc - ok
08:44:16.0958 5736 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:44:17.0021 5736 WwanSvc - ok
08:44:17.0341 5736 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:44:17.0376 5736 YahooAUService - ok
08:44:17.0444 5736 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
08:44:17.0475 5736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
08:44:17.0475 5736 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
08:44:17.0577 5736 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:44:17.0577 5736 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:44:17.0623 5736 Boot (0x1200) (b5378ed36db579e7dbfbceb4c77e126d) \Device\Harddisk0\DR0\Partition0
08:44:17.0626 5736 \Device\Harddisk0\DR0\Partition0 - ok
08:44:17.0641 5736 Boot (0x1200) (daaf8b37463f767c79070f29f422f8dd) \Device\Harddisk0\DR0\Partition1
08:44:17.0666 5736 \Device\Harddisk0\DR0\Partition1 - ok
08:44:17.0708 5736 Boot (0x1200) (c49b3350f638022c8b4898712cf4adc9) \Device\Harddisk0\DR0\Partition2
08:44:17.0710 5736 \Device\Harddisk0\DR0\Partition2 - ok
08:44:17.0730 5736 Boot (0x1200) (72339e092699b51c22f36c5a603daeb9) \Device\Harddisk0\DR0\Partition3
08:44:17.0731 5736 \Device\Harddisk0\DR0\Partition3 - ok
08:44:17.0732 5736 ============================================================
08:44:17.0732 5736 Scan finished
08:44:17.0732 5736 ============================================================
08:44:17.0746 4112 Detected object count: 3
08:44:17.0746 4112 Actual detected object count: 3
08:44:47.0396 4112 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
08:44:47.0396 4112 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:44:48.0856 4112 \Device\Harddisk0\DR0\# - copied to quarantine
08:44:48.0857 4112 \Device\Harddisk0\DR0 - copied to quarantine
08:44:48.0924 4112 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
08:44:48.0927 4112 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
08:44:48.0932 4112 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
08:44:48.0937 4112 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
08:44:48.0947 4112 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
08:44:48.0957 4112 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
08:44:48.0960 4112 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
08:44:48.0965 4112 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
08:44:48.0968 4112 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
08:44:48.0972 4112 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
08:44:48.0977 4112 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
08:44:48.0979 4112 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
08:44:49.0010 4112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
08:44:49.0011 4112 \Device\Harddisk0\DR0 - ok
08:44:51.0643 4112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
08:44:51.0644 4112 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:44:51.0644 4112 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:46:46.0960 6740 Deinitialize success
-
i am trying to paste all the files into the message body. However, when I paste them into the message and click post I get a message that the post is being saved and then the web site does not respond. A message is displayed ' ..is not respondind due to long running script..' (the file size is 1.72 meg)
I have attached a single file with all the log files included in this file as an interum to trying to get arounf my problem of not being able to post the log files inside this message.
Is there something that I am doing wrong that the system will not save my post so I can get you the information that you hjave requested.
-
MBR000/object
[infectedObject]
Type: MBR
Name: \Device\Harddisk0\DR0
---------------------------------
mbr0000/tsk0000
[infectedFile]
Type: Raw image
---------------------------------------
mbr0000\tsk0001
[infectedFile]
Type: Raw BB image
-----------------------------------------
tdlsf0000/object
[infectedObject]
Verdict: TDSS File System
Name: \Device\Harddisk0\DR0
------------------------------------
tdlsf0000/tsk0000
[infectedFile]
Name: ph.dll
Size: 28672
File time: 2012/02/15 21:04:18.0685
----------------------------------
tdlsf0000/tsk0001
[infectedFile]
Name: phx.dll
Size: 3072
File time: 2012/02/15 21:04:18.0685
---------------------------------------------
tdlsf0000/tsk0002
[infectedFile]
Name: sub.dll
Size: 8704
File time: 2012/02/15 21:04:18.0685
----------------------------------
tdlsf0000/tsk0003
[infectedFile]
Name: subx.dll
Size: 10752
File time: 2012/02/15 21:04:18.0685
-------------------------------
tdlsf0000/tsk0004
[infectedFile]
Name: phd
Size: 30208
File time: 2012/02/15 21:04:18.0685
----------------------------------
tdlsf/tsk005
[infectedFile]
Name: phdx
Size: 22016
File time: 2012/02/15 21:04:18.0685
--------------------------------
tdlsf/tsk0006
[infectedFile]
Name: phs
Size: 200
File time: 2012/02/15 21:04:18.0685
--------------------------
tdlsf/tsk0007
[infectedFile]
Name: phdata
Size: 232
File time: 2012/02/15 21:04:18.0685
-------------------------
tdlsf/tsk0008
[infectedFile]
Name: phld
Size: 1233
File time: 2012/02/15 21:04:18.0685
---------------------------------
tdlsf/tsk0009
[infectedFile]
Name: phln
Size: 3142
File time: 2012/02/15 21:04:18.0685
----------------------------------
tdlsf/tsk0010
[infectedFile]
Name: phlx
Size: 3656
File time: 2012/02/15 21:04:18.0685
-----------------------------
tdlsf/tsk0011
[infectedFile]
Name: phm
Size: 512
File time: 2012/02/15 21:04:18.0685
-----------------------------------
object
[infectedObject]
Verdict: Rootkit.Boot.Pihar.b
-
i have run the programs that you requested and attached the files that I could. The
The tdsskiller quartine created multiple folders with multiple files in the folders and the system will not allow me to attach them. How can I get this data to you?
The object file has the following data in it.
[infectedObject]
Verdict: Rootkit.Boot.Pihar.b
-
Extra svchost.exe *32 is eating up memory (wirth a description of winrscmde).
Additionally, when malwarebytes is turned on, the system is displaying messages that outgoing attempts to contact a web site were blocked (see log ). Also attached are logs from 'attach' , 'dds' and 'protection'
I need help in getting rid of these problems.
svchost (svchost.exe trojan.agent) cannot get ridd of it
in Resolved Malware Removal Logs
Posted
everything is working and I am no longer being redirected or sending outgoing messages. I want to thank you for ALL the effort that you applied to my post. It is with great appreciation and admiration that I bid you farewell.
YOUR THE GREAtEST!!!!!!!!!