svchost.exe infected with Trojan.agent?

[Kyani0]

I always have really bad luck with laptops and it seems this one wasn't spared. It had been blue screening upon waking out of sleep mode and after a few buddies of mine looked at it, they found that svchost.exe was infected with a trojan.agent. It's quaranteened with Malwarebytes, but with my luck.... To say the least, I want it gone. Help, please?

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

[Kyani0]

Thanks, LDtate. After posting, I wasn't sure all of what you guys needed and how to post things Again, thank you for the help!

[LDTate]

I doubt at this time your computer is clean.

Post a new MBAM scan result.

[Kyani0]

Stupid question, but do you want a full malwarebytes scan or just a quick scan?

[LDTate]

Quick should do it.

[Kyani0]

LDtate,

I believe this is what you need?

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.04.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Katelynn :: KATELYNN-HP [administrator]

Protection: Enabled

3/6/2012 10:14:03 PM

mbam-log-2012-03-06 (22-14-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 184553

Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 3528 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

[LDTate]

The infection is still there.

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[Kyani0]

Here is the log;

21:20:31.0918 6840 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39

21:20:32.0948 6840 ============================================================

21:20:32.0948 6840 Current date / time: 2012/03/07 21:20:32.0948

21:20:32.0948 6840 SystemInfo:

21:20:32.0948 6840

21:20:32.0948 6840 OS Version: 6.1.7601 ServicePack: 1.0

21:20:32.0948 6840 Product type: Workstation

21:20:32.0948 6840 ComputerName: KATELYNN-HP

21:20:32.0948 6840 UserName: Katelynn

21:20:32.0948 6840 Windows directory: C:\Windows

21:20:32.0948 6840 System windows directory: C:\Windows

21:20:32.0948 6840 Running under WOW64

21:20:32.0948 6840 Processor architecture: Intel x64

21:20:32.0948 6840 Number of processors: 4

21:20:32.0948 6840 Page size: 0x1000

21:20:32.0948 6840 Boot type: Normal boot

21:20:32.0948 6840 ============================================================

21:20:33.0681 6840 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:20:33.0697 6840 \Device\Harddisk0\DR0:

21:20:33.0697 6840 MBR used

21:20:33.0697 6840 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

21:20:33.0697 6840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48C02800

21:20:33.0697 6840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48C66800, BlocksNum 0x1BBD800

21:20:33.0697 6840 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0

21:20:33.0790 6840 Initialize success

21:20:33.0790 6840 ============================================================

21:20:49.0637 2800 ============================================================

21:20:49.0637 2800 Scan started

21:20:49.0637 2800 Mode: Manual; SigCheck; TDLFS;

21:20:49.0637 2800 ============================================================

21:20:55.0269 2800 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

21:20:55.0529 2800 1394ohci - ok

21:20:56.0259 2800 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys

21:20:56.0319 2800 Accelerometer - ok

21:20:56.0949 2800 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

21:20:56.0969 2800 ACPI - ok

21:20:57.0739 2800 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

21:20:57.0859 2800 AcpiPmi - ok

21:20:58.0550 2800 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

21:20:58.0580 2800 adp94xx - ok

21:20:59.0451 2800 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

21:20:59.0471 2800 adpahci - ok

21:21:00.0241 2800 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

21:21:00.0271 2800 adpu320 - ok

21:21:01.0141 2800 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

21:21:01.0261 2800 AFD - ok

21:21:01.0742 2800 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

21:21:01.0752 2800 agp440 - ok

21:21:02.0292 2800 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

21:21:02.0322 2800 aliide - ok

21:21:02.0932 2800 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

21:21:02.0942 2800 amdide - ok

21:21:03.0552 2800 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

21:21:03.0752 2800 AmdK8 - ok

21:21:04.0453 2800 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

21:21:04.0513 2800 AmdPPM - ok

21:21:05.0133 2800 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

21:21:05.0223 2800 amdsata - ok

21:21:06.0114 2800 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

21:21:06.0144 2800 amdsbs - ok

21:21:06.0664 2800 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

21:21:06.0714 2800 amdxata - ok

21:21:07.0384 2800 ApfiltrService (5f87e363f83e8a6f5606991c256f703a) C:\Windows\system32\DRIVERS\Apfiltr.sys

21:21:07.0404 2800 ApfiltrService - ok

21:21:08.0164 2800 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

21:21:08.0394 2800 AppID - ok

21:21:09.0004 2800 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

21:21:09.0024 2800 arc - ok

21:21:09.0524 2800 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

21:21:09.0534 2800 arcsas - ok

21:21:10.0474 2800 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

21:21:10.0934 2800 AsyncMac - ok

21:21:11.0545 2800 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

21:21:11.0555 2800 atapi - ok

21:21:13.0015 2800 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

21:21:13.0145 2800 b06bdrv - ok

21:21:13.0935 2800 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

21:21:13.0995 2800 b57nd60a - ok

21:21:15.0885 2800 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

21:21:15.0975 2800 BCM43XX - ok

21:21:17.0456 2800 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

21:21:17.0526 2800 Beep - ok

21:21:18.0386 2800 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120215.001\BHDrvx64.sys

21:21:18.0426 2800 BHDrvx64 - ok

21:21:19.0641 2800 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

21:21:19.0760 2800 blbdrive - ok

21:21:20.0512 2800 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

21:21:20.0644 2800 bowser - ok

21:21:21.0204 2800 bpenum (597fffac47605337b1c719b4975238f0) C:\Windows\system32\DRIVERS\bpenum.sys

21:21:21.0275 2800 bpenum - ok

21:21:22.0205 2800 bpmp (f66c6ad105ef5a899207f4907366e2e2) C:\Windows\system32\DRIVERS\bpmp.sys

21:21:22.0247 2800 bpmp - ok

21:21:22.0826 2800 bpusb (ae6751f004dfebe0a7548265ccf432ce) C:\Windows\system32\Drivers\bpusb.sys

21:21:22.0897 2800 bpusb - ok

21:21:24.0807 2800 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

21:21:24.0914 2800 BrFiltLo - ok

21:21:25.0830 2800 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

21:21:25.0849 2800 BrFiltUp - ok

21:21:26.0486 2800 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

21:21:26.0577 2800 Brserid - ok

21:21:28.0018 2800 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

21:21:28.0078 2800 BrSerWdm - ok

21:21:28.0785 2800 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:21:28.0817 2800 BrUsbMdm - ok

21:21:29.0483 2800 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

21:21:29.0524 2800 BrUsbSer - ok

21:21:30.0132 2800 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

21:21:30.0195 2800 BTHMODEM - ok

21:21:31.0012 2800 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

21:21:31.0131 2800 cdfs - ok

21:21:32.0850 2800 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

21:21:32.0920 2800 cdrom - ok

21:21:34.0051 2800 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

21:21:34.0136 2800 circlass - ok

21:21:34.0544 2800 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

21:21:34.0565 2800 CLFS - ok

21:21:35.0492 2800 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

21:21:35.0512 2800 clwvd - ok

21:21:36.0076 2800 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

21:21:36.0103 2800 CmBatt - ok

21:21:36.0687 2800 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

21:21:36.0707 2800 cmdide - ok

21:21:37.0395 2800 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

21:21:37.0420 2800 CNG - ok

21:21:38.0037 2800 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

21:21:38.0057 2800 Compbatt - ok

21:21:38.0707 2800 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

21:21:38.0737 2800 CompositeBus - ok

21:21:39.0417 2800 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

21:21:39.0447 2800 crcdisk - ok

21:21:40.0208 2800 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

21:21:40.0258 2800 DfsC - ok

21:21:40.0936 2800 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

21:21:40.0985 2800 discache - ok

21:21:42.0771 2800 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

21:21:42.0782 2800 Disk - ok

21:21:44.0688 2800 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

21:21:44.0772 2800 drmkaud - ok

21:21:45.0638 2800 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

21:21:45.0682 2800 DXGKrnl - ok

21:21:46.0554 2800 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

21:21:46.0787 2800 ebdrv - ok

21:21:47.0530 2800 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

21:21:47.0564 2800 eeCtrl - ok

21:21:48.0458 2800 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

21:21:48.0502 2800 elxstor - ok

21:21:48.0588 2800 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

21:21:48.0632 2800 EraserUtilRebootDrv - ok

21:21:49.0720 2800 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

21:21:49.0753 2800 ErrDev - ok

21:21:50.0534 2800 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

21:21:50.0601 2800 exfat - ok

21:21:52.0184 2800 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

21:21:52.0264 2800 fastfat - ok

21:21:52.0927 2800 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

21:21:53.0001 2800 fdc - ok

21:21:53.0608 2800 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

21:21:53.0618 2800 FileInfo - ok

21:21:54.0464 2800 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

21:21:54.0682 2800 Filetrace - ok

21:21:55.0542 2800 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

21:21:55.0572 2800 flpydisk - ok

21:21:56.0330 2800 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

21:21:56.0357 2800 FltMgr - ok

21:21:57.0038 2800 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

21:21:57.0048 2800 FsDepends - ok

21:21:57.0716 2800 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

21:21:57.0729 2800 Fs_Rec - ok

21:21:58.0299 2800 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

21:21:58.0318 2800 fvevol - ok

21:21:58.0916 2800 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

21:21:58.0928 2800 gagp30kx - ok

21:21:59.0570 2800 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:21:59.0587 2800 GEARAspiWDM - ok

21:22:00.0253 2800 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

21:22:00.0311 2800 hcw85cir - ok

21:22:00.0900 2800 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

21:22:00.0981 2800 HdAudAddService - ok

21:22:02.0135 2800 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:22:02.0182 2800 HDAudBus - ok

21:22:02.0898 2800 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

21:22:02.0973 2800 HidBatt - ok

21:22:04.0034 2800 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

21:22:04.0093 2800 HidBth - ok

21:22:04.0604 2800 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

21:22:04.0646 2800 HidIr - ok

21:22:05.0717 2800 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

21:22:05.0752 2800 HidUsb - ok

21:22:06.0382 2800 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys

21:22:06.0424 2800 hpdskflt - ok

21:22:07.0097 2800 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

21:22:07.0122 2800 HpSAMD - ok

21:22:08.0133 2800 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

21:22:08.0242 2800 HTTP - ok

21:22:08.0851 2800 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

21:22:08.0863 2800 hwpolicy - ok

21:22:10.0210 2800 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

21:22:10.0232 2800 i8042prt - ok

21:22:11.0618 2800 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys

21:22:11.0647 2800 iaStor - ok

21:22:12.0847 2800 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

21:22:12.0913 2800 iaStorV - ok

21:22:13.0889 2800 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120303.003\IDSvia64.sys

21:22:13.0919 2800 IDSVia64 - ok

21:22:16.0350 2800 igfx (78527e6a4d78b1153925914c55872beb) C:\Windows\system32\DRIVERS\igdkmd64.sys

21:22:16.0741 2800 igfx - ok

21:22:17.0761 2800 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

21:22:17.0771 2800 iirsp - ok

21:22:18.0481 2800 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

21:22:18.0528 2800 IntcDAud - ok

21:22:20.0021 2800 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

21:22:20.0031 2800 intelide - ok

21:22:20.0556 2800 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

21:22:20.0600 2800 intelppm - ok

21:22:22.0013 2800 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:22:22.0063 2800 IpFilterDriver - ok

21:22:22.0725 2800 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

21:22:22.0764 2800 IPMIDRV - ok

21:22:23.0426 2800 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

21:22:23.0504 2800 IPNAT - ok

21:22:24.0250 2800 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

21:22:24.0277 2800 IRENUM - ok

21:22:25.0061 2800 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

21:22:25.0080 2800 isapnp - ok

21:22:26.0058 2800 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

21:22:26.0103 2800 iScsiPrt - ok

21:22:26.0740 2800 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

21:22:26.0766 2800 kbdclass - ok

21:22:27.0574 2800 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

21:22:27.0615 2800 kbdhid - ok

21:22:28.0200 2800 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

21:22:28.0215 2800 KSecDD - ok

21:22:28.0983 2800 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

21:22:29.0020 2800 KSecPkg - ok

21:22:29.0687 2800 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

21:22:29.0749 2800 ksthunk - ok

21:22:30.0385 2800 L1C (6dd5383c9413aae3113faf89e345663d) C:\Windows\system32\DRIVERS\L1C62x64.sys

21:22:30.0395 2800 L1C - ok

21:22:31.0155 2800 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

21:22:31.0226 2800 lltdio - ok

21:22:31.0959 2800 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

21:22:31.0986 2800 LSI_FC - ok

21:22:32.0539 2800 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

21:22:32.0553 2800 LSI_SAS - ok

21:22:33.0832 2800 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

21:22:33.0843 2800 LSI_SAS2 - ok

21:22:34.0910 2800 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

21:22:34.0923 2800 LSI_SCSI - ok

21:22:35.0723 2800 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

21:22:35.0780 2800 luafv - ok

21:22:36.0429 2800 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

21:22:36.0442 2800 MBAMProtector - ok

21:22:37.0225 2800 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

21:22:37.0236 2800 megasas - ok

21:22:38.0049 2800 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

21:22:38.0070 2800 MegaSR - ok

21:22:38.0686 2800 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

21:22:38.0743 2800 MEIx64 - ok

21:22:39.0588 2800 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

21:22:39.0664 2800 Modem - ok

21:22:40.0245 2800 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

21:22:40.0289 2800 monitor - ok

21:22:40.0878 2800 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

21:22:40.0931 2800 mouclass - ok

21:22:41.0445 2800 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

21:22:41.0495 2800 mouhid - ok

21:22:42.0393 2800 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

21:22:42.0404 2800 mountmgr - ok

21:22:43.0009 2800 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

21:22:43.0022 2800 mpio - ok

21:22:43.0887 2800 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

21:22:43.0980 2800 mpsdrv - ok

21:22:44.0867 2800 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

21:22:44.0909 2800 MRxDAV - ok

21:22:45.0555 2800 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:22:45.0858 2800 mrxsmb - ok

21:22:46.0718 2800 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:22:46.0747 2800 mrxsmb10 - ok

21:22:47.0387 2800 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:22:47.0426 2800 mrxsmb20 - ok

21:22:48.0277 2800 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

21:22:48.0293 2800 msahci - ok

21:22:49.0726 2800 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

21:22:49.0740 2800 msdsm - ok

21:22:50.0611 2800 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

21:22:50.0658 2800 Msfs - ok

21:22:51.0914 2800 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

21:22:52.0046 2800 mshidkmdf - ok

21:22:52.0566 2800 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

21:22:52.0595 2800 msisadrv - ok

21:22:53.0589 2800 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

21:22:53.0673 2800 MSKSSRV - ok

21:22:54.0356 2800 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

21:22:54.0442 2800 MSPCLOCK - ok

21:22:55.0311 2800 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

21:22:55.0396 2800 MSPQM - ok

21:22:56.0365 2800 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

21:22:56.0382 2800 MsRPC - ok

21:22:57.0886 2800 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

21:22:57.0897 2800 mssmbios - ok

21:22:58.0464 2800 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

21:22:58.0524 2800 MSTEE - ok

21:22:59.0697 2800 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

21:22:59.0742 2800 MTConfig - ok

21:23:00.0635 2800 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

21:23:00.0647 2800 Mup - ok

21:23:01.0902 2800 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

21:23:01.0949 2800 NativeWifiP - ok

21:23:02.0179 2800 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120302.017\ENG64.SYS

21:23:02.0189 2800 NAVENG - ok

21:23:02.0620 2800 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120302.017\EX64.SYS

21:23:02.0670 2800 NAVEX15 - ok

21:23:04.0273 2800 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

21:23:04.0370 2800 NDIS - ok

21:23:05.0512 2800 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

21:23:05.0620 2800 NdisCap - ok

21:23:06.0779 2800 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

21:23:06.0858 2800 NdisTapi - ok

21:23:08.0246 2800 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

21:23:08.0322 2800 Ndisuio - ok

21:23:08.0908 2800 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

21:23:08.0964 2800 NdisWan - ok

21:23:10.0242 2800 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

21:23:10.0278 2800 NDProxy - ok

21:23:11.0229 2800 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

21:23:11.0302 2800 NetBIOS - ok

21:23:12.0028 2800 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

21:23:12.0070 2800 NetBT - ok

21:23:13.0269 2800 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys

21:23:13.0555 2800 NETwNs64 - ok

21:23:14.0570 2800 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

21:23:14.0581 2800 nfrd960 - ok

21:23:15.0915 2800 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

21:23:15.0985 2800 Npfs - ok

21:23:17.0515 2800 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

21:23:17.0579 2800 nsiproxy - ok

21:23:18.0406 2800 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

21:23:18.0477 2800 Ntfs - ok

21:23:19.0232 2800 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

21:23:19.0281 2800 Null - ok

21:23:19.0956 2800 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

21:23:20.0004 2800 NVENETFD - ok

21:23:20.0604 2800 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

21:23:20.0631 2800 nvraid - ok

21:23:21.0218 2800 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

21:23:21.0253 2800 nvstor - ok

21:23:21.0964 2800 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

21:23:21.0978 2800 nv_agp - ok

21:23:22.0669 2800 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

21:23:22.0692 2800 ohci1394 - ok

21:23:23.0477 2800 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

21:23:23.0493 2800 Parport - ok

21:23:24.0078 2800 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

21:23:24.0095 2800 partmgr - ok

21:23:24.0918 2800 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

21:23:24.0931 2800 pci - ok

21:23:25.0615 2800 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

21:23:25.0625 2800 pciide - ok

21:23:26.0224 2800 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

21:23:26.0240 2800 pcmcia - ok

21:23:26.0924 2800 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

21:23:26.0947 2800 pcw - ok

21:23:27.0622 2800 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

21:23:27.0676 2800 PEAUTH - ok

21:23:28.0263 2800 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

21:23:28.0303 2800 PptpMiniport - ok

21:23:29.0160 2800 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

21:23:29.0198 2800 Processor - ok

21:23:29.0873 2800 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

21:23:29.0928 2800 Psched - ok

21:23:30.0704 2800 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

21:23:30.0756 2800 ql2300 - ok

21:23:31.0345 2800 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

21:23:31.0365 2800 ql40xx - ok

21:23:32.0022 2800 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

21:23:32.0120 2800 QWAVEdrv - ok

21:23:32.0755 2800 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

21:23:32.0800 2800 RasAcd - ok

21:23:33.0480 2800 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

21:23:33.0554 2800 RasAgileVpn - ok

21:23:34.0247 2800 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:23:34.0317 2800 Rasl2tp - ok

21:23:34.0927 2800 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

21:23:35.0036 2800 RasPppoe - ok

21:23:36.0007 2800 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

21:23:36.0069 2800 RasSstp - ok

21:23:36.0585 2800 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

21:23:36.0655 2800 rdbss - ok

21:23:37.0415 2800 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

21:23:37.0475 2800 rdpbus - ok

21:23:38.0215 2800 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:23:38.0295 2800 RDPCDD - ok

21:23:39.0105 2800 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

21:23:39.0175 2800 RDPENCDD - ok

21:23:39.0915 2800 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

21:23:39.0955 2800 RDPREFMP - ok

21:23:40.0595 2800 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

21:23:40.0655 2800 RDPWD - ok

21:23:41.0565 2800 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

21:23:41.0575 2800 rdyboost - ok

21:23:42.0125 2800 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys

21:23:42.0145 2800 RSPCIESTOR - ok

21:23:42.0915 2800 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

21:23:43.0095 2800 rspndr - ok

21:23:44.0005 2800 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

21:23:44.0035 2800 sbp2port - ok

21:23:44.0685 2800 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

21:23:44.0835 2800 scfilter - ok

21:23:45.0516 2800 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

21:23:45.0607 2800 sdbus - ok

21:23:46.0227 2800 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

21:23:46.0329 2800 secdrv - ok

21:23:47.0152 2800 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

21:23:47.0206 2800 Serenum - ok

21:23:47.0774 2800 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

21:23:47.0831 2800 Serial - ok

21:23:48.0930 2800 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

21:23:48.0973 2800 sermouse - ok

21:23:50.0264 2800 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

21:23:50.0313 2800 sffdisk - ok

21:23:51.0009 2800 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

21:23:51.0083 2800 sffp_mmc - ok

21:23:51.0931 2800 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

21:23:51.0994 2800 sffp_sd - ok

21:23:52.0776 2800 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

21:23:52.0822 2800 sfloppy - ok

21:23:53.0411 2800 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

21:23:53.0434 2800 SiSRaid2 - ok

21:23:54.0169 2800 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

21:23:54.0187 2800 SiSRaid4 - ok

21:23:54.0884 2800 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

21:23:54.0979 2800 Smb - ok

21:23:55.0762 2800 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

21:23:55.0775 2800 spldr - ok

21:23:56.0801 2800 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NAVx64\1207000.00D\SRTSP64.SYS

21:23:56.0828 2800 SRTSP - ok

21:23:57.0986 2800 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NAVx64\1207000.00D\SRTSPX64.SYS

21:23:58.0068 2800 SRTSPX - ok

21:23:58.0949 2800 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

21:23:59.0249 2800 srv - ok

21:24:00.0276 2800 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

21:24:00.0317 2800 srv2 - ok

21:24:01.0434 2800 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

21:24:01.0471 2800 SrvHsfHDA - ok

21:24:02.0815 2800 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

21:24:02.0891 2800 SrvHsfV92 - ok

21:24:03.0620 2800 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

21:24:03.0648 2800 SrvHsfWinac - ok

21:24:05.0661 2800 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

21:24:05.0705 2800 srvnet - ok

21:24:06.0739 2800 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

21:24:06.0766 2800 stexstor - ok

21:24:08.0224 2800 STHDA (400ebac444d0622cb0f7fba23b234b82) C:\Windows\system32\DRIVERS\stwrt64.sys

21:24:08.0304 2800 STHDA - ok

21:24:09.0188 2800 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

21:24:09.0200 2800 swenum - ok

21:24:10.0145 2800 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NAVx64\1207000.00D\SYMDS64.SYS

21:24:10.0189 2800 SymDS - ok

21:24:11.0584 2800 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NAVx64\1207000.00D\SYMEFA64.SYS

21:24:11.0674 2800 SymEFA - ok

21:24:13.0156 2800 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

21:24:13.0171 2800 SymEvent - ok

21:24:14.0252 2800 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NAVx64\1207000.00D\Ironx64.SYS

21:24:14.0262 2800 SymIRON - ok

21:24:15.0101 2800 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NAVx64\1207000.00D\SYMNETS.SYS

21:24:15.0116 2800 SymNetS - ok

21:24:15.0841 2800 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

21:24:15.0995 2800 Tcpip - ok

21:24:16.0777 2800 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

21:24:16.0816 2800 TCPIP6 - ok

21:24:17.0901 2800 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

21:24:17.0952 2800 tcpipreg - ok

21:24:18.0568 2800 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

21:24:18.0628 2800 TDPIPE - ok

21:24:19.0135 2800 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

21:24:19.0214 2800 TDTCP - ok

21:24:19.0771 2800 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

21:24:19.0827 2800 tdx - ok

21:24:20.0508 2800 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

21:24:20.0530 2800 TermDD - ok

21:24:21.0341 2800 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:24:21.0449 2800 tssecsrv - ok

21:24:22.0072 2800 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

21:24:22.0141 2800 TsUsbFlt - ok

21:24:22.0617 2800 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

21:24:22.0659 2800 TsUsbGD - ok

21:24:23.0346 2800 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

21:24:23.0429 2800 tunnel - ok

21:24:24.0125 2800 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

21:24:24.0155 2800 uagp35 - ok

21:24:24.0714 2800 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

21:24:24.0784 2800 udfs - ok

21:24:25.0568 2800 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

21:24:25.0579 2800 uliagpkx - ok

21:24:26.0091 2800 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

21:24:26.0171 2800 umbus - ok

21:24:27.0357 2800 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

21:24:27.0400 2800 UmPass - ok

21:24:28.0021 2800 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

21:24:28.0106 2800 USBAAPL64 - ok

21:24:28.0709 2800 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

21:24:28.0790 2800 usbccgp - ok

21:24:29.0608 2800 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

21:24:29.0644 2800 usbcir - ok

21:24:30.0284 2800 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

21:24:30.0344 2800 usbehci - ok

21:24:30.0957 2800 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

21:24:31.0004 2800 usbhub - ok

21:24:31.0881 2800 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

21:24:31.0913 2800 usbohci - ok

21:24:32.0442 2800 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

21:24:32.0476 2800 usbprint - ok

21:24:33.0007 2800 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

21:24:33.0312 2800 USBSTOR - ok

21:24:33.0798 2800 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

21:24:33.0866 2800 usbuhci - ok

21:24:34.0429 2800 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

21:24:34.0471 2800 usbvideo - ok

21:24:35.0595 2800 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

21:24:35.0661 2800 vdrvroot - ok

21:24:36.0286 2800 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

21:24:36.0301 2800 vga - ok

21:24:37.0018 2800 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

21:24:37.0075 2800 VgaSave - ok

21:24:38.0247 2800 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

21:24:38.0262 2800 vhdmp - ok

21:24:39.0512 2800 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

21:24:39.0522 2800 viaide - ok

21:24:40.0619 2800 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

21:24:40.0635 2800 volmgr - ok

21:24:42.0172 2800 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

21:24:42.0189 2800 volmgrx - ok

21:24:42.0946 2800 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

21:24:42.0962 2800 volsnap - ok

21:24:43.0949 2800 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

21:24:43.0962 2800 vsmraid - ok

21:24:44.0644 2800 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

21:24:44.0680 2800 vwifibus - ok

21:24:45.0367 2800 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

21:24:45.0443 2800 vwififlt - ok

21:24:46.0191 2800 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

21:24:46.0209 2800 vwifimp - ok

21:24:47.0447 2800 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

21:24:47.0473 2800 WacomPen - ok

21:24:48.0104 2800 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:24:48.0153 2800 WANARP - ok

21:24:48.0177 2800 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:24:48.0221 2800 Wanarpv6 - ok

21:24:49.0639 2800 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

21:24:49.0648 2800 Wd - ok

21:24:50.0240 2800 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

21:24:50.0264 2800 Wdf01000 - ok

21:24:50.0888 2800 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys

21:24:50.0933 2800 wdkmd - ok

21:24:52.0270 2800 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

21:24:52.0309 2800 WfpLwf - ok

21:24:52.0793 2800 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

21:24:52.0803 2800 WIMMount - ok

21:24:53.0614 2800 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

21:24:53.0671 2800 WinUsb - ok

21:24:54.0337 2800 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

21:24:54.0349 2800 WmiAcpi - ok

21:24:55.0549 2800 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

21:24:55.0594 2800 ws2ifsl - ok

21:24:56.0218 2800 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

21:24:56.0271 2800 WudfPf - ok

21:24:56.0964 2800 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:24:57.0016 2800 WUDFRd - ok

21:24:57.0133 2800 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

21:24:57.0160 2800 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

21:24:57.0160 2800 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

21:24:57.0656 2800 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

21:24:57.0656 2800 \Device\Harddisk0\DR0 - detected TDSS File System (1)

21:24:57.0665 2800 Boot (0x1200) (07da37f883f085e25d7f0bd423ce8b41) \Device\Harddisk0\DR0\Partition0

21:24:57.0667 2800 \Device\Harddisk0\DR0\Partition0 - ok

21:24:57.0676 2800 Boot (0x1200) (03c896734db42d163caa075c00ac34a6) \Device\Harddisk0\DR0\Partition1

21:24:57.0677 2800 \Device\Harddisk0\DR0\Partition1 - ok

21:24:57.0835 2800 Boot (0x1200) (9897247d49977403c5d5c317a42f1738) \Device\Harddisk0\DR0\Partition2

21:24:57.0837 2800 \Device\Harddisk0\DR0\Partition2 - ok

21:24:57.0853 2800 Boot (0x1200) (ce064dd1323296a24c7139f347dc2be1) \Device\Harddisk0\DR0\Partition3

21:24:57.0854 2800 \Device\Harddisk0\DR0\Partition3 - ok

21:24:57.0856 2800 ============================================================

21:24:57.0857 2800 Scan finished

21:24:57.0857 2800 ============================================================

21:24:57.0865 5244 Detected object count: 2

21:24:57.0865 5244 Actual detected object count: 2

21:25:52.0649 5244 \Device\Harddisk0\DR0\# - copied to quarantine

21:25:52.0650 5244 \Device\Harddisk0\DR0 - copied to quarantine

21:25:52.0687 5244 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

21:25:52.0692 5244 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

21:25:52.0804 5244 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

21:25:52.0806 5244 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

21:25:52.0810 5244 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

21:25:52.0849 5244 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

21:25:52.0856 5244 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

21:25:52.0868 5244 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

21:25:53.0187 5244 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

21:25:53.0189 5244 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

21:25:53.0230 5244 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

21:25:53.0240 5244 \Device\Harddisk0\DR0 - ok

21:25:54.0133 5244 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

21:25:54.0135 5244 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

21:25:54.0135 5244 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

21:26:07.0472 6536 Deinitialize success

[LDTate]

Now run a new MBAM scan and post the results.

[Kyani0]

Used a quick scan again;

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.08.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Katelynn :: KATELYNN-HP [administrator]

Protection: Enabled

3/8/2012 8:39:13 PM

mbam-log-2012-03-08 (20-44-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 184544

Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 5712 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

[LDTate]

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

Did you fix that or not?

[Kyani0]

I followed the steps exactly as you had posted them. Should I run through the tdss killer again?

[LDTate]

Yes, run a new TDSSKiller

[Kyani0]

LDtate,

I never recieved and email saying you had replied, so I first started my laptop in safe mode and ran both Norton and Malwarebytes on full scan. Norton was clear and Malwarebytes detected the same two objects it has before. After rebooting, I ran the tdss killer again, following the exact same steps as before. After doing those steps (including rebooting the computer), I ran malwarebytes and instead of 2 malicious objects, it only detected one. I removed the object and after a reboot, the object was gone.

To test the laptop, I closed the lid and left it for about 15 minutes, which, with the virus, upon opening, it would blue screen. But it didn't blue screen. It's also running a lot faster than normal. I will run checkups every week or so to make sure the virus/infection is gone.

Thank you so much for your help and putting it in terms I can understand

[LDTate]

You can delete TDSSKIller

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good

• Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
  (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
  Without a firewall your computer is succeptible to being hacked and taken over.
  I am very serious about this and see it happen almost every day with my clients.
  Simply using a Firewall in its default configuration can lower your risk greatly.
  
• Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
  •Free browser plug-in for Internet Explorer and Firefox
  •Real-time safety ratings
  •Ideal for Facebook, Twitter and LinkedIn
  
• JAVA Click this link and click on the Free JAVA Download
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
  This will ensure your computer has always the latest security updates available installed on your computer.
  If there are new updates to install, install them immediately, reboot your computer, and revisit the site
  until there are no more critical updates.
  

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

• Dynamically Blocks Malware Sites & Servers
  
• Malware Execution Prevention
  

Save yourself the hassle and get protected.

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.