svchost (svchost.exe trojan.agent) cannot get ridd of it

[jreilly]

Extra svchost.exe *32 is eating up memory (wirth a description of winrscmde).

Additionally, when malwarebytes is turned on, the system is displaying messages that outgoing attempts to contact a web site were blocked (see log ). Also attached are logs from 'attach' , 'dds' and 'protection'

I need help in getting rid of these problems.

Attach.txt

DDS.txt

mbam-log-2012-06-04 (10-21-54).txt

protection-log-2012-06-04.txt

[Maniac]

Hello jreilly and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log file

[jreilly]

i have run the programs that you requested and attached the files that I could. The

The tdsskiller quartine created multiple folders with multiple files in the folders and the system will not allow me to attach them. How can I get this data to you?

The object file has the following data in it.

[infectedObject]

Verdict: Rootkit.Boot.Pihar.b

Attach 6-6-12.txt

DDS 6-6-12.txt

mbam-log-2012-06-06 (08-51-34).txt

[Maniac]

I don't want from you to attach those files. Take a look at my instructions again:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

In your next reply, post the following log files:

[jreilly]

MBR000/object

[infectedObject]

Type: MBR

Name: \Device\Harddisk0\DR0

---------------------------------

mbr0000/tsk0000

[infectedFile]

Type: Raw image

---------------------------------------

mbr0000\tsk0001

[infectedFile]

Type: Raw BB image

-----------------------------------------

tdlsf0000/object

[infectedObject]

Verdict: TDSS File System

Name: \Device\Harddisk0\DR0

------------------------------------

tdlsf0000/tsk0000

[infectedFile]

Name: ph.dll

Size: 28672

File time: 2012/02/15 21:04:18.0685

----------------------------------

tdlsf0000/tsk0001

[infectedFile]

Name: phx.dll

Size: 3072

File time: 2012/02/15 21:04:18.0685

---------------------------------------------

tdlsf0000/tsk0002

[infectedFile]

Name: sub.dll

Size: 8704

File time: 2012/02/15 21:04:18.0685

----------------------------------

tdlsf0000/tsk0003

[infectedFile]

Name: subx.dll

Size: 10752

File time: 2012/02/15 21:04:18.0685

-------------------------------

tdlsf0000/tsk0004

[infectedFile]

Name: phd

Size: 30208

File time: 2012/02/15 21:04:18.0685

----------------------------------

tdlsf/tsk005

[infectedFile]

Name: phdx

Size: 22016

File time: 2012/02/15 21:04:18.0685

--------------------------------

tdlsf/tsk0006

[infectedFile]

Name: phs

Size: 200

File time: 2012/02/15 21:04:18.0685

--------------------------

tdlsf/tsk0007

[infectedFile]

Name: phdata

Size: 232

File time: 2012/02/15 21:04:18.0685

-------------------------

tdlsf/tsk0008

[infectedFile]

Name: phld

Size: 1233

File time: 2012/02/15 21:04:18.0685

---------------------------------

tdlsf/tsk0009

[infectedFile]

Name: phln

Size: 3142

File time: 2012/02/15 21:04:18.0685

----------------------------------

tdlsf/tsk0010

[infectedFile]

Name: phlx

Size: 3656

File time: 2012/02/15 21:04:18.0685

-----------------------------

tdlsf/tsk0011

[infectedFile]

Name: phm

Size: 512

File time: 2012/02/15 21:04:18.0685

-----------------------------------

object

[infectedObject]

Verdict: Rootkit.Boot.Pihar.b

[Maniac]

I want every single log file to be pasted directly in your post.

[jreilly]

i am trying to paste all the files into the message body. However, when I paste them into the message and click post I get a message that the post is being saved and then the web site does not respond. A message is displayed ' ..is not respondind due to long running script..' (the file size is 1.72 meg)

I have attached a single file with all the log files included in this file as an interum to trying to get arounf my problem of not being able to post the log files inside this message.

Is there something that I am doing wrong that the system will not save my post so I can get you the information that you hjave requested.

6-6-12 all files.txt

[Maniac]

This is not the log file from TDSSKiller. Check again.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[jreilly]

tds log file---------------

08:41:28.0085 6752 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

08:41:28.0529 6752 ============================================================

08:41:28.0530 6752 Current date / time: 2012/06/06 08:41:28.0529

08:41:28.0530 6752 SystemInfo:

08:41:28.0530 6752

08:41:28.0530 6752 OS Version: 6.1.7601 ServicePack: 1.0

08:41:28.0530 6752 Product type: Workstation

08:41:28.0530 6752 ComputerName: JOSHUA-HP

08:41:28.0530 6752 UserName: Joshua

08:41:28.0530 6752 Windows directory: C:\Windows

08:41:28.0530 6752 System windows directory: C:\Windows

08:41:28.0530 6752 Running under WOW64

08:41:28.0530 6752 Processor architecture: Intel x64

08:41:28.0530 6752 Number of processors: 4

08:41:28.0530 6752 Page size: 0x1000

08:41:28.0530 6752 Boot type: Normal boot

08:41:28.0530 6752 ============================================================

08:41:29.0892 6752 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:41:29.0898 6752 ============================================================

08:41:29.0898 6752 \Device\Harddisk0\DR0:

08:41:29.0899 6752 MBR partitions:

08:41:29.0899 6752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

08:41:29.0899 6752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3861F800

08:41:29.0899 6752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38683800, BlocksNum 0x1CCE800

08:41:29.0899 6752 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830

08:41:29.0899 6752 ============================================================

08:41:29.0986 6752 C: <-> \Device\Harddisk0\DR0\Partition1

08:41:30.0172 6752 D: <-> \Device\Harddisk0\DR0\Partition2

08:41:30.0172 6752 ============================================================

08:41:30.0172 6752 Initialize success

08:41:30.0172 6752 ============================================================

08:42:58.0880 5736 ============================================================

08:42:58.0880 5736 Scan started

08:42:58.0880 5736 Mode: Manual; SigCheck; TDLFS;

08:42:58.0880 5736 ============================================================

08:43:02.0683 5736 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

08:43:02.0932 5736 1394ohci - ok

08:43:02.0990 5736 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys

08:43:03.0093 5736 Accelerometer - ok

08:43:03.0135 5736 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

08:43:03.0160 5736 ACPI - ok

08:43:03.0186 5736 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

08:43:03.0273 5736 AcpiPmi - ok

08:43:03.0445 5736 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

08:43:03.0491 5736 AdobeARMservice - ok

08:43:03.0660 5736 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

08:43:03.0678 5736 AdobeFlashPlayerUpdateSvc - ok

08:43:03.0913 5736 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

08:43:03.0979 5736 adp94xx - ok

08:43:04.0260 5736 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

08:43:04.0307 5736 adpahci - ok

08:43:04.0432 5736 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

08:43:04.0505 5736 adpu320 - ok

08:43:04.0557 5736 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

08:43:04.0690 5736 AeLookupSvc - ok

08:43:04.0800 5736 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

08:43:04.0880 5736 AESTFilters - ok

08:43:05.0011 5736 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

08:43:05.0139 5736 AFD - ok

08:43:05.0214 5736 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

08:43:05.0243 5736 agp440 - ok

08:43:05.0288 5736 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

08:43:05.0374 5736 ALG - ok

08:43:05.0422 5736 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

08:43:05.0454 5736 aliide - ok

08:43:05.0599 5736 ALSysIO - ok

08:43:05.0640 5736 AMD External Events Utility (5580856001f78fecef19202a60334e7e) C:\Windows\system32\atiesrxx.exe

08:43:05.0723 5736 AMD External Events Utility - ok

08:43:05.0788 5736 AMD FUEL Service - ok

08:43:05.0842 5736 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

08:43:05.0859 5736 amdide - ok

08:43:05.0923 5736 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

08:43:05.0939 5736 amdiox64 - ok

08:43:05.0998 5736 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

08:43:06.0044 5736 AmdK8 - ok

08:43:06.0996 5736 amdkmdag (69bc235b7983d67b8967ce634023ced1) C:\Windows\system32\DRIVERS\atikmdag.sys

08:43:07.0320 5736 amdkmdag - ok

08:43:07.0644 5736 amdkmdap (2a8496af669f282777f9e17d04d0aa22) C:\Windows\system32\DRIVERS\atikmpag.sys

08:43:07.0726 5736 amdkmdap - ok

08:43:07.0768 5736 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

08:43:07.0814 5736 AmdPPM - ok

08:43:07.0879 5736 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

08:43:07.0899 5736 amdsata - ok

08:43:07.0934 5736 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

08:43:07.0965 5736 amdsbs - ok

08:43:07.0981 5736 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

08:43:08.0000 5736 amdxata - ok

08:43:08.0025 5736 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys

08:43:08.0042 5736 amd_sata - ok

08:43:08.0110 5736 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys

08:43:08.0147 5736 amd_xata - ok

08:43:08.0222 5736 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

08:43:08.0420 5736 AppID - ok

08:43:08.0461 5736 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

08:43:08.0551 5736 AppIDSvc - ok

08:43:08.0604 5736 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

08:43:08.0699 5736 Appinfo - ok

08:43:08.0738 5736 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

08:43:08.0758 5736 arc - ok

08:43:08.0791 5736 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

08:43:08.0824 5736 arcsas - ok

08:43:08.0922 5736 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

08:43:08.0937 5736 aspnet_state - ok

08:43:08.0949 5736 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

08:43:09.0026 5736 AsyncMac - ok

08:43:09.0050 5736 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

08:43:09.0067 5736 atapi - ok

08:43:09.0151 5736 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys

08:43:09.0169 5736 AtiHDAudioService - ok

08:43:09.0260 5736 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:43:09.0342 5736 AudioEndpointBuilder - ok

08:43:09.0352 5736 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:43:09.0411 5736 AudioSrv - ok

08:43:09.0461 5736 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

08:43:09.0545 5736 AxInstSV - ok

08:43:09.0616 5736 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

08:43:09.0715 5736 b06bdrv - ok

08:43:09.0770 5736 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

08:43:09.0820 5736 b57nd60a - ok

08:43:09.0921 5736 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

08:43:09.0984 5736 BCM43XX - ok

08:43:10.0480 5736 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

08:43:10.0564 5736 BDESVC - ok

08:43:10.0817 5736 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

08:43:10.0896 5736 Beep - ok

08:43:10.0976 5736 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

08:43:11.0047 5736 BFE - ok

08:43:11.0715 5736 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120517.001\BHDrvx64.sys

08:43:11.0754 5736 BHDrvx64 - ok

08:43:12.0661 5736 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

08:43:12.0817 5736 BITS - ok

08:43:12.0905 5736 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

08:43:12.0960 5736 blbdrive - ok

08:43:13.0016 5736 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

08:43:13.0060 5736 bowser - ok

08:43:13.0088 5736 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

08:43:13.0144 5736 BrFiltLo - ok

08:43:13.0157 5736 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

08:43:13.0179 5736 BrFiltUp - ok

08:43:13.0219 5736 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

08:43:13.0310 5736 Browser - ok

08:43:13.0357 5736 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

08:43:13.0430 5736 Brserid - ok

08:43:13.0457 5736 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

08:43:13.0510 5736 BrSerWdm - ok

08:43:13.0538 5736 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

08:43:13.0572 5736 BrUsbMdm - ok

08:43:13.0593 5736 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

08:43:13.0629 5736 BrUsbSer - ok

08:43:13.0661 5736 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

08:43:13.0721 5736 BTHMODEM - ok

08:43:13.0774 5736 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

08:43:13.0850 5736 bthserv - ok

08:43:13.0959 5736 ccSet_NAV (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys

08:43:13.0977 5736 ccSet_NAV - ok

08:43:14.0015 5736 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

08:43:14.0083 5736 cdfs - ok

08:43:14.0139 5736 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

08:43:14.0185 5736 cdrom - ok

08:43:14.0229 5736 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:43:14.0300 5736 CertPropSvc - ok

08:43:14.0349 5736 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

08:43:14.0399 5736 circlass - ok

08:43:14.0517 5736 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

08:43:14.0569 5736 CLFS - ok

08:43:14.0679 5736 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:43:14.0696 5736 clr_optimization_v2.0.50727_32 - ok

08:43:14.0860 5736 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:43:14.0890 5736 clr_optimization_v2.0.50727_64 - ok

08:43:14.0972 5736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:43:14.0993 5736 clr_optimization_v4.0.30319_32 - ok

08:43:15.0017 5736 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:43:15.0041 5736 clr_optimization_v4.0.30319_64 - ok

08:43:15.0058 5736 clwvd - ok

08:43:15.0087 5736 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

08:43:15.0124 5736 CmBatt - ok

08:43:15.0155 5736 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

08:43:15.0173 5736 cmdide - ok

08:43:15.0220 5736 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

08:43:15.0273 5736 CNG - ok

08:43:15.0342 5736 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

08:43:15.0359 5736 Compbatt - ok

08:43:15.0433 5736 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

08:43:15.0496 5736 CompositeBus - ok

08:43:15.0515 5736 COMSysApp - ok

08:43:15.0535 5736 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

08:43:15.0555 5736 crcdisk - ok

08:43:15.0599 5736 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

08:43:15.0661 5736 CryptSvc - ok

08:43:16.0393 5736 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

08:43:16.0427 5736 cvhsvc - ok

08:43:16.0496 5736 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:43:16.0564 5736 DcomLaunch - ok

08:43:16.0609 5736 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

08:43:16.0736 5736 defragsvc - ok

08:43:16.0865 5736 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

08:43:16.0935 5736 DfsC - ok

08:43:16.0991 5736 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

08:43:17.0063 5736 Dhcp - ok

08:43:17.0117 5736 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

08:43:17.0192 5736 discache - ok

08:43:17.0232 5736 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

08:43:17.0266 5736 Disk - ok

08:43:17.0305 5736 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

08:43:17.0351 5736 Dnscache - ok

08:43:17.0541 5736 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

08:43:17.0633 5736 dot3svc - ok

08:43:17.0711 5736 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

08:43:17.0780 5736 DPS - ok

08:43:17.0819 5736 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

08:43:17.0858 5736 drmkaud - ok

08:43:18.0157 5736 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

08:43:18.0248 5736 DXGKrnl - ok

08:43:18.0363 5736 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

08:43:18.0448 5736 EapHost - ok

08:43:19.0324 5736 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

08:43:19.0456 5736 ebdrv - ok

08:43:19.0670 5736 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

08:43:19.0698 5736 eeCtrl - ok

08:43:20.0113 5736 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

08:43:20.0177 5736 EFS - ok

08:43:20.0480 5736 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

08:43:20.0594 5736 ehRecvr - ok

08:43:20.0641 5736 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

08:43:20.0717 5736 ehSched - ok

08:43:20.0843 5736 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

08:43:20.0872 5736 elxstor - ok

08:43:21.0093 5736 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

08:43:21.0133 5736 EraserUtilRebootDrv - ok

08:43:21.0177 5736 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

08:43:21.0240 5736 ErrDev - ok

08:43:21.0316 5736 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

08:43:21.0387 5736 EventSystem - ok

08:43:21.0539 5736 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

08:43:21.0601 5736 exfat - ok

08:43:21.0632 5736 ezSharedSvc - ok

08:43:21.0688 5736 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

08:43:22.0041 5736 fastfat - ok

08:43:22.0310 5736 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

08:43:22.0441 5736 Fax - ok

08:43:22.0519 5736 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

08:43:22.0565 5736 fdc - ok

08:43:22.0613 5736 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

08:43:22.0679 5736 fdPHost - ok

08:43:22.0708 5736 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

08:43:22.0772 5736 FDResPub - ok

08:43:22.0840 5736 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

08:43:22.0869 5736 FileInfo - ok

08:43:22.0930 5736 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

08:43:23.0028 5736 Filetrace - ok

08:43:23.0089 5736 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

08:43:23.0113 5736 flpydisk - ok

08:43:23.0263 5736 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

08:43:23.0303 5736 FltMgr - ok

08:43:23.0656 5736 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

08:43:23.0750 5736 FontCache - ok

08:43:23.0898 5736 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:43:23.0912 5736 FontCache3.0.0.0 - ok

08:43:24.0053 5736 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

08:43:24.0070 5736 FsDepends - ok

08:43:24.0115 5736 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

08:43:24.0134 5736 Fs_Rec - ok

08:43:24.0160 5736 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

08:43:24.0187 5736 fvevol - ok

08:43:24.0210 5736 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

08:43:24.0244 5736 gagp30kx - ok

08:43:24.0283 5736 GamesAppService - ok

08:43:24.0629 5736 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

08:43:24.0705 5736 gpsvc - ok

08:43:24.0820 5736 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:43:24.0836 5736 gupdate - ok

08:43:24.0842 5736 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:43:24.0857 5736 gupdatem - ok

08:43:24.0908 5736 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

08:43:24.0976 5736 hcw85cir - ok

08:43:25.0037 5736 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

08:43:25.0096 5736 HdAudAddService - ok

08:43:25.0129 5736 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

08:43:25.0171 5736 HDAudBus - ok

08:43:25.0204 5736 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

08:43:25.0234 5736 HidBatt - ok

08:43:25.0254 5736 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

08:43:25.0291 5736 HidBth - ok

08:43:25.0335 5736 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

08:43:25.0357 5736 HidIr - ok

08:43:25.0381 5736 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

08:43:25.0448 5736 hidserv - ok

08:43:25.0495 5736 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

08:43:25.0530 5736 HidUsb - ok

08:43:25.0569 5736 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

08:43:25.0657 5736 hkmsvc - ok

08:43:25.0728 5736 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

08:43:25.0816 5736 HomeGroupListener - ok

08:43:25.0958 5736 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

08:43:26.0025 5736 HomeGroupProvider - ok

08:43:26.0889 5736 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

08:43:26.0905 5736 HP Support Assistant Service - ok

08:43:27.0121 5736 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

08:43:27.0144 5736 HPClientSvc - ok

08:43:27.0406 5736 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

08:43:27.0444 5736 hpCMSrv - ok

08:43:27.0537 5736 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

08:43:27.0556 5736 HPDrvMntSvc.exe - ok

08:43:27.0774 5736 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys

08:43:27.0822 5736 hpdskflt - ok

08:43:28.0165 5736 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

08:43:28.0205 5736 hpqwmiex - ok

08:43:28.0247 5736 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

08:43:28.0267 5736 HpSAMD - ok

08:43:28.0338 5736 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe

08:43:28.0363 5736 hpsrv - ok

08:43:28.0450 5736 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

08:43:28.0463 5736 HPWMISVC - ok

08:43:28.0679 5736 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

08:43:28.0764 5736 HTTP - ok

08:43:28.0807 5736 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

08:43:28.0823 5736 hwpolicy - ok

08:43:28.0895 5736 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

08:43:28.0925 5736 i8042prt - ok

08:43:28.0970 5736 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

08:43:29.0024 5736 iaStorV - ok

08:43:29.0663 5736 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

08:43:29.0784 5736 IconMan_R ( UnsignedFile.Multi.Generic ) - warning

08:43:29.0784 5736 IconMan_R - detected UnsignedFile.Multi.Generic (1)

08:43:29.0918 5736 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:43:29.0955 5736 idsvc - ok

08:43:30.0144 5736 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120602.001\IDSvia64.sys

08:43:30.0183 5736 IDSVia64 - ok

08:43:30.0295 5736 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

08:43:30.0329 5736 iirsp - ok

08:43:30.0459 5736 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

08:43:30.0560 5736 IKEEXT - ok

08:43:30.0600 5736 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

08:43:30.0621 5736 intelide - ok

08:43:30.0687 5736 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

08:43:30.0727 5736 intelppm - ok

08:43:30.0759 5736 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

08:43:30.0831 5736 IPBusEnum - ok

08:43:30.0870 5736 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:43:30.0920 5736 IpFilterDriver - ok

08:43:30.0998 5736 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

08:43:31.0066 5736 iphlpsvc - ok

08:43:31.0132 5736 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

08:43:31.0174 5736 IPMIDRV - ok

08:43:31.0218 5736 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

08:43:31.0283 5736 IPNAT - ok

08:43:31.0321 5736 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

08:43:31.0345 5736 IRENUM - ok

08:43:31.0368 5736 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

08:43:31.0385 5736 isapnp - ok

08:43:31.0415 5736 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

08:43:31.0441 5736 iScsiPrt - ok

08:43:31.0460 5736 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

08:43:31.0478 5736 kbdclass - ok

08:43:31.0495 5736 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

08:43:31.0524 5736 kbdhid - ok

08:43:31.0564 5736 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:43:31.0581 5736 KeyIso - ok

08:43:31.0645 5736 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

08:43:31.0664 5736 KSecDD - ok

08:43:31.0741 5736 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

08:43:31.0787 5736 KSecPkg - ok

08:43:31.0813 5736 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

08:43:31.0889 5736 ksthunk - ok

08:43:31.0955 5736 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

08:43:32.0031 5736 KtmRm - ok

08:43:32.0108 5736 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

08:43:32.0224 5736 LanmanServer - ok

08:43:32.0260 5736 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

08:43:32.0327 5736 LanmanWorkstation - ok

08:43:32.0471 5736 Linksys_adapter_H (584528bf596a54b2bf6be5067adda44a) C:\Windows\system32\DRIVERS\AE2500w764.sys

08:43:32.0544 5736 Linksys_adapter_H - ok

08:43:32.0597 5736 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

08:43:32.0664 5736 lltdio - ok

08:43:32.0772 5736 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

08:43:32.0844 5736 lltdsvc - ok

08:43:32.0858 5736 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

08:43:32.0920 5736 lmhosts - ok

08:43:32.0955 5736 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

08:43:32.0974 5736 LSI_FC - ok

08:43:33.0001 5736 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

08:43:33.0021 5736 LSI_SAS - ok

08:43:33.0051 5736 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

08:43:33.0092 5736 LSI_SAS2 - ok

08:43:33.0122 5736 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

08:43:33.0144 5736 LSI_SCSI - ok

08:43:33.0196 5736 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

08:43:33.0259 5736 luafv - ok

08:43:33.0575 5736 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

08:43:33.0593 5736 MBAMProtector - ok

08:43:34.0019 5736 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

08:43:34.0071 5736 MBAMService - ok

08:43:34.0155 5736 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

08:43:34.0222 5736 Mcx2Svc - ok

08:43:34.0261 5736 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

08:43:34.0294 5736 megasas - ok

08:43:34.0335 5736 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

08:43:34.0477 5736 MegaSR - ok

08:43:34.0623 5736 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:43:34.0779 5736 MMCSS - ok

08:43:34.0820 5736 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

08:43:34.0900 5736 Modem - ok

08:43:34.0978 5736 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

08:43:35.0013 5736 monitor - ok

08:43:35.0069 5736 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

08:43:35.0097 5736 mouclass - ok

08:43:35.0227 5736 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

08:43:35.0291 5736 mouhid - ok

08:43:35.0340 5736 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

08:43:35.0359 5736 mountmgr - ok

08:43:35.0565 5736 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

08:43:35.0585 5736 mpio - ok

08:43:35.0630 5736 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

08:43:35.0699 5736 mpsdrv - ok

08:43:35.0855 5736 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

08:43:35.0949 5736 MpsSvc - ok

08:43:35.0987 5736 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

08:43:36.0040 5736 MRxDAV - ok

08:43:36.0078 5736 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:43:36.0122 5736 mrxsmb - ok

08:43:36.0157 5736 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:43:36.0185 5736 mrxsmb10 - ok

08:43:36.0211 5736 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:43:36.0231 5736 mrxsmb20 - ok

08:43:36.0248 5736 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

08:43:36.0266 5736 msahci - ok

08:43:36.0301 5736 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

08:43:36.0321 5736 msdsm - ok

08:43:36.0359 5736 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

08:43:36.0399 5736 MSDTC - ok

08:43:36.0425 5736 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

08:43:36.0483 5736 Msfs - ok

08:43:36.0495 5736 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

08:43:36.0561 5736 mshidkmdf - ok

08:43:36.0587 5736 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

08:43:36.0604 5736 msisadrv - ok

08:43:36.0655 5736 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

08:43:36.0747 5736 MSiSCSI - ok

08:43:36.0751 5736 msiserver - ok

08:43:36.0797 5736 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

08:43:36.0865 5736 MSKSSRV - ok

08:43:36.0889 5736 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

08:43:36.0970 5736 MSPCLOCK - ok

08:43:36.0974 5736 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

08:43:37.0043 5736 MSPQM - ok

08:43:37.0086 5736 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

08:43:37.0124 5736 MsRPC - ok

08:43:37.0157 5736 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

08:43:37.0174 5736 mssmbios - ok

08:43:37.0202 5736 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

08:43:37.0271 5736 MSTEE - ok

08:43:37.0293 5736 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

08:43:37.0325 5736 MTConfig - ok

08:43:37.0356 5736 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

08:43:37.0393 5736 Mup - ok

08:43:37.0436 5736 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

08:43:37.0515 5736 napagent - ok

08:43:37.0573 5736 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

08:43:37.0624 5736 NativeWifiP - ok

08:43:37.0934 5736 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe

08:43:37.0955 5736 NAV - ok

08:43:38.0188 5736 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120604.033\ENG64.SYS

08:43:38.0217 5736 NAVENG - ok

08:43:38.0645 5736 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120604.033\EX64.SYS

08:43:38.0789 5736 NAVEX15 - ok

08:43:39.0442 5736 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

08:43:39.0504 5736 NDIS - ok

08:43:39.0579 5736 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

08:43:39.0658 5736 NdisCap - ok

08:43:39.0690 5736 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

08:43:39.0740 5736 NdisTapi - ok

08:43:39.0759 5736 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

08:43:39.0825 5736 Ndisuio - ok

08:43:39.0901 5736 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

08:43:39.0980 5736 NdisWan - ok

08:43:40.0016 5736 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

08:43:40.0086 5736 NDProxy - ok

08:43:40.0130 5736 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

08:43:40.0200 5736 NetBIOS - ok

08:43:40.0400 5736 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

08:43:40.0469 5736 NetBT - ok

08:43:40.0556 5736 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:43:40.0575 5736 Netlogon - ok

08:43:40.0655 5736 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

08:43:40.0734 5736 Netman - ok

08:43:40.0992 5736 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:43:41.0028 5736 NetMsmqActivator - ok

08:43:41.0073 5736 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:43:41.0091 5736 NetPipeActivator - ok

08:43:41.0825 5736 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

08:43:41.0925 5736 netprofm - ok

08:43:41.0930 5736 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:43:41.0946 5736 NetTcpActivator - ok

08:43:41.0952 5736 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

08:43:41.0969 5736 NetTcpPortSharing - ok

08:43:42.0065 5736 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

08:43:42.0095 5736 nfrd960 - ok

08:43:42.0163 5736 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

08:43:42.0248 5736 NlaSvc - ok

08:43:42.0322 5736 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

08:43:42.0373 5736 Npfs - ok

08:43:42.0413 5736 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

08:43:42.0513 5736 nsi - ok

08:43:42.0553 5736 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

08:43:42.0620 5736 nsiproxy - ok

08:43:43.0045 5736 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

08:43:43.0127 5736 Ntfs - ok

08:43:43.0286 5736 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

08:43:43.0339 5736 Null - ok

08:43:43.0389 5736 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

08:43:43.0433 5736 NVENETFD - ok

08:43:43.0489 5736 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

08:43:43.0510 5736 nvraid - ok

08:43:43.0538 5736 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

08:43:43.0572 5736 nvstor - ok

08:43:43.0644 5736 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

08:43:43.0690 5736 nv_agp - ok

08:43:43.0720 5736 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

08:43:43.0770 5736 ohci1394 - ok

08:43:43.0879 5736 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:43:43.0900 5736 ose - ok

08:43:44.0500 5736 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

08:43:44.0706 5736 osppsvc - ok

08:43:44.0894 5736 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:43:44.0965 5736 p2pimsvc - ok

08:43:45.0007 5736 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

08:43:45.0034 5736 p2psvc - ok

08:43:45.0098 5736 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

08:43:45.0123 5736 Parport - ok

08:43:45.0183 5736 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

08:43:45.0221 5736 partmgr - ok

08:43:45.0260 5736 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

08:43:45.0308 5736 PcaSvc - ok

08:43:45.0375 5736 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

08:43:45.0397 5736 pci - ok

08:43:45.0424 5736 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

08:43:45.0442 5736 pciide - ok

08:43:45.0494 5736 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

08:43:45.0527 5736 pcmcia - ok

08:43:45.0587 5736 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

08:43:45.0622 5736 pcw - ok

08:43:45.0781 5736 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

08:43:45.0886 5736 PEAUTH - ok

08:43:46.0039 5736 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

08:43:46.0089 5736 PerfHost - ok

08:43:46.0538 5736 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

08:43:46.0760 5736 pla - ok

08:43:46.0824 5736 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

08:43:46.0891 5736 PlugPlay - ok

08:43:46.0931 5736 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

08:43:46.0970 5736 PNRPAutoReg - ok

08:43:46.0999 5736 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:43:47.0034 5736 PNRPsvc - ok

08:43:47.0109 5736 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

08:43:47.0187 5736 PolicyAgent - ok

08:43:47.0243 5736 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

08:43:47.0330 5736 Power - ok

08:43:47.0416 5736 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

08:43:47.0486 5736 PptpMiniport - ok

08:43:47.0517 5736 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

08:43:47.0557 5736 Processor - ok

08:43:47.0609 5736 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

08:43:47.0687 5736 ProfSvc - ok

08:43:47.0769 5736 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:43:47.0788 5736 ProtectedStorage - ok

08:43:47.0827 5736 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

08:43:47.0893 5736 Psched - ok

08:43:48.0102 5736 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

08:43:48.0190 5736 ql2300 - ok

08:43:48.0329 5736 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

08:43:48.0350 5736 ql40xx - ok

08:43:48.0397 5736 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

08:43:48.0429 5736 QWAVE - ok

08:43:48.0487 5736 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

08:43:48.0554 5736 QWAVEdrv - ok

08:43:48.0573 5736 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

08:43:48.0641 5736 RasAcd - ok

08:43:48.0719 5736 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

08:43:48.0782 5736 RasAgileVpn - ok

08:43:48.0851 5736 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

08:43:48.0935 5736 RasAuto - ok

08:43:48.0979 5736 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:43:49.0064 5736 Rasl2tp - ok

08:43:49.0158 5736 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

08:43:49.0237 5736 RasMan - ok

08:43:49.0267 5736 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

08:43:49.0352 5736 RasPppoe - ok

08:43:49.0375 5736 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

08:43:49.0458 5736 RasSstp - ok

08:43:49.0508 5736 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

08:43:49.0583 5736 rdbss - ok

08:43:49.0614 5736 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

08:43:49.0649 5736 rdpbus - ok

08:43:49.0684 5736 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:43:49.0767 5736 RDPCDD - ok

08:43:49.0803 5736 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

08:43:49.0864 5736 RDPENCDD - ok

08:43:49.0929 5736 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

08:43:50.0006 5736 RDPREFMP - ok

08:43:50.0113 5736 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

08:43:50.0204 5736 RDPWD - ok

08:43:50.0239 5736 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

08:43:50.0262 5736 rdyboost - ok

08:43:50.0325 5736 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

08:43:50.0451 5736 RemoteAccess - ok

08:43:50.0507 5736 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

08:43:50.0598 5736 RemoteRegistry - ok

08:43:50.0643 5736 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

08:43:50.0724 5736 RpcEptMapper - ok

08:43:50.0748 5736 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

08:43:50.0794 5736 RpcLocator - ok

08:43:50.0903 5736 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:43:50.0965 5736 RpcSs - ok

08:43:51.0072 5736 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys

08:43:51.0099 5736 RSPCIESTOR - ok

08:43:51.0138 5736 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

08:43:51.0212 5736 rspndr - ok

08:43:51.0283 5736 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys

08:43:51.0316 5736 RTL8167 - ok

08:43:51.0699 5736 RTL8192Ce (177963a6eebaa9ef3b56a2dbe9d5d0fc) C:\Windows\system32\DRIVERS\rtl8192Ce.sys

08:43:51.0796 5736 RTL8192Ce - ok

08:43:51.0847 5736 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:43:51.0875 5736 SamSs - ok

08:43:51.0970 5736 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

08:43:51.0996 5736 sbp2port - ok

08:43:52.0507 5736 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

08:43:52.0621 5736 SCardSvr - ok

08:43:52.0769 5736 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

08:43:52.0861 5736 scfilter - ok

08:43:52.0996 5736 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

08:43:53.0102 5736 Schedule - ok

08:43:53.0155 5736 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:43:53.0227 5736 SCPolicySvc - ok

08:43:53.0269 5736 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

08:43:53.0322 5736 sdbus - ok

08:43:53.0350 5736 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

08:43:53.0447 5736 SDRSVC - ok

08:43:53.0475 5736 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

08:43:53.0544 5736 secdrv - ok

08:43:53.0565 5736 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

08:43:53.0647 5736 seclogon - ok

08:43:53.0704 5736 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

08:43:53.0785 5736 SENS - ok

08:43:53.0820 5736 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

08:43:53.0876 5736 SensrSvc - ok

08:43:53.0906 5736 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

08:43:53.0956 5736 Serenum - ok

08:43:53.0988 5736 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

08:43:54.0027 5736 Serial - ok

08:43:54.0113 5736 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

08:43:54.0152 5736 sermouse - ok

08:43:54.0230 5736 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

08:43:54.0321 5736 SessionEnv - ok

08:43:54.0369 5736 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

08:43:54.0422 5736 sffdisk - ok

08:43:54.0452 5736 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

08:43:54.0540 5736 sffp_mmc - ok

08:43:54.0545 5736 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

08:43:54.0623 5736 sffp_sd - ok

08:43:54.0796 5736 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

08:43:54.0845 5736 sfloppy - ok

08:43:54.0954 5736 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

08:43:54.0998 5736 Sftfs - ok

08:43:55.0165 5736 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

08:43:55.0201 5736 sftlist - ok

08:43:55.0287 5736 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

08:43:55.0327 5736 Sftplay - ok

08:43:55.0342 5736 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

08:43:55.0370 5736 Sftredir - ok

08:43:55.0407 5736 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

08:43:55.0441 5736 Sftvol - ok

08:43:55.0463 5736 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

08:43:55.0487 5736 sftvsa - ok

08:43:55.0545 5736 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

08:43:55.0610 5736 SharedAccess - ok

08:43:55.0662 5736 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

08:43:55.0739 5736 ShellHWDetection - ok

08:43:55.0788 5736 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

08:43:55.0818 5736 SiSRaid2 - ok

08:43:55.0858 5736 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

08:43:55.0879 5736 SiSRaid4 - ok

08:43:55.0917 5736 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

08:43:56.0013 5736 Smb - ok

08:43:56.0121 5736 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

08:43:56.0180 5736 SNMPTRAP - ok

08:43:56.0233 5736 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

08:43:56.0263 5736 spldr - ok

08:43:56.0755 5736 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

08:43:56.0834 5736 Spooler - ok

08:43:57.0270 5736 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

08:43:57.0453 5736 sppsvc - ok

08:43:57.0643 5736 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

08:43:57.0699 5736 sppuinotify - ok

08:43:57.0893 5736 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NAVx64\1307010.005\SRTSP64.SYS

08:43:57.0928 5736 SRTSP - ok

08:43:57.0956 5736 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NAVx64\1307010.005\SRTSPX64.SYS

08:43:57.0991 5736 SRTSPX - ok

08:43:58.0262 5736 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

08:43:58.0352 5736 srv - ok

08:43:58.0435 5736 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

08:43:58.0500 5736 srv2 - ok

08:43:58.0576 5736 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

08:43:58.0599 5736 SrvHsfHDA - ok

08:43:59.0059 5736 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

08:43:59.0184 5736 SrvHsfV92 - ok

08:43:59.0395 5736 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

08:43:59.0441 5736 SrvHsfWinac - ok

08:43:59.0472 5736 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

08:43:59.0495 5736 srvnet - ok

08:43:59.0526 5736 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

08:43:59.0612 5736 SSDPSRV - ok

08:43:59.0660 5736 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

08:43:59.0715 5736 SstpSvc - ok

08:43:59.0822 5736 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe

08:43:59.0851 5736 STacSV - ok

08:43:59.0889 5736 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

08:43:59.0906 5736 stexstor - ok

08:43:59.0979 5736 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys

08:44:00.0028 5736 STHDA - ok

08:44:00.0409 5736 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

08:44:00.0448 5736 stisvc - ok

08:44:00.0501 5736 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

08:44:00.0522 5736 swenum - ok

08:44:00.0577 5736 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

08:44:00.0665 5736 swprv - ok

08:44:00.0809 5736 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS

08:44:00.0852 5736 SymDS - ok

08:44:01.0006 5736 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS

08:44:01.0073 5736 SymEFA - ok

08:44:01.0127 5736 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

08:44:01.0156 5736 SymEvent - ok

08:44:01.0216 5736 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS

08:44:01.0249 5736 SymIRON - ok

08:44:01.0321 5736 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS

08:44:01.0360 5736 SymNetS - ok

08:44:01.0763 5736 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys

08:44:01.0861 5736 SynTP - ok

08:44:02.0422 5736 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

08:44:02.0539 5736 SysMain - ok

08:44:02.0754 5736 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

08:44:02.0854 5736 TabletInputService - ok

08:44:02.0959 5736 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

08:44:03.0049 5736 TapiSrv - ok

08:44:03.0124 5736 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

08:44:03.0192 5736 TBS - ok

08:44:03.0523 5736 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

08:44:03.0653 5736 Tcpip - ok

08:44:03.0967 5736 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

08:44:04.0041 5736 TCPIP6 - ok

08:44:04.0477 5736 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

08:44:04.0567 5736 tcpipreg - ok

08:44:04.0588 5736 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

08:44:04.0630 5736 TDPIPE - ok

08:44:04.0704 5736 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

08:44:04.0775 5736 TDTCP - ok

08:44:04.0838 5736 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

08:44:04.0926 5736 tdx - ok

08:44:04.0996 5736 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

08:44:05.0019 5736 TermDD - ok

08:44:05.0146 5736 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

08:44:05.0277 5736 TermService - ok

08:44:05.0299 5736 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

08:44:05.0329 5736 Themes - ok

08:44:05.0358 5736 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:44:05.0413 5736 THREADORDER - ok

08:44:05.0445 5736 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

08:44:05.0521 5736 TrkWks - ok

08:44:05.0612 5736 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

08:44:05.0755 5736 TrustedInstaller - ok

08:44:05.0793 5736 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:44:05.0874 5736 tssecsrv - ok

08:44:05.0912 5736 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

08:44:05.0942 5736 TsUsbFlt - ok

08:44:05.0959 5736 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

08:44:06.0019 5736 TsUsbGD - ok

08:44:06.0718 5736 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

08:44:06.0818 5736 tunnel - ok

08:44:06.0992 5736 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

08:44:07.0011 5736 uagp35 - ok

08:44:07.0132 5736 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

08:44:07.0214 5736 udfs - ok

08:44:07.0327 5736 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

08:44:07.0351 5736 UI0Detect - ok

08:44:07.0448 5736 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

08:44:07.0504 5736 uliagpkx - ok

08:44:07.0565 5736 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

08:44:07.0601 5736 umbus - ok

08:44:07.0632 5736 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

08:44:07.0690 5736 UmPass - ok

08:44:07.0730 5736 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

08:44:07.0828 5736 upnphost - ok

08:44:07.0883 5736 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

08:44:07.0928 5736 usbccgp - ok

08:44:07.0962 5736 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

08:44:07.0990 5736 usbcir - ok

08:44:08.0010 5736 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

08:44:08.0042 5736 usbehci - ok

08:44:08.0247 5736 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys

08:44:08.0289 5736 usbfilter - ok

08:44:08.0348 5736 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

08:44:08.0444 5736 usbhub - ok

08:44:08.0514 5736 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

08:44:08.0563 5736 usbohci - ok

08:44:08.0614 5736 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

08:44:08.0676 5736 usbprint - ok

08:44:08.0809 5736 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

08:44:08.0865 5736 usbscan - ok

08:44:08.0912 5736 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:44:08.0987 5736 USBSTOR - ok

08:44:09.0020 5736 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

08:44:09.0058 5736 usbuhci - ok

08:44:09.0111 5736 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

08:44:09.0142 5736 usbvideo - ok

08:44:09.0170 5736 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

08:44:09.0260 5736 UxSms - ok

08:44:09.0300 5736 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:44:09.0320 5736 VaultSvc - ok

08:44:09.0394 5736 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

08:44:09.0422 5736 vdrvroot - ok

08:44:09.0609 5736 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

08:44:09.0702 5736 vds - ok

08:44:09.0762 5736 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

08:44:09.0796 5736 vga - ok

08:44:09.0858 5736 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

08:44:09.0949 5736 VgaSave - ok

08:44:09.0981 5736 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

08:44:10.0005 5736 vhdmp - ok

08:44:10.0019 5736 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

08:44:10.0037 5736 viaide - ok

08:44:10.0080 5736 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

08:44:10.0134 5736 volmgr - ok

08:44:10.0186 5736 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

08:44:10.0214 5736 volmgrx - ok

08:44:10.0269 5736 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

08:44:10.0293 5736 volsnap - ok

08:44:10.0348 5736 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

08:44:10.0410 5736 vsmraid - ok

08:44:10.0576 5736 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

08:44:10.0678 5736 VSS - ok

08:44:10.0900 5736 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

08:44:10.0954 5736 vwifibus - ok

08:44:10.0971 5736 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

08:44:11.0016 5736 vwififlt - ok

08:44:11.0054 5736 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

08:44:11.0079 5736 vwifimp - ok

08:44:11.0133 5736 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

08:44:11.0190 5736 W32Time - ok

08:44:11.0265 5736 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

08:44:11.0310 5736 WacomPen - ok

08:44:11.0362 5736 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:44:11.0441 5736 WANARP - ok

08:44:11.0445 5736 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:44:11.0496 5736 Wanarpv6 - ok

08:44:11.0718 5736 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

08:44:11.0790 5736 WatAdminSvc - ok

08:44:11.0975 5736 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

08:44:12.0272 5736 wbengine - ok

08:44:12.0527 5736 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

08:44:12.0559 5736 WbioSrvc - ok

08:44:12.0816 5736 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

08:44:12.0871 5736 wcncsvc - ok

08:44:12.0903 5736 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

08:44:12.0959 5736 WcsPlugInService - ok

08:44:13.0024 5736 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

08:44:13.0041 5736 Wd - ok

08:44:13.0090 5736 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

08:44:13.0131 5736 Wdf01000 - ok

08:44:13.0157 5736 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:44:13.0244 5736 WdiServiceHost - ok

08:44:13.0251 5736 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:44:13.0276 5736 WdiSystemHost - ok

08:44:13.0345 5736 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

08:44:13.0411 5736 WebClient - ok

08:44:13.0474 5736 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

08:44:13.0556 5736 Wecsvc - ok

08:44:13.0614 5736 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

08:44:13.0671 5736 wercplsupport - ok

08:44:13.0710 5736 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

08:44:13.0783 5736 WerSvc - ok

08:44:13.0854 5736 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

08:44:13.0924 5736 WfpLwf - ok

08:44:13.0946 5736 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

08:44:13.0964 5736 WIMMount - ok

08:44:13.0986 5736 WinDefend - ok

08:44:13.0999 5736 WinHttpAutoProxySvc - ok

08:44:14.0304 5736 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

08:44:14.0358 5736 Winmgmt - ok

08:44:14.0551 5736 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

08:44:14.0671 5736 WinRM - ok

08:44:14.0864 5736 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

08:44:14.0928 5736 Wlansvc - ok

08:44:15.0028 5736 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

08:44:15.0049 5736 wlcrasvc - ok

08:44:15.0341 5736 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:44:15.0443 5736 wlidsvc - ok

08:44:15.0582 5736 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

08:44:15.0618 5736 WmiAcpi - ok

08:44:15.0696 5736 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

08:44:15.0779 5736 wmiApSrv - ok

08:44:15.0813 5736 WMPNetworkSvc - ok

08:44:15.0846 5736 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

08:44:15.0893 5736 WPCSvc - ok

08:44:15.0927 5736 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

08:44:15.0953 5736 WPDBusEnum - ok

08:44:15.0992 5736 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

08:44:16.0047 5736 ws2ifsl - ok

08:44:16.0106 5736 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

08:44:16.0149 5736 wscsvc - ok

08:44:16.0153 5736 WSearch - ok

08:44:16.0312 5736 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

08:44:16.0440 5736 wuauserv - ok

08:44:16.0613 5736 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

08:44:16.0707 5736 WudfPf - ok

08:44:16.0772 5736 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:44:16.0841 5736 WUDFRd - ok

08:44:16.0875 5736 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

08:44:16.0926 5736 wudfsvc - ok

08:44:16.0958 5736 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

08:44:17.0021 5736 WwanSvc - ok

08:44:17.0341 5736 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

08:44:17.0376 5736 YahooAUService - ok

08:44:17.0444 5736 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

08:44:17.0475 5736 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

08:44:17.0475 5736 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

08:44:17.0577 5736 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

08:44:17.0577 5736 \Device\Harddisk0\DR0 - detected TDSS File System (1)

08:44:17.0623 5736 Boot (0x1200) (b5378ed36db579e7dbfbceb4c77e126d) \Device\Harddisk0\DR0\Partition0

08:44:17.0626 5736 \Device\Harddisk0\DR0\Partition0 - ok

08:44:17.0641 5736 Boot (0x1200) (daaf8b37463f767c79070f29f422f8dd) \Device\Harddisk0\DR0\Partition1

08:44:17.0666 5736 \Device\Harddisk0\DR0\Partition1 - ok

08:44:17.0708 5736 Boot (0x1200) (c49b3350f638022c8b4898712cf4adc9) \Device\Harddisk0\DR0\Partition2

08:44:17.0710 5736 \Device\Harddisk0\DR0\Partition2 - ok

08:44:17.0730 5736 Boot (0x1200) (72339e092699b51c22f36c5a603daeb9) \Device\Harddisk0\DR0\Partition3

08:44:17.0731 5736 \Device\Harddisk0\DR0\Partition3 - ok

08:44:17.0732 5736 ============================================================

08:44:17.0732 5736 Scan finished

08:44:17.0732 5736 ============================================================

08:44:17.0746 4112 Detected object count: 3

08:44:17.0746 4112 Actual detected object count: 3

08:44:47.0396 4112 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user

08:44:47.0396 4112 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:44:48.0856 4112 \Device\Harddisk0\DR0\# - copied to quarantine

08:44:48.0857 4112 \Device\Harddisk0\DR0 - copied to quarantine

08:44:48.0924 4112 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

08:44:48.0927 4112 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

08:44:48.0932 4112 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

08:44:48.0937 4112 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

08:44:48.0947 4112 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

08:44:48.0957 4112 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

08:44:48.0960 4112 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

08:44:48.0965 4112 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

08:44:48.0968 4112 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

08:44:48.0972 4112 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

08:44:48.0977 4112 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

08:44:48.0979 4112 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

08:44:49.0010 4112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

08:44:49.0011 4112 \Device\Harddisk0\DR0 - ok

08:44:51.0643 4112 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

08:44:51.0644 4112 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:44:51.0644 4112 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

08:46:46.0960 6740 Deinitialize success

[Maniac]

That's it!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[jreilly]

combo fix log is below.....

ComboFix 12-06-08.01 - Joshua 06/08/2012 9:25.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2137 [GMT -4:00]

Running from: c:\users\Joshua\Desktop\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\WanPacket.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))

.

.

2012-06-06 12:44 . 2012-06-06 12:44 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-04 13:35 . 2012-06-04 13:35 -------- d-----w- C:\AI_RecycleBin

2012-06-01 19:21 . 2012-06-01 19:21 -------- d-----w- c:\users\Joshua\AppData\Roaming\Malwarebytes

2012-06-01 19:21 . 2012-06-01 19:21 -------- d-----w- c:\programdata\Malwarebytes

2012-06-01 19:21 . 2012-06-01 19:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-01 19:21 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-01 14:54 . 2012-06-01 14:54 -------- d-----w- c:\users\Joshua\AppData\Local\Microsoft Help

2012-06-01 14:54 . 2012-06-01 15:14 -------- d-----w- c:\programdata\Microsoft Help

2012-06-01 14:43 . 2012-06-01 14:43 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-06-01 14:43 . 2012-06-01 14:43 -------- d-----w- c:\program files\Symantec

2012-06-01 14:43 . 2012-06-01 14:43 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-06-01 14:40 . 2012-06-01 14:40 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-01 14:40 . 2012-06-02 16:53 -------- d-----w- c:\windows\system32\drivers\NAVx64

2012-06-01 14:40 . 2012-06-01 14:40 -------- d-----w- c:\program files (x86)\Norton AntiVirus

2012-06-01 13:45 . 2012-06-01 13:45 -------- d-----w- c:\windows\Sun

2012-05-29 16:51 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

2012-05-29 16:51 . 2009-03-09 19:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll

2012-05-19 15:03 . 2012-05-19 15:04 -------- d-----w- C:\34656fc724f5a86b07cc264c4d

2012-05-19 13:24 . 2012-05-19 13:24 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-05-19 13:22 . 2012-05-19 13:22 -------- d-----w- c:\program files (x86)\Oracle

2012-05-19 13:22 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-05-19 13:17 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-19 13:17 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-19 13:16 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-19 13:16 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-19 13:16 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-19 13:16 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-19 13:11 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-19 13:07 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-19 13:07 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-19 13:07 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-01 14:40 . 2011-11-04 23:16 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 257696]

R3 ALSysIO;ALSysIO;c:\users\Joshua\AppData\Local\Temp\ALSysIO64.sys [x]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 136176]

R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]

R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1307010.005\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1307010.005\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [2012-05-18 1160824]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1307010.005\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120606.001\IDSvia64.sys [2012-06-01 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1307010.005\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1307010.005\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-01 138912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 14:40]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 17:11]

.

2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 17:11]

.

2012-05-29 c:\windows\Tasks\HPCeeScheduleForJoshua.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-WTA-af879c04-a80e-448c-bfbd-f3e8d121e7db - c:\program files (x86)\WildGames\Exorcist 2\uninstall\uninstaller.exe

AddRemove-WTA-e9d25dd9-c3b1-4151-9add-06837c3422c6 - c:\program files (x86)\WildGames\FATE The Cursed King\uninstall\uninstaller.exe

AddRemove-WTA-ff65c495-afff-4d11-a19a-11aada624f8e - c:\program files (x86)\WildGames\Torchlight\uninstall\uninstaller.exe

AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

AddRemove-{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp - c:\program files (x86)\WildTangent Games\Touchpoints\hp\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

.

**************************************************************************

.

Completion time: 2012-06-08 09:46:22 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-08 13:46

.

Pre-Run: 428,305,473,536 bytes free

Post-Run: 433,438,900,224 bytes free

.

- - End Of File - - 92CAD25930C99F4177DD0C27E3C9CDC3

[Maniac]

Good!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[jreilly]

I can get to the 'accept' screen. But, after that I do not get the active x scrren prompt. A popup box box (blank) comes up and just stays there. But, on a different computer, if I go thru the steps, the prompt to insat,l the active x is displayed. Something on the infected laptop , I believe, is stopping me from getting the active x promt. Do you have an ideaa?

[jreilly]

got it. log below

C:\ProgramData\Microsoft\Windows\DRM\4271.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\ProgramData\Microsoft\Windows\DRM\4282.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined

[Maniac]

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

[jreilly]

kasperskey log...

Status: Detected (events: 2)

6/9/2012 11:29:05 AM Detected Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\06.06.2012_08.41.28\mbr0000\mbr0000\tsk0000.dta High

6/9/2012 11:29:06 AM Detected Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\06.06.2012_08.41.28\mbr0000\mbr0000\tsk0001.dta//mbr High

[Maniac]

Everything is seems fine. How is the PC now?

[jreilly]

everything is working and I am no longer being redirected or sending outgoing messages. I want to thank you for ALL the effort that you applied to my post. It is with great appreciation and admiration that I bid you farewell.

YOUR THE GREAtEST!!!!!!!!!

[Maniac]

Glad I could help!

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS, TDSSKiller and Kaspersky AVP. Uninstall ESET Online Scanner.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!