Malware problem or Software problem?

[username123]

I'm posting on behalf oy of mom who started using malwarebytes at my urging.

Malware bytes keeps decting 2 trojans, but when I restart the computer to complete removal it freezes and has to be manually turned off and back on to finish restarting.

I'm not sure if the trojans are causing the restart problems and are just refusing to be removed, or if there is a software problem causing the computer to freeze during restart and preventing removal. DDS and Malwarebytes logs below.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Owner at 18:15:26 on 2012-06-25

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1688 [GMT -4:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\vcsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingApp.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.foxnews.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe

mRun: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 8.8.8.8

TCP: Interfaces\{2FDA006A-7FF4-42BD-A473-6170B0732933}\3416D607D275966496 : DhcpNameServer = 10.128.128.128

TCP: Interfaces\{2FDA006A-7FF4-42BD-A473-6170B0732933}\B4F4140313 : DhcpNameServer = 67.20.47.9 67.20.47.7 67.20.47.8

TCP: Interfaces\{B0391C71-D4E5-4064-B7A3-607DB673E71C} : DhcpNameServer = 8.8.8.8

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

LSA: Notification Packages = DPPassFilter scecli

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe

mRun-x64: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120622.001\IDSviA64.sys [2012-6-18 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-11 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-12 130008]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]

R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/03/11 01:08:09;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-3-11 245232]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-06-25 20:03:18 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-25 20:02:51 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-25 20:02:18 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-25 20:02:18 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-18 18:21:45 20480 ----a-w- C:\Windows\svchost.exe

2012-06-14 01:40:50 -------- d-----w- C:\5e688b2ba81316da2e36f179622c7d

2012-06-14 00:51:13 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-14 00:51:12 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-14 00:51:12 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-14 00:51:12 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-14 00:51:12 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-14 00:51:12 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-14 00:44:48 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-14 00:44:48 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-14 00:34:48 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-14 00:16:52 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-14 00:16:52 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-14 00:16:52 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-14 00:13:18 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-14 00:08:01 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-06-13 00:50:42 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys

2012-06-13 00:50:42 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtsp64.sys

2012-06-13 00:50:42 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys

2012-06-13 00:50:42 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys

2012-06-13 00:50:42 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys

2012-06-13 00:50:42 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys

2012-06-13 00:50:18 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207020.003

2012-06-08 18:51:07 -------- d-----w- C:\ProgramData\Kodak

2012-06-08 18:51:00 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll

.

==================== Find3M ====================

.

2012-05-19 02:13:13 900 --sha-w- C:\ProgramData\KGyGaAvL.sys

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 18:16:51.08 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/16/2011 3:17:43 PM

System Uptime: 6/25/2012 5:40:46 PM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 1641

Processor: AMD Phenom II P860 Triple-Core Processor | Socket S1G4 | 800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 674 GiB total, 608.337 GiB free.

D: is FIXED (NTFS) - 24 GiB total, 3.549 GiB free.

E: is CDROM ()

F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP185: 5/27/2012 6:22:40 PM - Windows Backup

RP186: 5/27/2012 7:45:11 PM - Windows Update

RP187: 5/29/2012 6:50:22 PM - Windows Update

RP188: 5/30/2012 4:13:36 PM - Windows Update

RP189: 5/30/2012 4:39:07 PM - Windows Update

RP190: 6/1/2012 7:32:09 PM - Windows Update

RP191: 6/1/2012 10:11:26 PM - Windows Update

RP192: 6/3/2012 7:35:50 PM - Windows Update

RP193: 6/3/2012 8:05:16 PM - Windows Update

RP194: 6/4/2012 5:35:44 PM - Windows Backup

RP195: 6/6/2012 10:10:59 PM - Windows Update

RP196: 6/6/2012 10:37:03 PM - Windows Update

RP197: 6/8/2012 2:45:00 PM - Windows Update

RP198: 6/8/2012 6:48:24 PM - Windows Update

RP199: 6/10/2012 11:18:30 AM - Windows Update

RP200: 6/10/2012 1:01:17 PM - Windows Update

RP201: 6/11/2012 8:00:24 PM - Windows Backup

RP202: 6/12/2012 8:34:32 PM - Windows Update

RP203: 6/13/2012 9:37:09 PM - Windows Update

RP204: 6/13/2012 11:13:26 PM - Windows Update

RP205: 6/17/2012 11:23:25 AM - Windows Update

RP206: 6/18/2012 1:50:48 PM - Windows Backup

RP207: 6/18/2012 7:21:53 PM - Windows Update

RP208: 6/25/2012 4:01:35 PM - Windows Update

RP209: 6/25/2012 4:49:31 PM - Windows Update

RP210: 6/25/2012 5:59:53 PM - Windows Backup

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Reader 9.5.1 MUI

Adobe Shockwave Player 11.5

Agatha Christie - Peril at End House

Bejeweled 2 Deluxe

Bing Bar

Bing Rewards Client Installer

Blackhawk Striker 2

Blasterball 3

Blio

Bounce Symphony

Build-a-lot 2

Cake Mania

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

Contents

Corel PaintShop Photo Pro X3

Corel VideoStudio Pro X3

CyberLink DVD Suite

D3DX10

DeviceIO

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

DVD Menu Pack for HP MediaSmart Video

Energy Star Digital Logo

Escape Rosecliff Island

ESU for Microsoft Windows 7

Farm Frenzy

FATE

Fences Pro

Final Drive Nitro

Heroes of Hellas 2 - Olympia

Hewlett-Packard ACLM.NET v1.1.2.0

HP CloudDrive

HP Customer Experience Enhancements

HP Documentation

HP DVB-T TV Tuner 8.0.64.43

HP Game Console

HP Games

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart Video

HP MediaSmart Webcam

HP MediaSmart/TouchSmart Netflix

HP MovieStore

HP Photo Creations

HP Power Manager

HP Quick Launch

HP Setup

HP Setup Manager

HP Software Framework

HP Support Assistant

Hulu Desktop

ICA

IDT Audio

IPM_PSP_Pro

IPM_VS_Pro

ISCOM

Java 6 Update 25

Jewel Quest Solitaire 2

Junk Mail filter update

LabelPrint

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Movie Theme Pack for HP MediaSmart Video

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - The London Caper

Norton Internet Security

Norton Online Backup

PdaNet for Android 2.45

Penguins!

PhotoNow!

PictureMover

Plants vs. Zombies

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

PSPPContent

PSPPRO_DCRAW

PureHD

Realtek Ethernet Controller Driver For Windows 7

Realtek USB 2.0 Card Reader

Recovery Manager

RoxioNow Player

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Setup

Share

Skype Click to Call

Skype™ 5.8

Times Reader

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

VIO

Virtual Families

Virtual Villagers 4 - The Tree of Life

VSClassic

VSPro

Wheel of Fortune 2

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

6/25/2012 5:45:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

6/25/2012 4:49:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

6/25/2012 4:49:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).

6/25/2012 4:49:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).

6/25/2012 3:56:02 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

6/25/2012 3:47:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

6/18/2012 6:16:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

6/18/2012 3:16:35 PM, Error: Disk [11] - The driver detected a controller error on \...\DR1.

.

==== End Of File ===========================

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.25.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-HP [administrator]

6/25/2012 6:26:28 PM

mbam-log-2012-06-25 (18-38-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213698

Time elapsed: 11 minute(s), 18 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 2956 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

[Maniac]

Hello username123! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log

[username123]

This PC is mainly used for Netflix/Youtube and some online shopping, no banking or other activity that contains personal info. Can you tell how likely is it based on the infection that it won't be secure after disinfection?

[Maniac]

I could helped to cleaning the infection, but should always have one in mind. There is always a risk, however small it be.

[username123]

I am going to disinfect it, I will not be able to run TDSSkiller until tomorrow. I will post the log tomorrow as soon as I do. Thanks.

[Maniac]

Thanks for letting me know!

[username123]

Logs:

10:38:00.0834 0912 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44

10:38:02.0831 0912 ============================================================

10:38:02.0831 0912 Current date / time: 2012/06/28 10:38:02.0831

10:38:02.0831 0912 SystemInfo:

10:38:02.0831 0912

10:38:02.0831 0912 OS Version: 6.1.7601 ServicePack: 1.0

10:38:02.0831 0912 Product type: Workstation

10:38:02.0831 0912 ComputerName: OWNER-HP

10:38:02.0831 0912 UserName: Owner

10:38:02.0831 0912 Windows directory: C:\Windows

10:38:02.0831 0912 System windows directory: C:\Windows

10:38:02.0831 0912 Running under WOW64

10:38:02.0831 0912 Processor architecture: Intel x64

10:38:02.0831 0912 Number of processors: 3

10:38:02.0831 0912 Page size: 0x1000

10:38:02.0831 0912 Boot type: Normal boot

10:38:02.0831 0912 ============================================================

10:38:05.0655 0912 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:38:05.0670 0912 ============================================================

10:38:05.0670 0912 \Device\Harddisk0\DR0:

10:38:05.0670 0912 MBR partitions:

10:38:05.0670 0912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

10:38:05.0670 0912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x5441F000

10:38:05.0670 0912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x54483000, BlocksNum 0x308F800

10:38:05.0670 0912 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0

10:38:05.0670 0912 ============================================================

10:38:05.0795 0912 C: <-> \Device\Harddisk0\DR0\Partition1

10:38:06.0201 0912 D: <-> \Device\Harddisk0\DR0\Partition2

10:38:06.0357 0912 F: <-> \Device\Harddisk0\DR0\Partition3

10:38:06.0357 0912 ============================================================

10:38:06.0357 0912 Initialize success

10:38:06.0357 0912 ============================================================

10:38:48.0335 1412 ============================================================

10:38:48.0335 1412 Scan started

10:38:48.0335 1412 Mode: Manual; SigCheck; TDLFS;

10:38:48.0335 1412 ============================================================

10:38:53.0869 1412 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:38:54.0112 1412 1394ohci - ok

10:38:54.0207 1412 Accelerometer (7bb93bb5a578984090748f310ed895ef) C:\Windows\system32\DRIVERS\Accelerometer.sys

10:38:54.0278 1412 Accelerometer - ok

10:38:54.0707 1412 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:38:54.0757 1412 ACPI - ok

10:38:54.0820 1412 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:38:54.0913 1412 AcpiPmi - ok

10:38:55.0092 1412 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:38:55.0189 1412 adp94xx - ok

10:38:55.0349 1412 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:38:55.0457 1412 adpahci - ok

10:38:55.0588 1412 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:38:55.0652 1412 adpu320 - ok

10:38:55.0721 1412 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

10:38:55.0839 1412 AeLookupSvc - ok

10:38:56.0097 1412 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

10:38:56.0161 1412 AESTFilters - ok

10:38:56.0448 1412 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:38:56.0630 1412 AFD - ok

10:38:56.0737 1412 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:38:56.0793 1412 agp440 - ok

10:38:56.0877 1412 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

10:38:56.0999 1412 ALG - ok

10:38:57.0091 1412 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:38:57.0137 1412 aliide - ok

10:38:57.0278 1412 AMD External Events Utility (09fcd2c758f1ad3df931ab9d944fe348) C:\Windows\system32\atiesrxx.exe

10:38:57.0347 1412 AMD External Events Utility - ok

10:38:57.0437 1412 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:38:57.0471 1412 amdide - ok

10:38:57.0647 1412 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:38:57.0735 1412 AmdK8 - ok

10:39:02.0477 1412 amdkmdag (2e76d0a912ab09ca5586ab23e466a25f) C:\Windows\system32\DRIVERS\atikmdag.sys

10:39:03.0384 1412 amdkmdag - ok

10:39:05.0014 1412 amdkmdap (dd3c0c1b62da0736482501c4bcdcd1f8) C:\Windows\system32\DRIVERS\atikmpag.sys

10:39:05.0207 1412 amdkmdap - ok

10:39:05.0320 1412 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:39:05.0417 1412 AmdPPM - ok

10:39:05.0572 1412 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:39:05.0679 1412 amdsata - ok

10:39:05.0943 1412 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:39:06.0009 1412 amdsbs - ok

10:39:06.0309 1412 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:39:06.0504 1412 amdxata - ok

10:39:06.0655 1412 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:39:06.0816 1412 AppID - ok

10:39:06.0892 1412 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

10:39:07.0053 1412 AppIDSvc - ok

10:39:07.0142 1412 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

10:39:07.0249 1412 Appinfo - ok

10:39:07.0338 1412 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:39:07.0374 1412 arc - ok

10:39:07.0533 1412 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:39:07.0603 1412 arcsas - ok

10:39:07.0711 1412 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:39:07.0835 1412 AsyncMac - ok

10:39:07.0893 1412 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:39:07.0921 1412 atapi - ok

10:39:08.0803 1412 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys

10:39:09.0021 1412 athr - ok

10:39:10.0593 1412 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

10:39:10.0644 1412 AtiHdmiService - ok

10:39:10.0714 1412 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys

10:39:10.0763 1412 AtiPcie - ok

10:39:11.0135 1412 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:39:11.0285 1412 AudioEndpointBuilder - ok

10:39:11.0303 1412 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:39:11.0412 1412 AudioSrv - ok

10:39:11.0623 1412 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

10:39:11.0800 1412 AxInstSV - ok

10:39:11.0972 1412 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:39:12.0118 1412 b06bdrv - ok

10:39:12.0330 1412 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:39:12.0483 1412 b57nd60a - ok

10:39:12.0716 1412 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

10:39:12.0788 1412 BBSvc - ok

10:39:12.0849 1412 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

10:39:12.0891 1412 BBUpdate - ok

10:39:13.0721 1412 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys

10:39:13.0925 1412 BCM43XX - ok

10:39:14.0454 1412 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

10:39:14.0563 1412 BDESVC - ok

10:39:14.0762 1412 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:39:14.0902 1412 Beep - ok

10:39:15.0253 1412 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

10:39:15.0383 1412 BFE - ok

10:39:18.0356 1412 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx64.sys

10:39:18.0433 1412 BHDrvx64 - ok

10:39:20.0236 1412 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

10:39:20.0465 1412 BITS - ok

10:39:20.0724 1412 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:39:20.0790 1412 blbdrive - ok

10:39:21.0090 1412 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:39:21.0159 1412 bowser - ok

10:39:21.0245 1412 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:39:21.0376 1412 BrFiltLo - ok

10:39:21.0434 1412 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:39:21.0499 1412 BrFiltUp - ok

10:39:22.0001 1412 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

10:39:22.0171 1412 Browser - ok

10:39:23.0125 1412 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:39:23.0311 1412 Brserid - ok

10:39:23.0404 1412 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:39:23.0560 1412 BrSerWdm - ok

10:39:23.0671 1412 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:39:23.0753 1412 BrUsbMdm - ok

10:39:23.0814 1412 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:39:23.0901 1412 BrUsbSer - ok

10:39:24.0106 1412 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

10:39:24.0237 1412 BthEnum - ok

10:39:24.0498 1412 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:39:24.0608 1412 BTHMODEM - ok

10:39:25.0059 1412 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

10:39:25.0188 1412 BthPan - ok

10:39:27.0017 1412 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

10:39:27.0195 1412 BTHPORT - ok

10:39:27.0405 1412 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

10:39:27.0611 1412 bthserv - ok

10:39:28.0080 1412 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

10:39:28.0328 1412 BTHUSB - ok

10:39:28.0755 1412 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys

10:39:28.0869 1412 btwampfl - ok

10:39:28.0995 1412 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys

10:39:29.0102 1412 btwaudio - ok

10:39:29.0219 1412 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys

10:39:29.0313 1412 btwavdt - ok

10:39:30.0037 1412 btwdins (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

10:39:30.0143 1412 btwdins - ok

10:39:30.0299 1412 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys

10:39:30.0389 1412 btwl2cap - ok

10:39:30.0495 1412 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys

10:39:30.0528 1412 btwrchid - ok

10:39:30.0818 1412 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:39:31.0013 1412 cdfs - ok

10:39:31.0362 1412 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

10:39:31.0468 1412 cdrom - ok

10:39:31.0768 1412 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:39:32.0020 1412 CertPropSvc - ok

10:39:32.0387 1412 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:39:32.0579 1412 circlass - ok

10:39:33.0817 1412 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:39:33.0988 1412 CLFS - ok

10:39:34.0989 1412 CLKMSVC10_C6F09094 (dede5ec7dc09d840d5d74e06ff4de127) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe

10:39:35.0164 1412 CLKMSVC10_C6F09094 - ok

10:39:35.0670 1412 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:39:35.0904 1412 clr_optimization_v2.0.50727_32 - ok

10:39:36.0399 1412 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:39:36.0564 1412 clr_optimization_v2.0.50727_64 - ok

10:39:38.0165 1412 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:39:38.0581 1412 clr_optimization_v4.0.30319_32 - ok

10:39:39.0054 1412 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:39:39.0162 1412 clr_optimization_v4.0.30319_64 - ok

10:39:39.0403 1412 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys

10:39:39.0485 1412 clwvd - ok

10:39:39.0604 1412 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:39:39.0671 1412 CmBatt - ok

10:39:39.0738 1412 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:39:39.0779 1412 cmdide - ok

10:39:40.0964 1412 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:39:41.0073 1412 CNG - ok

10:39:41.0210 1412 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:39:41.0329 1412 Compbatt - ok

10:39:41.0473 1412 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:39:41.0633 1412 CompositeBus - ok

10:39:41.0719 1412 COMSysApp - ok

10:39:41.0792 1412 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:39:41.0910 1412 crcdisk - ok

10:39:42.0453 1412 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

10:39:42.0558 1412 CryptSvc - ok

10:39:46.0390 1412 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

10:39:46.0452 1412 cvhsvc - ok

10:39:47.0284 1412 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:39:47.0451 1412 DcomLaunch - ok

10:39:48.0225 1412 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

10:39:48.0486 1412 defragsvc - ok

10:39:48.0967 1412 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:39:49.0080 1412 DfsC - ok

10:39:49.0901 1412 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

10:39:50.0054 1412 Dhcp - ok

10:39:50.0204 1412 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:39:50.0482 1412 discache - ok

10:39:50.0653 1412 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:39:50.0985 1412 Disk - ok

10:39:51.0460 1412 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

10:39:51.0759 1412 Dnscache - ok

10:39:52.0111 1412 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

10:39:52.0348 1412 dot3svc - ok

10:39:53.0437 1412 DpHost (eac9d9868d37c8785d12475a9bb65a11) C:\Program Files\DigitalPersona\Bin\DpHostW.exe

10:39:53.0559 1412 DpHost - ok

10:39:54.0065 1412 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

10:39:54.0188 1412 DPS - ok

10:39:54.0322 1412 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:39:54.0920 1412 drmkaud - ok

10:39:56.0359 1412 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:39:56.0517 1412 DXGKrnl - ok

10:39:56.0820 1412 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

10:39:56.0939 1412 EapHost - ok

10:40:04.0546 1412 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:40:04.0897 1412 ebdrv - ok

10:40:05.0789 1412 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

10:40:06.0029 1412 eeCtrl - ok

10:40:07.0694 1412 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

10:40:07.0778 1412 EFS - ok

10:40:08.0413 1412 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

10:40:08.0584 1412 ehRecvr - ok

10:40:08.0774 1412 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

10:40:08.0951 1412 ehSched - ok

10:40:09.0434 1412 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:40:09.0517 1412 elxstor - ok

10:40:09.0768 1412 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

10:40:09.0818 1412 EraserUtilRebootDrv - ok

10:40:09.0878 1412 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:40:09.0937 1412 ErrDev - ok

10:40:10.0427 1412 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

10:40:10.0578 1412 EventSystem - ok

10:40:10.0752 1412 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:40:10.0886 1412 exfat - ok

10:40:11.0051 1412 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:40:11.0189 1412 fastfat - ok

10:40:11.0757 1412 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

10:40:11.0914 1412 Fax - ok

10:40:11.0976 1412 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:40:12.0030 1412 fdc - ok

10:40:12.0129 1412 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

10:40:12.0278 1412 fdPHost - ok

10:40:12.0410 1412 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

10:40:12.0543 1412 FDResPub - ok

10:40:12.0711 1412 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:40:12.0850 1412 FileInfo - ok

10:40:12.0937 1412 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:40:13.0068 1412 Filetrace - ok

10:40:13.0112 1412 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:40:13.0135 1412 flpydisk - ok

10:40:13.0335 1412 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:40:13.0418 1412 FltMgr - ok

10:40:13.0961 1412 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

10:40:14.0080 1412 FontCache - ok

10:40:14.0238 1412 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:40:14.0264 1412 FontCache3.0.0.0 - ok

10:40:14.0371 1412 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:40:14.0444 1412 FsDepends - ok

10:40:14.0521 1412 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

10:40:14.0566 1412 Fs_Rec - ok

10:40:14.0682 1412 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:40:14.0713 1412 fvevol - ok

10:40:14.0772 1412 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:40:14.0807 1412 gagp30kx - ok

10:40:15.0058 1412 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

10:40:15.0123 1412 GameConsoleService - ok

10:40:15.0540 1412 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

10:40:15.0635 1412 GamesAppService - ok

10:40:16.0109 1412 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

10:40:16.0243 1412 gpsvc - ok

10:40:16.0450 1412 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:40:16.0566 1412 hcw85cir - ok

10:40:16.0768 1412 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:40:16.0830 1412 HdAudAddService - ok

10:40:16.0889 1412 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:40:16.0936 1412 HDAudBus - ok

10:40:16.0978 1412 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:40:17.0023 1412 HidBatt - ok

10:40:17.0258 1412 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:40:17.0333 1412 HidBth - ok

10:40:17.0393 1412 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:40:17.0468 1412 HidIr - ok

10:40:17.0558 1412 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

10:40:17.0679 1412 hidserv - ok

10:40:17.0761 1412 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

10:40:17.0816 1412 HidUsb - ok

10:40:18.0129 1412 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

10:40:18.0315 1412 hkmsvc - ok

10:40:18.0584 1412 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

10:40:18.0676 1412 HomeGroupListener - ok

10:40:18.0747 1412 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

10:40:18.0789 1412 HomeGroupProvider - ok

10:40:18.0948 1412 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

10:40:18.0968 1412 HP Support Assistant Service - ok

10:40:19.0231 1412 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

10:40:19.0264 1412 HP Wireless Assistant Service - ok

10:40:19.0644 1412 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

10:40:19.0707 1412 HPClientSvc - ok

10:40:19.0914 1412 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

10:40:19.0939 1412 HPDrvMntSvc.exe - ok

10:40:19.0965 1412 hpdskflt (0193c30760032cc044ef47a1919f20dc) C:\Windows\system32\DRIVERS\hpdskflt.sys

10:40:19.0987 1412 hpdskflt - ok

10:40:20.0627 1412 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

10:40:20.0716 1412 hpqwmiex - ok

10:40:20.0840 1412 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:40:20.0916 1412 HpSAMD - ok

10:40:21.0041 1412 hpsrv (65a2b4b003d733c6faa16f22212bb86d) C:\Windows\system32\Hpservice.exe

10:40:21.0091 1412 hpsrv - ok

10:40:21.0226 1412 HPWMISVC (171000873eb522e5ea3dd4c4e0b689b2) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

10:40:21.0253 1412 HPWMISVC - ok

10:40:21.0845 1412 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:40:21.0989 1412 HTTP - ok

10:40:22.0057 1412 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:40:22.0089 1412 hwpolicy - ok

10:40:22.0169 1412 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:40:22.0205 1412 i8042prt - ok

10:40:22.0333 1412 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:40:22.0402 1412 iaStorV - ok

10:40:23.0204 1412 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:40:23.0341 1412 idsvc - ok

10:40:24.0393 1412 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120622.001\IDSvia64.sys

10:40:24.0451 1412 IDSVia64 - ok

10:40:27.0418 1412 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

10:40:27.0751 1412 igfx - ok

10:40:28.0005 1412 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:40:28.0039 1412 iirsp - ok

10:40:28.0281 1412 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

10:40:28.0421 1412 IKEEXT - ok

10:40:28.0464 1412 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:40:28.0498 1412 intelide - ok

10:40:28.0617 1412 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:40:28.0724 1412 intelppm - ok

10:40:28.0818 1412 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

10:40:28.0957 1412 IPBusEnum - ok

10:40:29.0064 1412 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:40:29.0202 1412 IpFilterDriver - ok

10:40:29.0535 1412 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

10:40:29.0677 1412 iphlpsvc - ok

10:40:29.0762 1412 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:40:29.0860 1412 IPMIDRV - ok

10:40:29.0959 1412 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:40:30.0062 1412 IPNAT - ok

10:40:30.0103 1412 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:40:30.0125 1412 IRENUM - ok

10:40:30.0198 1412 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:40:30.0231 1412 isapnp - ok

10:40:30.0329 1412 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:40:30.0409 1412 iScsiPrt - ok

10:40:30.0438 1412 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

10:40:30.0463 1412 kbdclass - ok

10:40:30.0554 1412 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

10:40:30.0633 1412 kbdhid - ok

10:40:30.0735 1412 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:40:30.0771 1412 KeyIso - ok

10:40:30.0940 1412 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:40:30.0998 1412 KSecDD - ok

10:40:31.0075 1412 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:40:31.0113 1412 KSecPkg - ok

10:40:31.0157 1412 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:40:31.0274 1412 ksthunk - ok

10:40:32.0214 1412 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

10:40:32.0351 1412 KtmRm - ok

10:40:32.0771 1412 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

10:40:32.0895 1412 LanmanServer - ok

10:40:33.0031 1412 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

10:40:33.0162 1412 LanmanWorkstation - ok

10:40:33.0233 1412 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:40:33.0336 1412 lltdio - ok

10:40:34.0202 1412 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

10:40:34.0342 1412 lltdsvc - ok

10:40:34.0376 1412 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

10:40:34.0460 1412 lmhosts - ok

10:40:34.0593 1412 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:40:34.0639 1412 LSI_FC - ok

10:40:34.0781 1412 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:40:34.0888 1412 LSI_SAS - ok

10:40:35.0076 1412 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:40:35.0173 1412 LSI_SAS2 - ok

10:40:35.0224 1412 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:40:35.0261 1412 LSI_SCSI - ok

10:40:35.0331 1412 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:40:35.0431 1412 luafv - ok

10:40:35.0559 1412 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

10:40:35.0611 1412 Mcx2Svc - ok

10:40:35.0704 1412 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:40:35.0764 1412 megasas - ok

10:40:36.0157 1412 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:40:36.0227 1412 MegaSR - ok

10:40:36.0283 1412 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:40:36.0393 1412 MMCSS - ok

10:40:36.0418 1412 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:40:36.0491 1412 Modem - ok

10:40:36.0536 1412 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:40:36.0615 1412 monitor - ok

10:40:36.0720 1412 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

10:40:36.0762 1412 mouclass - ok

10:40:36.0828 1412 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:40:36.0887 1412 mouhid - ok

10:40:37.0135 1412 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:40:37.0170 1412 mountmgr - ok

10:40:37.0459 1412 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:40:37.0539 1412 mpio - ok

10:40:37.0645 1412 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:40:37.0764 1412 mpsdrv - ok

10:40:38.0997 1412 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

10:40:39.0164 1412 MpsSvc - ok

10:40:39.0357 1412 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:40:39.0427 1412 MRxDAV - ok

10:40:39.0713 1412 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:40:39.0808 1412 mrxsmb - ok

10:40:40.0377 1412 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:40:40.0467 1412 mrxsmb10 - ok

10:40:40.0632 1412 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:40:40.0667 1412 mrxsmb20 - ok

10:40:40.0737 1412 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:40:40.0778 1412 msahci - ok

10:40:41.0012 1412 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:40:41.0058 1412 msdsm - ok

10:40:41.0364 1412 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

10:40:41.0437 1412 MSDTC - ok

10:40:41.0525 1412 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:40:41.0610 1412 Msfs - ok

10:40:41.0637 1412 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:40:41.0741 1412 mshidkmdf - ok

10:40:41.0799 1412 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:40:41.0831 1412 msisadrv - ok

10:40:42.0054 1412 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

10:40:42.0196 1412 MSiSCSI - ok

10:40:42.0204 1412 msiserver - ok

10:40:42.0272 1412 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:40:42.0383 1412 MSKSSRV - ok

10:40:42.0430 1412 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:40:42.0547 1412 MSPCLOCK - ok

10:40:42.0568 1412 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:40:42.0667 1412 MSPQM - ok

10:40:43.0006 1412 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:40:43.0054 1412 MsRPC - ok

10:40:43.0167 1412 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:40:43.0200 1412 mssmbios - ok

10:40:43.0270 1412 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:40:43.0384 1412 MSTEE - ok

10:40:43.0451 1412 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:40:43.0512 1412 MTConfig - ok

10:40:43.0573 1412 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:40:43.0606 1412 Mup - ok

10:40:44.0203 1412 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

10:40:44.0349 1412 napagent - ok

10:40:44.0797 1412 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:40:44.0882 1412 NativeWifiP - ok

10:40:45.0532 1412 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120625.002\ENG64.SYS

10:40:45.0595 1412 NAVENG - ok

10:40:48.0318 1412 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120625.002\EX64.SYS

10:40:48.0435 1412 NAVEX15 - ok

10:40:49.0503 1412 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:40:49.0562 1412 NDIS - ok

10:40:49.0614 1412 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:40:49.0724 1412 NdisCap - ok

10:40:49.0768 1412 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:40:49.0850 1412 NdisTapi - ok

10:40:49.0931 1412 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:40:50.0039 1412 Ndisuio - ok

10:40:50.0338 1412 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:40:50.0472 1412 NdisWan - ok

10:40:50.0614 1412 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:40:50.0718 1412 NDProxy - ok

10:40:50.0846 1412 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:40:50.0975 1412 NetBIOS - ok

10:40:51.0246 1412 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:40:51.0366 1412 NetBT - ok

10:40:51.0430 1412 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:40:51.0480 1412 Netlogon - ok

10:40:52.0493 1412 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

10:40:52.0642 1412 Netman - ok

10:40:53.0688 1412 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

10:40:53.0806 1412 netprofm - ok

10:40:54.0144 1412 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:40:54.0220 1412 NetTcpPortSharing - ok

10:40:58.0587 1412 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

10:40:58.0853 1412 netw5v64 - ok

10:40:59.0032 1412 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:40:59.0066 1412 nfrd960 - ok

10:40:59.0339 1412 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

10:40:59.0371 1412 NIS - ok

10:40:59.0470 1412 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

10:40:59.0594 1412 NlaSvc - ok

10:40:59.0954 1412 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

10:41:00.0133 1412 NOBU - ok

10:41:00.0347 1412 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:41:00.0427 1412 Npfs - ok

10:41:00.0454 1412 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

10:41:00.0581 1412 nsi - ok

10:41:00.0603 1412 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:41:00.0715 1412 nsiproxy - ok

10:41:01.0009 1412 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:41:01.0096 1412 Ntfs - ok

10:41:01.0250 1412 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:41:01.0353 1412 Null - ok

10:41:01.0422 1412 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:41:01.0471 1412 nvraid - ok

10:41:01.0555 1412 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:41:01.0594 1412 nvstor - ok

10:41:01.0655 1412 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:41:01.0692 1412 nv_agp - ok

10:41:01.0722 1412 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:41:01.0776 1412 ohci1394 - ok

10:41:01.0905 1412 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:41:01.0951 1412 ose - ok

10:41:02.0635 1412 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

10:41:02.0851 1412 osppsvc - ok

10:41:03.0061 1412 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:41:03.0156 1412 p2pimsvc - ok

10:41:03.0227 1412 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

10:41:03.0276 1412 p2psvc - ok

10:41:03.0372 1412 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:41:03.0409 1412 Parport - ok

10:41:03.0446 1412 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

10:41:03.0495 1412 partmgr - ok

10:41:03.0563 1412 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

10:41:03.0636 1412 PcaSvc - ok

10:41:03.0692 1412 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:41:03.0736 1412 pci - ok

10:41:03.0776 1412 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:41:03.0809 1412 pciide - ok

10:41:03.0853 1412 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:41:03.0895 1412 pcmcia - ok

10:41:03.0925 1412 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:41:03.0973 1412 pcw - ok

10:41:04.0101 1412 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:41:04.0223 1412 PEAUTH - ok

10:41:04.0358 1412 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

10:41:04.0434 1412 PerfHost - ok

10:41:04.0694 1412 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

10:41:04.0830 1412 pla - ok

10:41:04.0916 1412 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

10:41:05.0006 1412 PlugPlay - ok

10:41:05.0107 1412 pneteth (fe74ba87cdaa80ac9261f49167f0608a) C:\Windows\system32\DRIVERS\pneteth.sys

10:41:05.0177 1412 pneteth - ok

10:41:05.0239 1412 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

10:41:05.0290 1412 PNRPAutoReg - ok

10:41:05.0348 1412 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:41:05.0390 1412 PNRPsvc - ok

10:41:05.0489 1412 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

10:41:05.0619 1412 PolicyAgent - ok

10:41:05.0669 1412 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

10:41:05.0772 1412 Power - ok

10:41:05.0838 1412 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:41:05.0955 1412 PptpMiniport - ok

10:41:05.0993 1412 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:41:06.0046 1412 Processor - ok

10:41:06.0115 1412 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

10:41:06.0191 1412 ProfSvc - ok

10:41:06.0239 1412 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:41:06.0272 1412 ProtectedStorage - ok

10:41:06.0423 1412 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:41:06.0516 1412 Psched - ok

10:41:06.0684 1412 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

10:41:06.0717 1412 PSI_SVC_2 - ok

10:41:07.0091 1412 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:41:07.0224 1412 ql2300 - ok

10:41:08.0109 1412 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:41:08.0148 1412 ql40xx - ok

10:41:08.0337 1412 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

10:41:08.0409 1412 QWAVE - ok

10:41:08.0458 1412 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:41:08.0506 1412 QWAVEdrv - ok

10:41:08.0542 1412 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:41:08.0646 1412 RasAcd - ok

10:41:08.0794 1412 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:41:08.0906 1412 RasAgileVpn - ok

10:41:09.0051 1412 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

10:41:09.0191 1412 RasAuto - ok

10:41:09.0491 1412 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:41:09.0606 1412 Rasl2tp - ok

10:41:09.0736 1412 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

10:41:09.0852 1412 RasMan - ok

10:41:10.0022 1412 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:41:10.0135 1412 RasPppoe - ok

10:41:10.0221 1412 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:41:10.0326 1412 RasSstp - ok

10:41:10.0561 1412 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:41:10.0689 1412 rdbss - ok

10:41:10.0776 1412 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:41:10.0841 1412 rdpbus - ok

10:41:10.0912 1412 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:41:11.0028 1412 RDPCDD - ok

10:41:11.0072 1412 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:41:11.0188 1412 RDPENCDD - ok

10:41:11.0225 1412 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:41:11.0308 1412 RDPREFMP - ok

10:41:11.0364 1412 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

10:41:11.0446 1412 RDPWD - ok

10:41:11.0689 1412 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:41:11.0732 1412 rdyboost - ok

10:41:11.0822 1412 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

10:41:11.0919 1412 RemoteAccess - ok

10:41:11.0973 1412 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

10:41:12.0058 1412 RemoteRegistry - ok

10:41:12.0142 1412 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

10:41:12.0201 1412 RFCOMM - ok

10:41:12.0394 1412 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

10:41:12.0446 1412 RoxioNow Service - ok

10:41:12.0510 1412 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

10:41:12.0635 1412 RpcEptMapper - ok

10:41:12.0712 1412 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

10:41:12.0790 1412 RpcLocator - ok

10:41:12.0902 1412 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:41:12.0980 1412 RpcSs - ok

10:41:13.0192 1412 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:41:13.0310 1412 rspndr - ok

10:41:13.0464 1412 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys

10:41:13.0512 1412 RSUSBSTOR - ok

10:41:13.0651 1412 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys

10:41:13.0735 1412 RTL8167 - ok

10:41:13.0840 1412 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:41:13.0893 1412 SamSs - ok

10:41:13.0966 1412 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:41:14.0003 1412 sbp2port - ok

10:41:14.0056 1412 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

10:41:14.0146 1412 SCardSvr - ok

10:41:14.0206 1412 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:41:14.0305 1412 scfilter - ok

10:41:14.0511 1412 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

10:41:14.0676 1412 Schedule - ok

10:41:14.0775 1412 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:41:14.0842 1412 SCPolicySvc - ok

10:41:14.0906 1412 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

10:41:14.0958 1412 sdbus - ok

10:41:15.0113 1412 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

10:41:15.0239 1412 SDRSVC - ok

10:41:15.0322 1412 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:41:15.0399 1412 secdrv - ok

10:41:15.0454 1412 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

10:41:15.0578 1412 seclogon - ok

10:41:15.0637 1412 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

10:41:15.0759 1412 SENS - ok

10:41:15.0822 1412 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

10:41:15.0894 1412 SensrSvc - ok

10:41:15.0942 1412 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:41:15.0996 1412 Serenum - ok

10:41:16.0053 1412 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:41:16.0091 1412 Serial - ok

10:41:16.0137 1412 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:41:16.0188 1412 sermouse - ok

10:41:16.0259 1412 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

10:41:16.0389 1412 SessionEnv - ok

10:41:16.0451 1412 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:41:16.0541 1412 sffdisk - ok

10:41:16.0605 1412 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:41:16.0729 1412 sffp_mmc - ok

10:41:16.0771 1412 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:41:16.0826 1412 sffp_sd - ok

10:41:16.0875 1412 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:41:16.0910 1412 sfloppy - ok

10:41:17.0051 1412 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

10:41:17.0098 1412 Sftfs - ok

10:41:17.0318 1412 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

10:41:17.0362 1412 sftlist - ok

10:41:17.0602 1412 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

10:41:17.0665 1412 Sftplay - ok

10:41:17.0723 1412 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

10:41:17.0752 1412 Sftredir - ok

10:41:17.0778 1412 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

10:41:17.0807 1412 Sftvol - ok

10:41:17.0984 1412 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

10:41:18.0019 1412 sftvsa - ok

10:41:18.0111 1412 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

10:41:18.0220 1412 SharedAccess - ok

10:41:18.0325 1412 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

10:41:18.0456 1412 ShellHWDetection - ok

10:41:18.0679 1412 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:41:18.0717 1412 SiSRaid2 - ok

10:41:18.0777 1412 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:41:18.0814 1412 SiSRaid4 - ok

10:41:19.0122 1412 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

10:41:19.0191 1412 SkypeUpdate - ok

10:41:19.0252 1412 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:41:19.0371 1412 Smb - ok

10:41:19.0432 1412 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

10:41:19.0506 1412 SNMPTRAP - ok

10:41:19.0546 1412 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:41:19.0579 1412 spldr - ok

10:41:19.0713 1412 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

10:41:19.0814 1412 Spooler - ok

10:41:20.0597 1412 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

10:41:20.0896 1412 sppsvc - ok

10:41:21.0186 1412 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

10:41:21.0270 1412 sppuinotify - ok

10:41:21.0555 1412 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS

10:41:21.0597 1412 SRTSP - ok

10:41:21.0619 1412 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS

10:41:21.0634 1412 SRTSPX - ok

10:41:21.0738 1412 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:41:21.0829 1412 srv - ok

10:41:22.0079 1412 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:41:22.0162 1412 srv2 - ok

10:41:22.0279 1412 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

10:41:22.0353 1412 SrvHsfHDA - ok

10:41:22.0696 1412 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

10:41:22.0815 1412 SrvHsfV92 - ok

10:41:23.0230 1412 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

10:41:23.0281 1412 SrvHsfWinac - ok

10:41:23.0364 1412 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:41:23.0460 1412 srvnet - ok

10:41:23.0606 1412 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

10:41:23.0734 1412 SSDPSRV - ok

10:41:23.0860 1412 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

10:41:23.0935 1412 SstpSvc - ok

10:41:24.0230 1412 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe

10:41:24.0298 1412 STacSV - ok

10:41:24.0347 1412 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:41:24.0396 1412 stexstor - ok

10:41:24.0840 1412 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys

10:41:24.0940 1412 STHDA - ok

10:41:25.0087 1412 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

10:41:25.0188 1412 stisvc - ok

10:41:25.0220 1412 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:41:25.0252 1412 swenum - ok

10:41:25.0408 1412 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

10:41:25.0532 1412 swprv - ok

10:41:25.0712 1412 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS

10:41:25.0754 1412 SymDS - ok

10:41:25.0915 1412 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS

10:41:25.0979 1412 SymEFA - ok

10:41:26.0086 1412 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

10:41:26.0123 1412 SymEvent - ok

10:41:26.0181 1412 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS

10:41:26.0214 1412 SymIRON - ok

10:41:26.0363 1412 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS

10:41:26.0405 1412 SymNetS - ok

10:41:26.0712 1412 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys

10:41:26.0839 1412 SynTP - ok

10:41:27.0254 1412 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

10:41:27.0363 1412 SysMain - ok

10:41:27.0562 1412 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

10:41:27.0616 1412 TabletInputService - ok

10:41:27.0667 1412 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

10:41:27.0772 1412 TapiSrv - ok

10:41:27.0804 1412 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

10:41:27.0907 1412 TBS - ok

10:41:28.0238 1412 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

10:41:28.0340 1412 Tcpip - ok

10:41:29.0248 1412 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

10:41:29.0327 1412 TCPIP6 - ok

10:41:29.0520 1412 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:41:29.0624 1412 tcpipreg - ok

10:41:29.0660 1412 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:41:29.0753 1412 TDPIPE - ok

10:41:29.0824 1412 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

10:41:29.0883 1412 TDTCP - ok

10:41:29.0954 1412 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:41:30.0047 1412 tdx - ok

10:41:30.0118 1412 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:41:30.0153 1412 TermDD - ok

10:41:30.0292 1412 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

10:41:30.0444 1412 TermService - ok

10:41:30.0486 1412 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

10:41:30.0550 1412 Themes - ok

10:41:30.0598 1412 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:41:30.0687 1412 THREADORDER - ok

10:41:30.0746 1412 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

10:41:30.0833 1412 TrkWks - ok

10:41:31.0056 1412 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

10:41:31.0168 1412 TrustedInstaller - ok

10:41:31.0219 1412 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:41:31.0319 1412 tssecsrv - ok

10:41:31.0391 1412 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:41:31.0432 1412 TsUsbFlt - ok

10:41:31.0529 1412 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:41:31.0625 1412 tunnel - ok

10:41:31.0727 1412 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:41:31.0770 1412 uagp35 - ok

10:41:31.0996 1412 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:41:32.0118 1412 udfs - ok

10:41:32.0199 1412 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

10:41:32.0256 1412 UI0Detect - ok

10:41:32.0344 1412 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:41:32.0379 1412 uliagpkx - ok

10:41:32.0434 1412 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

10:41:32.0510 1412 umbus - ok

10:41:32.0589 1412 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:41:32.0647 1412 UmPass - ok

10:41:32.0991 1412 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

10:41:33.0117 1412 upnphost - ok

10:41:33.0225 1412 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:41:33.0313 1412 usbccgp - ok

10:41:33.0397 1412 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:41:33.0489 1412 usbcir - ok

10:41:33.0513 1412 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

10:41:33.0562 1412 usbehci - ok

10:41:33.0639 1412 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys

10:41:33.0699 1412 usbfilter - ok

10:41:33.0788 1412 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:41:33.0847 1412 usbhub - ok

10:41:33.0900 1412 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

10:41:33.0963 1412 usbohci - ok

10:41:34.0028 1412 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:41:34.0103 1412 usbprint - ok

10:41:34.0148 1412 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

10:41:34.0246 1412 usbscan - ok

10:41:34.0371 1412 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

10:41:34.0487 1412 USBSTOR - ok

10:41:34.0514 1412 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:41:34.0570 1412 usbuhci - ok

10:41:34.0744 1412 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

10:41:34.0793 1412 usbvideo - ok

10:41:34.0880 1412 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys

10:41:34.0929 1412 usb_rndisx - ok

10:41:34.0972 1412 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

10:41:35.0083 1412 UxSms - ok

10:41:35.0130 1412 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:41:35.0163 1412 VaultSvc - ok

10:41:36.0521 1412 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe

10:41:36.0670 1412 vcsFPService - ok

10:41:37.0548 1412 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:41:37.0580 1412 vdrvroot - ok

10:41:37.0820 1412 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

10:41:37.0950 1412 vds - ok

10:41:38.0171 1412 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:41:38.0241 1412 vga - ok

10:41:38.0260 1412 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:41:38.0383 1412 VgaSave - ok

10:41:38.0597 1412 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:41:38.0666 1412 vhdmp - ok

10:41:38.0733 1412 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:41:38.0776 1412 viaide - ok

10:41:38.0845 1412 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:41:38.0892 1412 volmgr - ok

10:41:39.0049 1412 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:41:39.0095 1412 volmgrx - ok

10:41:39.0239 1412 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:41:39.0285 1412 volsnap - ok

10:41:39.0485 1412 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:41:39.0525 1412 vsmraid - ok

10:41:40.0471 1412 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

10:41:40.0647 1412 VSS - ok

10:41:41.0129 1412 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:41:41.0189 1412 vwifibus - ok

10:41:41.0244 1412 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:41:41.0297 1412 vwififlt - ok

10:41:41.0554 1412 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

10:41:41.0683 1412 W32Time - ok

10:41:41.0740 1412 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:41:41.0805 1412 WacomPen - ok

10:41:41.0854 1412 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:41:41.0954 1412 WANARP - ok

10:41:41.0982 1412 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:41:42.0061 1412 Wanarpv6 - ok

10:41:42.0567 1412 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

10:41:42.0750 1412 WatAdminSvc - ok

10:41:43.0267 1412 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

10:41:43.0386 1412 wbengine - ok

10:41:44.0326 1412 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

10:41:44.0404 1412 WbioSrvc - ok

10:41:44.0713 1412 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

10:41:44.0796 1412 wcncsvc - ok

10:41:44.0964 1412 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

10:41:45.0323 1412 WcsPlugInService - ok

10:41:45.0662 1412 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:41:45.0700 1412 Wd - ok

10:41:46.0555 1412 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:41:46.0680 1412 Wdf01000 - ok

10:41:46.0866 1412 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:41:46.0994 1412 WdiServiceHost - ok

10:41:47.0001 1412 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:41:47.0035 1412 WdiSystemHost - ok

10:41:47.0129 1412 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

10:41:47.0207 1412 WebClient - ok

10:41:47.0271 1412 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

10:41:47.0380 1412 Wecsvc - ok

10:41:47.0417 1412 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

10:41:47.0571 1412 wercplsupport - ok

10:41:47.0655 1412 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

10:41:47.0756 1412 WerSvc - ok

10:41:47.0909 1412 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:41:48.0000 1412 WfpLwf - ok

10:41:48.0102 1412 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:41:48.0135 1412 WIMMount - ok

10:41:48.0176 1412 WinDefend - ok

10:41:48.0193 1412 WinHttpAutoProxySvc - ok

10:41:48.0400 1412 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

10:41:48.0575 1412 Winmgmt - ok

10:41:49.0422 1412 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

10:41:49.0632 1412 WinRM - ok

10:41:49.0963 1412 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

10:41:50.0021 1412 WinUSB - ok

10:41:50.0169 1412 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

10:41:50.0244 1412 Wlansvc - ok

10:41:51.0748 1412 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:41:51.0870 1412 wlidsvc - ok

10:41:52.0466 1412 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:41:52.0588 1412 WmiAcpi - ok

10:41:52.0717 1412 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

10:41:52.0803 1412 wmiApSrv - ok

10:41:52.0866 1412 WMPNetworkSvc - ok

10:41:52.0892 1412 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

10:41:52.0950 1412 WPCSvc - ok

10:41:53.0011 1412 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

10:41:53.0084 1412 WPDBusEnum - ok

10:41:53.0112 1412 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:41:53.0205 1412 ws2ifsl - ok

10:41:53.0255 1412 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

10:41:53.0322 1412 wscsvc - ok

10:41:53.0330 1412 WSearch - ok

10:41:53.0626 1412 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

10:41:53.0731 1412 wuauserv - ok

10:41:54.0128 1412 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:41:54.0267 1412 WudfPf - ok

10:41:54.0343 1412 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:41:54.0468 1412 WUDFRd - ok

10:41:54.0539 1412 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

10:41:54.0624 1412 wudfsvc - ok

10:41:54.0690 1412 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

10:41:54.0793 1412 WwanSvc - ok

10:41:54.0966 1412 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

10:41:55.0082 1412 yukonw7 - ok

10:41:55.0151 1412 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0

10:41:55.0195 1412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

10:41:55.0195 1412 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

10:41:55.0326 1412 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:41:55.0326 1412 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:41:55.0348 1412 Boot (0x1200) (59289c2b48e375dded0bbbd04edd3b99) \Device\Harddisk0\DR0\Partition0

10:41:55.0358 1412 \Device\Harddisk0\DR0\Partition0 - ok

10:41:55.0457 1412 Boot (0x1200) (31b7528e894dd44a2d13f1fbb17edbf6) \Device\Harddisk0\DR0\Partition1

10:41:55.0627 1412 \Device\Harddisk0\DR0\Partition1 - ok

10:41:55.0693 1412 Boot (0x1200) (ece4f927bcdb5482a95bfaf7384b3603) \Device\Harddisk0\DR0\Partition2

10:41:55.0729 1412 \Device\Harddisk0\DR0\Partition2 - ok

10:41:55.0820 1412 Boot (0x1200) (f22c95416878215ea58f71b74cca52c4) \Device\Harddisk0\DR0\Partition3

10:41:55.0822 1412 \Device\Harddisk0\DR0\Partition3 - ok

10:41:55.0823 1412 ============================================================

10:41:55.0823 1412 Scan finished

10:41:55.0823 1412 ============================================================

10:41:55.0854 5956 Detected object count: 2

10:41:55.0854 5956 Actual detected object count: 2

10:42:13.0562 5956 \Device\Harddisk0\DR0\# - copied to quarantine

10:42:13.0563 5956 \Device\Harddisk0\DR0 - copied to quarantine

10:42:13.0662 5956 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:42:13.0669 5956 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

10:42:13.0679 5956 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

10:42:13.0691 5956 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

10:42:13.0718 5956 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

10:42:13.0735 5956 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

10:42:13.0740 5956 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

10:42:13.0744 5956 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

10:42:13.0750 5956 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

10:42:13.0756 5956 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

10:42:13.0763 5956 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

10:42:13.0769 5956 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

10:42:13.0807 5956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

10:42:13.0871 5956 \Device\Harddisk0\DR0 - ok

10:42:17.0896 5956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

10:42:17.0897 5956 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:42:17.0898 5956 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

10:43:54.0138 3788 Deinitialize success

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.28.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-HP [administrator]

6/28/2012 10:53:20 AM

mbam-log-2012-06-28 (10-53-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213808

Time elapsed: 15 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

[Maniac]

Good!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[username123]

Combofix log

ComboFix 12-07-02.01 - Owner 07/02/2012 13:51:27.1.3 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1859 [GMT -4:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Owner\AppData\Local\Temp\libsqlitejdbc-1097905350671404327.lib

c:\users\Owner\AppData\Local\Temp\swt-gdip-win32-3448.dll

c:\users\Owner\AppData\Local\Temp\swt-win32-3448.dll

c:\users\Owner\AppData\Local\Temp\WindowsAPI.dll3028653110324797918.lib

.

.

((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))

.

.

2012-06-28 14:42 . 2012-06-28 14:42 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-25 20:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-25 20:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-25 20:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-25 20:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-25 20:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-25 20:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-25 20:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-25 20:02 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-25 20:02 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-14 01:40 . 2012-06-14 01:40 -------- d-----w- C:\5e688b2ba81316da2e36f179622c7d

2012-06-14 00:51 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 00:51 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 00:51 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 00:51 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-14 00:51 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-14 00:51 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-14 00:44 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-14 00:44 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-14 00:34 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 00:16 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 00:16 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 00:16 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 00:13 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 00:08 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 00:50 . 2012-06-13 23:13 -------- d-----w- c:\windows\system32\drivers\NISx64\1207020.003

2012-06-08 18:51 . 2012-06-08 18:51 -------- d-----w- c:\programdata\Kodak

2012-06-08 18:51 . 2010-09-02 19:31 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-19 02:13 . 2011-08-16 20:43 900 --sha-w- c:\programdata\KGyGaAvL.sys

2012-04-04 19:56 . 2012-03-21 20:40 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-25 2084]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-25 2084]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]

.

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-5-18 473616]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ DPPassFilter scecli

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/03/11 01:08;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-09-21 245232]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-15 239136]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-16 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120627.001\IDSvia64.sys [2012-06-18 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-14 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 203264]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-04-20 30520]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-08 7767552]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-08 279040]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]

S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-04 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]

S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 15360]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-10-08 38528]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - CLKMDRV10_C6F09094

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-08 c:\windows\Tasks\HPCeeScheduleForOWNER-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2012-06-10 c:\windows\Tasks\HPCeeScheduleForOwner.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-14 487424]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.foxnews.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-Corel File Shell Monitor - c:\program files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\windows\system32\atibtmon.exe

c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe

c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

.

**************************************************************************

.

Completion time: 2012-07-02 14:18:34 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-02 18:18

.

Pre-Run: 653,102,952,448 bytes free

Post-Run: 655,518,060,544 bytes free

.

- - End Of File - - EBA19477B837EFD9FF6DDAA469BF4C13

[Maniac]

Looks good.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[username123]

It found and rremoved 2 things, thswas all that was in the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

[Maniac]

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

[username123]

I ran the kaspersky virus removal tool and it did detect and remove a couple things, but I accidentally closed the window before I copied the log. I could not find a copy of the log anywhere on the c: drive, is there a way to recover it?

[Maniac]

It is okay.

How is your system now?

[username123]

It is running ok, malwarebytes scan come up clean.

[Maniac]

Glad I could help!

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, uninstall ESET Online Scanner and manually delete DDS and TDSSKiller.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!