Jump to content

Random music/radio connected to svchost.exe - similar to others


Recommended Posts

Similar to other posts I've seen, I have an attack going on that is directly related to svchost.exe (I can stop it and the music/radio stops, but eventually it will come back) I've loaded Malware Anti-Malware and it finds the Trojan and I eliminate it, but it comes back again. There two similar posts going now that gringo_pr has been addressing. Following the initial steps of those, I have run the Security Check and Combofix. The logs are listed below. After running these and rebooting, the 'sounds' have continued. What should my next steps be? Thank you in advance for your help!

Security Check:

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 25

Java version out of Date!

Adobe Reader X (10.1.3)

Google Chrome 19.0.1084.56

Google Chrome 20.0.1132.47

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 5%

````````````````````End of Log``````````````````````

Combofix:

ComboFix 12-07-04.03 - Derek 07/04/2012 11:17:29.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6226 [GMT -5:00]

Running from: c:\users\Derek\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))

.

.

2012-07-04 02:51 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-04 02:51 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-04 00:28 . 2012-07-04 00:28 -------- d-----w- c:\users\Derek\AppData\Roaming\Malwarebytes

2012-07-04 00:28 . 2012-07-04 00:28 -------- d-----w- c:\programdata\Malwarebytes

2012-07-04 00:28 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-04 00:28 . 2012-07-04 00:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-29 00:08 . 2012-06-29 00:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 18:28 . 2012-06-23 18:28 -------- d-----w- c:\users\Derek\AppData\Roaming\PCCUStubInstaller

2012-06-23 17:49 . 1999-11-10 17:05 86016 ----a-w- c:\windows\unvise32qt.exe

2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-23 17:47 . 2012-06-23 19:05 -------- d-----w- c:\windows\SysWow64\QuickTime

2012-06-23 17:47 . 2012-06-23 19:05 -------- d-----w- c:\program files (x86)\QuickTime

2012-06-23 17:47 . 2012-06-23 17:47 -------- d-----w- c:\programdata\QuickTime

2012-06-22 16:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 16:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 16:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 16:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 16:28 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-22 16:28 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 16:28 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 16:28 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 16:28 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-14 00:41 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-14 00:41 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-14 00:41 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-14 00:41 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-14 00:41 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 00:41 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 00:41 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-14 00:41 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-14 00:40 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 00:40 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 00:40 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 00:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-14 00:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-14 00:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-29 00:42 . 2011-07-22 01:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-04-09 22:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-14 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]

"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2012-06-23 98304]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 250056]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 136176]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]

R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2010-11-30 191232]

R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2010-11-30 163384]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-13 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-26 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120703.002\IDSvia64.sys [2012-06-14 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]

S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2010-11-30 1029480]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-06-13 135608]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]

S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2010-11-30 1037672]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 9360896]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 309760]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-14 138912]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 00:42]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 14:39]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 14:39]

.

2012-07-04 c:\windows\Tasks\NUSchedule.job

- c:\program files (x86)\Norton Utilities 15\nu.exe [2012-03-24 14:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe

c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe

c:\\.\globalroot\systemroot\svchost.exe

.

**************************************************************************

.

Completion time: 2012-07-04 11:57:14 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-04 16:57

.

Pre-Run: 246,972,682,240 bytes free

Post-Run: 247,409,676,288 bytes free

.

- - End Of File - - 9035A44A2D6CEB714707A0B20E111743

Link to post
Share on other sites

Welcome to the forum, you shouldn't follow the advice given to someone else, ever computer and situation is different.

Also you shouldn't be running ComboFix unless instructed by an expert.

----------------------

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.

MrC

Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Ok, so far, so good. I ran TDSSKiller and the log is below. The computer has rebooted, and so far no 'noise'. Ready for next steps.

16:58:51.0031 3360 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

16:58:52.0264 3360 ============================================================

16:58:52.0264 3360 Current date / time: 2012/07/04 16:58:52.0264

16:58:52.0264 3360 SystemInfo:

16:58:52.0264 3360

16:58:52.0264 3360 OS Version: 6.1.7601 ServicePack: 1.0

16:58:52.0264 3360 Product type: Workstation

16:58:52.0264 3360 ComputerName: DEREK-PC

16:58:52.0264 3360 UserName: Derek

16:58:52.0264 3360 Windows directory: C:\windows

16:58:52.0264 3360 System windows directory: C:\windows

16:58:52.0264 3360 Running under WOW64

16:58:52.0264 3360 Processor architecture: Intel x64

16:58:52.0264 3360 Number of processors: 2

16:58:52.0264 3360 Page size: 0x1000

16:58:52.0264 3360 Boot type: Normal boot

16:58:52.0264 3360 ============================================================

16:58:54.0526 3360 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:58:54.0526 3360 ============================================================

16:58:54.0526 3360 \Device\Harddisk0\DR0:

16:58:54.0526 3360 MBR partitions:

16:58:54.0526 3360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238CE000

16:58:54.0526 3360 ============================================================

16:58:54.0557 3360 C: <-> \Device\Harddisk0\DR0\Partition0

16:58:54.0557 3360 ============================================================

16:58:54.0557 3360 Initialize success

16:58:54.0557 3360 ============================================================

16:59:16.0016 5924 ============================================================

16:59:16.0016 5924 Scan started

16:59:16.0016 5924 Mode: Manual; SigCheck; TDLFS;

16:59:16.0016 5924 ============================================================

16:59:17.0483 5924 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

16:59:17.0670 5924 1394ohci - ok

16:59:17.0763 5924 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

16:59:17.0810 5924 ACPI - ok

16:59:17.0841 5924 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

16:59:17.0904 5924 AcpiPmi - ok

16:59:18.0013 5924 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

16:59:18.0044 5924 AdobeARMservice - ok

16:59:18.0200 5924 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:59:18.0247 5924 AdobeFlashPlayerUpdateSvc - ok

16:59:18.0372 5924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

16:59:18.0419 5924 adp94xx - ok

16:59:18.0497 5924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

16:59:18.0559 5924 adpahci - ok

16:59:18.0668 5924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

16:59:18.0762 5924 adpu320 - ok

16:59:18.0793 5924 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

16:59:18.0902 5924 AeLookupSvc - ok

16:59:18.0996 5924 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

16:59:19.0058 5924 AFD - ok

16:59:19.0105 5924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

16:59:19.0136 5924 agp440 - ok

16:59:19.0183 5924 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

16:59:19.0245 5924 ALG - ok

16:59:19.0292 5924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

16:59:19.0323 5924 aliide - ok

16:59:19.0386 5924 AMD External Events Utility (2f2e91fd092811353c3bc968bec274d8) C:\windows\system32\atiesrxx.exe

16:59:19.0448 5924 AMD External Events Utility - ok

16:59:19.0464 5924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

16:59:19.0495 5924 amdide - ok

16:59:19.0542 5924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

16:59:19.0604 5924 AmdK8 - ok

16:59:20.0415 5924 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys

16:59:20.0899 5924 amdkmdag - ok

16:59:21.0117 5924 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys

16:59:21.0180 5924 amdkmdap - ok

16:59:21.0227 5924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

16:59:21.0273 5924 AmdPPM - ok

16:59:21.0320 5924 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

16:59:21.0351 5924 amdsata - ok

16:59:21.0383 5924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

16:59:21.0445 5924 amdsbs - ok

16:59:21.0476 5924 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

16:59:21.0507 5924 amdxata - ok

16:59:21.0539 5924 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys

16:59:21.0585 5924 amd_sata - ok

16:59:21.0695 5924 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys

16:59:21.0741 5924 amd_xata - ok

16:59:21.0773 5924 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

16:59:21.0897 5924 AppID - ok

16:59:21.0929 5924 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

16:59:22.0022 5924 AppIDSvc - ok

16:59:22.0100 5924 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

16:59:22.0194 5924 Appinfo - ok

16:59:22.0272 5924 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

16:59:22.0319 5924 arc - ok

16:59:22.0334 5924 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

16:59:22.0365 5924 arcsas - ok

16:59:22.0397 5924 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

16:59:22.0490 5924 AsyncMac - ok

16:59:22.0537 5924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

16:59:22.0568 5924 atapi - ok

16:59:22.0709 5924 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

16:59:22.0849 5924 AudioEndpointBuilder - ok

16:59:22.0849 5924 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

16:59:22.0958 5924 AudioSrv - ok

16:59:23.0005 5924 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

16:59:23.0068 5924 AxInstSV - ok

16:59:23.0146 5924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

16:59:23.0208 5924 b06bdrv - ok

16:59:23.0270 5924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

16:59:23.0348 5924 b57nd60a - ok

16:59:23.0629 5924 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

16:59:23.0692 5924 BDESVC - ok

16:59:23.0723 5924 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

16:59:23.0832 5924 Beep - ok

16:59:23.0988 5924 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

16:59:24.0097 5924 BFE - ok

16:59:24.0362 5924 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys

16:59:24.0425 5924 BHDrvx64 - ok

16:59:24.0690 5924 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll

16:59:24.0815 5924 BITS - ok

16:59:24.0877 5924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

16:59:24.0940 5924 blbdrive - ok

16:59:24.0986 5924 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

16:59:25.0033 5924 bowser - ok

16:59:25.0064 5924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

16:59:25.0127 5924 BrFiltLo - ok

16:59:25.0142 5924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

16:59:25.0189 5924 BrFiltUp - ok

16:59:25.0236 5924 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys

16:59:25.0361 5924 BridgeMP - ok

16:59:25.0376 5924 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

16:59:25.0486 5924 Browser - ok

16:59:25.0532 5924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

16:59:25.0595 5924 Brserid - ok

16:59:25.0626 5924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

16:59:25.0688 5924 BrSerWdm - ok

16:59:25.0720 5924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

16:59:25.0766 5924 BrUsbMdm - ok

16:59:25.0782 5924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

16:59:25.0813 5924 BrUsbSer - ok

16:59:25.0876 5924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

16:59:25.0922 5924 BTHMODEM - ok

16:59:25.0985 5924 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

16:59:26.0094 5924 bthserv - ok

16:59:26.0125 5924 catchme - ok

16:59:26.0203 5924 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys

16:59:26.0234 5924 ccSet_NIS - ok

16:59:26.0281 5924 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

16:59:26.0375 5924 cdfs - ok

16:59:26.0437 5924 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

16:59:26.0484 5924 cdrom - ok

16:59:26.0546 5924 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

16:59:26.0640 5924 CertPropSvc - ok

16:59:26.0687 5924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

16:59:26.0749 5924 circlass - ok

16:59:26.0812 5924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

16:59:26.0874 5924 CLFS - ok

16:59:26.0952 5924 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:59:26.0999 5924 clr_optimization_v2.0.50727_32 - ok

16:59:27.0061 5924 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:59:27.0092 5924 clr_optimization_v2.0.50727_64 - ok

16:59:27.0170 5924 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:59:27.0202 5924 clr_optimization_v4.0.30319_32 - ok

16:59:27.0248 5924 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:59:27.0280 5924 clr_optimization_v4.0.30319_64 - ok

16:59:27.0311 5924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

16:59:27.0373 5924 CmBatt - ok

16:59:27.0389 5924 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

16:59:27.0420 5924 cmdide - ok

16:59:27.0482 5924 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

16:59:27.0560 5924 CNG - ok

16:59:27.0763 5924 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys

16:59:27.0872 5924 CnxtHdAudService - ok

16:59:28.0044 5924 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

16:59:28.0075 5924 Compbatt - ok

16:59:28.0106 5924 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

16:59:28.0169 5924 CompositeBus - ok

16:59:28.0184 5924 COMSysApp - ok

16:59:28.0200 5924 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

16:59:28.0231 5924 crcdisk - ok

16:59:28.0294 5924 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll

16:59:28.0340 5924 CryptSvc - ok

16:59:28.0418 5924 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

16:59:28.0543 5924 DcomLaunch - ok

16:59:28.0621 5924 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

16:59:28.0762 5924 defragsvc - ok

16:59:28.0824 5924 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

16:59:28.0918 5924 DfsC - ok

16:59:28.0980 5924 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

16:59:29.0105 5924 Dhcp - ok

16:59:29.0120 5924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

16:59:29.0214 5924 discache - ok

16:59:29.0276 5924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

16:59:29.0308 5924 Disk - ok

16:59:29.0479 5924 DiskDoctorService (7c85cc5570bf718d2b9ad9f53b1b5b55) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe

16:59:29.0542 5924 DiskDoctorService - ok

16:59:29.0604 5924 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

16:59:29.0651 5924 Dnscache - ok

16:59:29.0698 5924 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

16:59:29.0807 5924 dot3svc - ok

16:59:29.0838 5924 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

16:59:29.0947 5924 DPS - ok

16:59:30.0010 5924 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

16:59:30.0072 5924 drmkaud - ok

16:59:30.0259 5924 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

16:59:30.0322 5924 DXGKrnl - ok

16:59:30.0368 5924 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

16:59:30.0478 5924 EapHost - ok

16:59:30.0805 5924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

16:59:30.0946 5924 ebdrv - ok

16:59:31.0117 5924 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

16:59:31.0180 5924 eeCtrl - ok

16:59:31.0336 5924 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

16:59:31.0367 5924 EFS - ok

16:59:31.0492 5924 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

16:59:31.0554 5924 ehRecvr - ok

16:59:31.0601 5924 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

16:59:31.0648 5924 ehSched - ok

16:59:31.0772 5924 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

16:59:31.0819 5924 elxstor - ok

16:59:32.0006 5924 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

16:59:32.0038 5924 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning

16:59:32.0038 5924 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)

16:59:32.0178 5924 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

16:59:32.0225 5924 EraserUtilRebootDrv - ok

16:59:32.0240 5924 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

16:59:32.0287 5924 ErrDev - ok

16:59:32.0365 5924 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys

16:59:32.0412 5924 ETD - ok

16:59:32.0474 5924 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

16:59:32.0584 5924 EventSystem - ok

16:59:32.0677 5924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

16:59:32.0833 5924 exfat - ok

16:59:32.0896 5924 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

16:59:33.0020 5924 fastfat - ok

16:59:33.0145 5924 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

16:59:33.0223 5924 Fax - ok

16:59:33.0239 5924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

16:59:33.0286 5924 fdc - ok

16:59:33.0332 5924 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

16:59:33.0442 5924 fdPHost - ok

16:59:33.0457 5924 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

16:59:33.0566 5924 FDResPub - ok

16:59:33.0644 5924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

16:59:33.0676 5924 FileInfo - ok

16:59:33.0816 5924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

16:59:34.0003 5924 Filetrace - ok

16:59:34.0034 5924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

16:59:34.0081 5924 flpydisk - ok

16:59:34.0175 5924 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

16:59:34.0222 5924 FltMgr - ok

16:59:34.0362 5924 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

16:59:34.0440 5924 FontCache - ok

16:59:34.0502 5924 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:59:34.0534 5924 FontCache3.0.0.0 - ok

16:59:34.0627 5924 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

16:59:34.0674 5924 FsDepends - ok

16:59:34.0705 5924 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

16:59:34.0736 5924 Fs_Rec - ok

16:59:34.0799 5924 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

16:59:34.0846 5924 fvevol - ok

16:59:34.0877 5924 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys

16:59:34.0939 5924 FwLnk - ok

16:59:34.0986 5924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

16:59:35.0017 5924 gagp30kx - ok

16:59:35.0095 5924 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

16:59:35.0126 5924 GamesAppService - ok

16:59:35.0236 5924 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

16:59:35.0360 5924 gpsvc - ok

16:59:35.0407 5924 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:59:35.0438 5924 gupdate - ok

16:59:35.0438 5924 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:59:35.0470 5924 gupdatem - ok

16:59:35.0516 5924 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

16:59:35.0548 5924 gusvc - ok

16:59:35.0610 5924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

16:59:35.0657 5924 hcw85cir - ok

16:59:35.0750 5924 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

16:59:35.0797 5924 HdAudAddService - ok

16:59:35.0844 5924 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

16:59:35.0891 5924 HDAudBus - ok

16:59:35.0922 5924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

16:59:35.0984 5924 HidBatt - ok

16:59:36.0031 5924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

16:59:36.0078 5924 HidBth - ok

16:59:36.0109 5924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

16:59:36.0156 5924 HidIr - ok

16:59:36.0203 5924 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll

16:59:36.0296 5924 hidserv - ok

16:59:36.0343 5924 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

16:59:36.0374 5924 HidUsb - ok

16:59:36.0421 5924 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

16:59:36.0530 5924 hkmsvc - ok

16:59:36.0562 5924 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

16:59:36.0624 5924 HomeGroupListener - ok

16:59:36.0655 5924 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

16:59:36.0702 5924 HomeGroupProvider - ok

16:59:36.0733 5924 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

16:59:36.0764 5924 HpSAMD - ok

16:59:36.0842 5924 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

16:59:36.0952 5924 HTTP - ok

16:59:36.0983 5924 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

16:59:37.0014 5924 hwpolicy - ok

16:59:37.0045 5924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

16:59:37.0092 5924 i8042prt - ok

16:59:37.0154 5924 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

16:59:37.0201 5924 iaStorV - ok

16:59:37.0342 5924 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:59:37.0388 5924 idsvc - ok

16:59:37.0716 5924 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120703.002\IDSvia64.sys

16:59:37.0763 5924 IDSVia64 - ok

16:59:37.0888 5924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

16:59:37.0919 5924 iirsp - ok

16:59:38.0028 5924 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

16:59:38.0153 5924 IKEEXT - ok

16:59:38.0231 5924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

16:59:38.0262 5924 intelide - ok

16:59:38.0278 5924 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys

16:59:38.0340 5924 intelppm - ok

16:59:38.0387 5924 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

16:59:38.0480 5924 IPBusEnum - ok

16:59:38.0527 5924 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

16:59:38.0621 5924 IpFilterDriver - ok

16:59:38.0699 5924 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

16:59:38.0808 5924 iphlpsvc - ok

16:59:38.0839 5924 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

16:59:38.0902 5924 IPMIDRV - ok

16:59:38.0948 5924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

16:59:39.0058 5924 IPNAT - ok

16:59:39.0104 5924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

16:59:39.0167 5924 IRENUM - ok

16:59:39.0182 5924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

16:59:39.0214 5924 isapnp - ok

16:59:39.0276 5924 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

16:59:39.0323 5924 iScsiPrt - ok

16:59:39.0354 5924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

16:59:39.0385 5924 kbdclass - ok

16:59:39.0416 5924 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

16:59:39.0463 5924 kbdhid - ok

16:59:39.0510 5924 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

16:59:39.0541 5924 KeyIso - ok

16:59:39.0572 5924 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

16:59:39.0604 5924 KSecDD - ok

16:59:39.0635 5924 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

16:59:39.0666 5924 KSecPkg - ok

16:59:39.0697 5924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

16:59:39.0806 5924 ksthunk - ok

16:59:39.0869 5924 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

16:59:39.0978 5924 KtmRm - ok

16:59:40.0072 5924 L1C (655a5d8e80869781cce23760ada7e695) C:\windows\system32\DRIVERS\L1C62x64.sys

16:59:40.0118 5924 L1C - ok

16:59:40.0165 5924 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll

16:59:40.0274 5924 LanmanServer - ok

16:59:40.0321 5924 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

16:59:40.0415 5924 LanmanWorkstation - ok

16:59:40.0462 5924 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

16:59:40.0555 5924 lltdio - ok

16:59:40.0618 5924 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

16:59:40.0711 5924 lltdsvc - ok

16:59:40.0758 5924 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

16:59:40.0836 5924 lmhosts - ok

16:59:40.0883 5924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

16:59:40.0930 5924 LSI_FC - ok

16:59:40.0976 5924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

16:59:41.0008 5924 LSI_SAS - ok

16:59:41.0039 5924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

16:59:41.0086 5924 LSI_SAS2 - ok

16:59:41.0117 5924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

16:59:41.0164 5924 LSI_SCSI - ok

16:59:41.0179 5924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

16:59:41.0273 5924 luafv - ok

16:59:41.0335 5924 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys

16:59:41.0382 5924 MBAMProtector - ok

16:59:41.0507 5924 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

16:59:41.0554 5924 MBAMService - ok

16:59:41.0600 5924 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

16:59:41.0632 5924 Mcx2Svc - ok

16:59:41.0663 5924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

16:59:41.0710 5924 megasas - ok

16:59:41.0756 5924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

16:59:41.0803 5924 MegaSR - ok

16:59:41.0850 5924 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

16:59:41.0944 5924 MMCSS - ok

16:59:41.0975 5924 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

16:59:42.0100 5924 Modem - ok

16:59:42.0131 5924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

16:59:42.0193 5924 monitor - ok

16:59:42.0287 5924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

16:59:42.0334 5924 mouclass - ok

16:59:42.0349 5924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

16:59:42.0412 5924 mouhid - ok

16:59:42.0458 5924 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

16:59:42.0490 5924 mountmgr - ok

16:59:42.0536 5924 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

16:59:42.0568 5924 mpio - ok

16:59:42.0583 5924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

16:59:42.0677 5924 mpsdrv - ok

16:59:42.0770 5924 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

16:59:42.0895 5924 MpsSvc - ok

16:59:42.0926 5924 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

16:59:42.0989 5924 MRxDAV - ok

16:59:43.0036 5924 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

16:59:43.0098 5924 mrxsmb - ok

16:59:43.0160 5924 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

16:59:43.0223 5924 mrxsmb10 - ok

16:59:43.0270 5924 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

16:59:43.0316 5924 mrxsmb20 - ok

16:59:43.0363 5924 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

16:59:43.0394 5924 msahci - ok

16:59:43.0457 5924 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

16:59:43.0504 5924 msdsm - ok

16:59:43.0535 5924 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

16:59:43.0597 5924 MSDTC - ok

16:59:43.0644 5924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

16:59:43.0722 5924 Msfs - ok

16:59:43.0738 5924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

16:59:43.0831 5924 mshidkmdf - ok

16:59:43.0847 5924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

16:59:43.0878 5924 msisadrv - ok

16:59:44.0159 5924 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

16:59:44.0268 5924 MSiSCSI - ok

16:59:44.0284 5924 msiserver - ok

16:59:44.0315 5924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

16:59:44.0440 5924 MSKSSRV - ok

16:59:44.0455 5924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

16:59:44.0564 5924 MSPCLOCK - ok

16:59:44.0580 5924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

16:59:44.0689 5924 MSPQM - ok

16:59:44.0736 5924 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

16:59:44.0783 5924 MsRPC - ok

16:59:44.0814 5924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

16:59:44.0845 5924 mssmbios - ok

16:59:44.0861 5924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

16:59:44.0954 5924 MSTEE - ok

16:59:44.0970 5924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

16:59:45.0017 5924 MTConfig - ok

16:59:45.0048 5924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

16:59:45.0095 5924 Mup - ok

16:59:45.0157 5924 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

16:59:45.0266 5924 napagent - ok

16:59:45.0360 5924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

16:59:45.0438 5924 NativeWifiP - ok

16:59:45.0594 5924 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120704.002\ENG64.SYS

16:59:45.0641 5924 NAVENG - ok

16:59:45.0812 5924 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120704.002\EX64.SYS

16:59:45.0906 5924 NAVEX15 - ok

16:59:46.0171 5924 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

16:59:46.0234 5924 NDIS - ok

16:59:46.0265 5924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

16:59:46.0374 5924 NdisCap - ok

16:59:46.0405 5924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

16:59:46.0499 5924 NdisTapi - ok

16:59:46.0546 5924 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

16:59:46.0639 5924 Ndisuio - ok

16:59:46.0686 5924 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

16:59:46.0780 5924 NdisWan - ok

16:59:46.0826 5924 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

16:59:46.0904 5924 NDProxy - ok

16:59:46.0936 5924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

16:59:47.0045 5924 NetBIOS - ok

16:59:47.0092 5924 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

16:59:47.0201 5924 NetBT - ok

16:59:47.0248 5924 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

16:59:47.0279 5924 Netlogon - ok

16:59:47.0341 5924 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

16:59:47.0466 5924 Netman - ok

16:59:47.0528 5924 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

16:59:47.0638 5924 netprofm - ok

16:59:47.0716 5924 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:59:47.0747 5924 NetTcpPortSharing - ok

16:59:47.0794 5924 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

16:59:47.0825 5924 nfrd960 - ok

16:59:47.0965 5924 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

16:59:47.0996 5924 NIS - ok

16:59:48.0059 5924 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

16:59:48.0152 5924 NlaSvc - ok

16:59:48.0215 5924 Norton PC Checkup Application Launcher - ok

16:59:48.0246 5924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

16:59:48.0324 5924 Npfs - ok

16:59:48.0371 5924 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

16:59:48.0480 5924 nsi - ok

16:59:48.0511 5924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

16:59:48.0605 5924 nsiproxy - ok

16:59:48.0761 5924 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

16:59:48.0854 5924 Ntfs - ok

16:59:48.0995 5924 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

16:59:49.0104 5924 Null - ok

16:59:49.0135 5924 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

16:59:49.0166 5924 nvraid - ok

16:59:49.0229 5924 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

16:59:49.0276 5924 nvstor - ok

16:59:49.0291 5924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

16:59:49.0322 5924 nv_agp - ok

16:59:49.0369 5924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

16:59:49.0400 5924 ohci1394 - ok

16:59:49.0510 5924 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:59:49.0541 5924 ose - ok

16:59:50.0040 5924 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:59:50.0243 5924 osppsvc - ok

16:59:50.0524 5924 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

16:59:50.0586 5924 p2pimsvc - ok

16:59:50.0648 5924 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

16:59:50.0695 5924 p2psvc - ok

16:59:50.0758 5924 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

16:59:50.0804 5924 Parport - ok

16:59:50.0836 5924 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

16:59:50.0867 5924 partmgr - ok

16:59:50.0914 5924 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

16:59:50.0976 5924 PcaSvc - ok

16:59:51.0070 5924 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

16:59:51.0101 5924 PCCUJobMgr - ok

16:59:51.0194 5924 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

16:59:51.0241 5924 pci - ok

16:59:51.0272 5924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

16:59:51.0304 5924 pciide - ok

16:59:51.0350 5924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

16:59:51.0397 5924 pcmcia - ok

16:59:51.0444 5924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

16:59:51.0475 5924 pcw - ok

16:59:51.0538 5924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

16:59:51.0662 5924 PEAUTH - ok

16:59:51.0772 5924 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

16:59:51.0818 5924 PerfHost - ok

16:59:51.0959 5924 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys

16:59:51.0990 5924 PGEffect - ok

16:59:52.0115 5924 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

16:59:52.0240 5924 pla - ok

16:59:52.0302 5924 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

16:59:52.0364 5924 PlugPlay - ok

16:59:52.0396 5924 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

16:59:52.0505 5924 PNRPAutoReg - ok

16:59:52.0567 5924 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

16:59:52.0614 5924 PNRPsvc - ok

16:59:52.0692 5924 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

16:59:52.0786 5924 PolicyAgent - ok

16:59:52.0848 5924 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

16:59:52.0957 5924 Power - ok

16:59:53.0035 5924 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

16:59:53.0144 5924 PptpMiniport - ok

16:59:53.0160 5924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

16:59:53.0222 5924 Processor - ok

16:59:53.0269 5924 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll

16:59:53.0316 5924 ProfSvc - ok

16:59:53.0347 5924 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

16:59:53.0378 5924 ProtectedStorage - ok

16:59:53.0425 5924 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

16:59:53.0519 5924 Psched - ok

16:59:53.0644 5924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

16:59:53.0753 5924 ql2300 - ok

16:59:53.0940 5924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

16:59:53.0971 5924 ql40xx - ok

16:59:54.0034 5924 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

16:59:54.0096 5924 QWAVE - ok

16:59:54.0112 5924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

16:59:54.0174 5924 QWAVEdrv - ok

16:59:54.0314 5924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

16:59:54.0455 5924 RasAcd - ok

16:59:54.0564 5924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

16:59:54.0658 5924 RasAgileVpn - ok

16:59:54.0689 5924 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

16:59:54.0782 5924 RasAuto - ok

16:59:54.0829 5924 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

16:59:54.0938 5924 Rasl2tp - ok

16:59:54.0985 5924 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

16:59:55.0079 5924 RasMan - ok

16:59:55.0141 5924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

16:59:55.0235 5924 RasPppoe - ok

16:59:55.0266 5924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

16:59:55.0375 5924 RasSstp - ok

16:59:55.0422 5924 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

16:59:55.0500 5924 rdbss - ok

16:59:55.0516 5924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

16:59:55.0578 5924 rdpbus - ok

16:59:55.0594 5924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

16:59:55.0687 5924 RDPCDD - ok

16:59:55.0703 5924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

16:59:55.0812 5924 RDPENCDD - ok

16:59:55.0812 5924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

16:59:55.0921 5924 RDPREFMP - ok

16:59:55.0968 5924 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys

16:59:56.0030 5924 RDPWD - ok

16:59:56.0062 5924 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

16:59:56.0093 5924 rdyboost - ok

16:59:56.0140 5924 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

16:59:56.0233 5924 RemoteAccess - ok

16:59:56.0296 5924 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

16:59:56.0405 5924 RemoteRegistry - ok

16:59:56.0436 5924 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

16:59:56.0530 5924 RpcEptMapper - ok

16:59:56.0561 5924 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

16:59:56.0639 5924 RpcLocator - ok

16:59:56.0701 5924 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

16:59:56.0795 5924 RpcSs - ok

16:59:56.0857 5924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

16:59:56.0951 5924 rspndr - ok

16:59:57.0013 5924 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys

16:59:57.0060 5924 RSUSBSTOR - ok

16:59:57.0185 5924 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys

16:59:57.0263 5924 RTL8192Ce - ok

16:59:57.0310 5924 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

16:59:57.0341 5924 SamSs - ok

16:59:57.0372 5924 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

16:59:57.0419 5924 sbp2port - ok

16:59:57.0481 5924 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

16:59:57.0575 5924 SCardSvr - ok

16:59:57.0606 5924 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

16:59:57.0700 5924 scfilter - ok

16:59:57.0793 5924 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

16:59:57.0918 5924 Schedule - ok

16:59:57.0965 5924 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

16:59:58.0043 5924 SCPolicySvc - ok

16:59:58.0105 5924 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

16:59:58.0152 5924 SDRSVC - ok

16:59:58.0230 5924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

16:59:58.0370 5924 secdrv - ok

16:59:58.0402 5924 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

16:59:58.0542 5924 seclogon - ok

16:59:58.0776 5924 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll

16:59:58.0948 5924 SENS - ok

16:59:59.0119 5924 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

16:59:59.0213 5924 SensrSvc - ok

16:59:59.0291 5924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

16:59:59.0353 5924 Serenum - ok

16:59:59.0384 5924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

16:59:59.0431 5924 Serial - ok

16:59:59.0447 5924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

16:59:59.0494 5924 sermouse - ok

16:59:59.0540 5924 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

16:59:59.0634 5924 SessionEnv - ok

16:59:59.0696 5924 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

16:59:59.0806 5924 sffdisk - ok

16:59:59.0837 5924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

16:59:59.0884 5924 sffp_mmc - ok

16:59:59.0899 5924 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

16:59:59.0946 5924 sffp_sd - ok

16:59:59.0977 5924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

17:00:00.0024 5924 sfloppy - ok

17:00:00.0086 5924 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

17:00:00.0196 5924 SharedAccess - ok

17:00:00.0258 5924 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

17:00:00.0367 5924 ShellHWDetection - ok

17:00:00.0398 5924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

17:00:00.0430 5924 SiSRaid2 - ok

17:00:00.0476 5924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

17:00:00.0523 5924 SiSRaid4 - ok

17:00:00.0554 5924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

17:00:00.0664 5924 Smb - ok

17:00:00.0726 5924 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

17:00:00.0773 5924 SNMPTRAP - ok

17:00:00.0976 5924 SpeedDiskService (a8493e43f9d4b22bbed2d424d03ed273) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe

17:00:01.0022 5924 SpeedDiskService - ok

17:00:01.0069 5924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

17:00:01.0085 5924 spldr - ok

17:00:01.0163 5924 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

17:00:01.0272 5924 Spooler - ok

17:00:01.0553 5924 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

17:00:01.0724 5924 sppsvc - ok

17:00:01.0865 5924 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

17:00:01.0974 5924 sppuinotify - ok

17:00:02.0130 5924 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS

17:00:02.0192 5924 SRTSP - ok

17:00:02.0239 5924 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS

17:00:02.0270 5924 SRTSPX - ok

17:00:02.0395 5924 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

17:00:02.0458 5924 srv - ok

17:00:02.0504 5924 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

17:00:02.0567 5924 srv2 - ok

17:00:02.0598 5924 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

17:00:02.0645 5924 srvnet - ok

17:00:03.0066 5924 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

17:00:03.0191 5924 SSDPSRV - ok

17:00:03.0238 5924 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

17:00:03.0331 5924 SstpSvc - ok

17:00:03.0362 5924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

17:00:03.0394 5924 stexstor - ok

17:00:03.0472 5924 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

17:00:03.0550 5924 stisvc - ok

17:00:03.0565 5924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

17:00:03.0596 5924 swenum - ok

17:00:03.0674 5924 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

17:00:03.0768 5924 swprv - ok

17:00:03.0893 5924 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS

17:00:03.0940 5924 SymDS - ok

17:00:04.0002 5924 SymDSMon (e7b1bcb70355a84d6dfee12702b588d0) C:\windows\system32\drivers\SymDSMon.sys

17:00:04.0064 5924 SymDSMon - ok

17:00:04.0189 5924 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS

17:00:04.0267 5924 SymEFA - ok

17:00:04.0330 5924 SymEvent (894579207e39c465737e850a252ce4f2) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

17:00:04.0392 5924 SymEvent - ok

17:00:04.0454 5924 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS

17:00:04.0501 5924 SymIRON - ok

17:00:04.0564 5924 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS

17:00:04.0626 5924 SymNetS - ok

17:00:04.0688 5924 SYMSpeedDisk (f0268941519d73658199ecb1bb712be1) C:\windows\system32\drivers\SymSpeedDisk.sys

17:00:04.0735 5924 SYMSpeedDisk - ok

17:00:05.0032 5924 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

17:00:05.0125 5924 SysMain - ok

17:00:05.0266 5924 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

17:00:05.0328 5924 TabletInputService - ok

17:00:05.0390 5924 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

17:00:05.0484 5924 TapiSrv - ok

17:00:05.0515 5924 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

17:00:05.0609 5924 TBS - ok

17:00:05.0952 5924 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

17:00:06.0108 5924 Tcpip - ok

17:00:06.0529 5924 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

17:00:06.0623 5924 TCPIP6 - ok

17:00:06.0794 5924 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

17:00:06.0888 5924 tcpipreg - ok

17:00:06.0935 5924 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

17:00:06.0982 5924 tdcmdpst - ok

17:00:07.0013 5924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

17:00:07.0044 5924 TDPIPE - ok

17:00:07.0091 5924 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

17:00:07.0122 5924 TDTCP - ok

17:00:07.0153 5924 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

17:00:07.0262 5924 tdx - ok

17:00:07.0278 5924 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

17:00:07.0309 5924 TermDD - ok

17:00:07.0403 5924 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

17:00:07.0512 5924 TermService - ok

17:00:07.0528 5924 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

17:00:07.0574 5924 Themes - ok

17:00:07.0606 5924 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

17:00:07.0699 5924 THREADORDER - ok

17:00:07.0808 5924 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

17:00:07.0840 5924 TMachInfo - ok

17:00:07.0886 5924 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe

17:00:07.0918 5924 TODDSrv - ok

17:00:08.0058 5924 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

17:00:08.0105 5924 TosCoSrv - ok

17:00:08.0167 5924 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

17:00:08.0214 5924 TOSHIBA HDD SSD Alert Service - ok

17:00:08.0261 5924 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

17:00:08.0354 5924 TrkWks - ok

17:00:08.0417 5924 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

17:00:08.0510 5924 TrustedInstaller - ok

17:00:08.0573 5924 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

17:00:08.0651 5924 tssecsrv - ok

17:00:08.0698 5924 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

17:00:08.0744 5924 TsUsbFlt - ok

17:00:08.0776 5924 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

17:00:08.0822 5924 TsUsbGD - ok

17:00:08.0869 5924 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

17:00:08.0963 5924 tunnel - ok

17:00:09.0010 5924 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

17:00:09.0025 5924 TVALZ - ok

17:00:09.0041 5924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

17:00:09.0088 5924 uagp35 - ok

17:00:09.0150 5924 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

17:00:09.0259 5924 udfs - ok

17:00:09.0306 5924 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

17:00:09.0353 5924 UI0Detect - ok

17:00:09.0384 5924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

17:00:09.0431 5924 uliagpkx - ok

17:00:09.0478 5924 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

17:00:09.0509 5924 umbus - ok

17:00:09.0524 5924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

17:00:09.0571 5924 UmPass - ok

17:00:09.0634 5924 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

17:00:09.0743 5924 upnphost - ok

17:00:09.0790 5924 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

17:00:09.0821 5924 usbccgp - ok

17:00:10.0055 5924 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

17:00:10.0117 5924 usbcir - ok

17:00:10.0148 5924 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

17:00:10.0195 5924 usbehci - ok

17:00:10.0273 5924 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

17:00:10.0336 5924 usbhub - ok

17:00:10.0398 5924 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys

17:00:10.0445 5924 usbohci - ok

17:00:10.0460 5924 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

17:00:10.0507 5924 usbprint - ok

17:00:10.0554 5924 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

17:00:10.0679 5924 usbscan - ok

17:00:10.0726 5924 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

17:00:10.0757 5924 USBSTOR - ok

17:00:10.0788 5924 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

17:00:10.0835 5924 usbuhci - ok

17:00:10.0882 5924 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

17:00:10.0928 5924 usbvideo - ok

17:00:10.0960 5924 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

17:00:11.0053 5924 UxSms - ok

17:00:11.0116 5924 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

17:00:11.0147 5924 VaultSvc - ok

17:00:11.0162 5924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

17:00:11.0194 5924 vdrvroot - ok

17:00:11.0287 5924 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

17:00:11.0396 5924 vds - ok

17:00:11.0459 5924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

17:00:11.0506 5924 vga - ok

17:00:11.0506 5924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

17:00:11.0615 5924 VgaSave - ok

17:00:11.0662 5924 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

17:00:11.0693 5924 vhdmp - ok

17:00:11.0724 5924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

17:00:11.0755 5924 viaide - ok

17:00:11.0771 5924 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

17:00:11.0802 5924 volmgr - ok

17:00:11.0864 5924 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

17:00:11.0911 5924 volmgrx - ok

17:00:11.0974 5924 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys

17:00:12.0020 5924 volsnap - ok

17:00:12.0067 5924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

17:00:12.0130 5924 vsmraid - ok

17:00:12.0270 5924 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

17:00:12.0410 5924 VSS - ok

17:00:12.0582 5924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

17:00:12.0629 5924 vwifibus - ok

17:00:12.0660 5924 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

17:00:12.0722 5924 vwififlt - ok

17:00:12.0769 5924 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

17:00:12.0878 5924 W32Time - ok

17:00:12.0925 5924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

17:00:12.0988 5924 WacomPen - ok

17:00:13.0034 5924 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

17:00:13.0128 5924 WANARP - ok

17:00:13.0128 5924 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

17:00:13.0222 5924 Wanarpv6 - ok

17:00:13.0783 5924 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

17:00:13.0877 5924 WatAdminSvc - ok

17:00:14.0064 5924 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

17:00:14.0142 5924 wbengine - ok

17:00:14.0314 5924 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

17:00:14.0360 5924 WbioSrvc - ok

17:00:14.0407 5924 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

17:00:14.0470 5924 wcncsvc - ok

17:00:14.0501 5924 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

17:00:14.0548 5924 WcsPlugInService - ok

17:00:14.0657 5924 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

17:00:14.0704 5924 Wd - ok

17:00:14.0766 5924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

17:00:14.0813 5924 Wdf01000 - ok

17:00:14.0860 5924 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

17:00:14.0922 5924 WdiServiceHost - ok

17:00:14.0938 5924 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

17:00:14.0984 5924 WdiSystemHost - ok

17:00:15.0031 5924 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

17:00:15.0094 5924 WebClient - ok

17:00:15.0125 5924 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

17:00:15.0234 5924 Wecsvc - ok

17:00:15.0281 5924 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

17:00:15.0390 5924 wercplsupport - ok

17:00:15.0421 5924 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

17:00:15.0546 5924 WerSvc - ok

17:00:15.0593 5924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

17:00:15.0686 5924 WfpLwf - ok

17:00:15.0702 5924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

17:00:15.0733 5924 WIMMount - ok

17:00:15.0764 5924 WinDefend - ok

17:00:15.0780 5924 WinHttpAutoProxySvc - ok

17:00:15.0858 5924 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

17:00:15.0952 5924 Winmgmt - ok

17:00:16.0170 5924 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

17:00:16.0310 5924 WinRM - ok

17:00:16.0544 5924 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

17:00:16.0607 5924 WinUsb - ok

17:00:16.0700 5924 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

17:00:16.0794 5924 Wlansvc - ok

17:00:16.0888 5924 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

17:00:16.0903 5924 wlcrasvc - ok

17:00:17.0184 5924 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:00:17.0293 5924 wlidsvc - ok

17:00:17.0434 5924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

17:00:17.0465 5924 WmiAcpi - ok

17:00:17.0543 5924 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

17:00:17.0590 5924 wmiApSrv - ok

17:00:17.0652 5924 WMPNetworkSvc - ok

17:00:17.0683 5924 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

17:00:17.0714 5924 WPCSvc - ok

17:00:17.0746 5924 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

17:00:17.0792 5924 WPDBusEnum - ok

17:00:17.0824 5924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

17:00:17.0917 5924 ws2ifsl - ok

17:00:17.0948 5924 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll

17:00:18.0011 5924 wscsvc - ok

17:00:18.0026 5924 WSearch - ok

17:00:18.0276 5924 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll

17:00:18.0401 5924 wuauserv - ok

17:00:18.0588 5924 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

17:00:18.0682 5924 WudfPf - ok

17:00:18.0728 5924 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

17:00:18.0822 5924 WUDFRd - ok

17:00:18.0853 5924 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

17:00:18.0947 5924 wudfsvc - ok

17:00:18.0978 5924 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

17:00:19.0056 5924 WwanSvc - ok

17:00:19.0103 5924 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0

17:00:19.0150 5924 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

17:00:19.0150 5924 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

17:00:20.0366 5924 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:00:20.0366 5924 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:00:20.0398 5924 Boot (0x1200) (de8590baa713dfec22a1b646ac041426) \Device\Harddisk0\DR0\Partition0

17:00:20.0398 5924 \Device\Harddisk0\DR0\Partition0 - ok

17:00:20.0398 5924 ============================================================

17:00:20.0398 5924 Scan finished

17:00:20.0398 5924 ============================================================

17:00:20.0444 4248 Detected object count: 3

17:00:20.0444 4248 Actual detected object count: 3

17:03:14.0946 4248 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user

17:03:14.0946 4248 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:03:16.0896 4248 \Device\Harddisk0\DR0\# - copied to quarantine

17:03:16.0896 4248 \Device\Harddisk0\DR0 - copied to quarantine

17:03:16.0990 4248 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

17:03:17.0021 4248 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

17:03:17.0037 4248 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

17:03:17.0037 4248 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

17:03:17.0068 4248 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

17:03:17.0084 4248 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

17:03:17.0084 4248 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

17:03:17.0099 4248 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

17:03:17.0099 4248 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

17:03:17.0115 4248 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

17:03:17.0115 4248 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

17:03:17.0130 4248 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

17:03:17.0162 4248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

17:03:17.0177 4248 \Device\Harddisk0\DR0 - ok

17:03:17.0661 4248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

17:03:17.0988 4248 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

17:03:17.0988 4248 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

17:03:18.0004 4248 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

17:03:18.0020 4248 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

17:03:18.0051 4248 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

17:03:18.0082 4248 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

17:03:18.0082 4248 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

17:03:18.0098 4248 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

17:03:18.0098 4248 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

17:03:18.0113 4248 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

17:03:18.0113 4248 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

17:03:18.0129 4248 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

17:03:18.0129 4248 \Device\Harddisk0\DR0\TDLFS - deleted

17:03:18.0129 4248 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

17:04:34.0117 5500 Deinitialize success

Link to post
Share on other sites

OK, TDSSKiller cleared out the infection.

Now delete your copy of ComboFix and download a fresh one, run it like this......

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I'll consider this problem resolved.

A little clean up to do....

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.