Jump to content
SpoonofEvil

Trojan.Agent svchost.exe

Recommended Posts

My computer has recently been having odd performance problems and certain windows updates keep failing to install. I installed Anti-Malwarebytes and it detected and quarantined a trojan located in C:\Windows/svchost.exe. However, even though it can quarantine the trojan, it can't seem to permananetly remove it no matter how many times I try. I suspect it's connected to a mystery process I've found in my task manager titled "svchost.exe*32" with "winscrmde" as its description. Both the title and description don't match up with the other svchost.exe processes and it consumes a massive amount of memory, going as high as 600,000 kb if left unchecked. I've tried everything, but Anti-Malwarebytes can't seem to delete it and my antivirus doesn't even detect it at all.

Attach.txtDDS.txt

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

Share this post


Link to post
Share on other sites

Welcome to the forum.

Before we proceed further, please uninstall or disable BitTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:

http://forums.malwar...showtopic=97700

--------------------------------

Next......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Sorry about that. Removed bittorrent.

Anyways here is the Roguekiller report:

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Patric [Admin rights]

Mode: Scan -- Date: 07/12/2012 23:41:59

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS +++++

--- User ---

[MBR] 11895c3089d4fb3ba6b4047fb324da97

[bSP] 13d8b0f5acec4dae06844219783f61cf : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 697517 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1428924416 | Size: 17584 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] b92f5067bdbb56eec094dcd0a4139198

[bSP] bfd02b011fc8a2c487a9317c1d7bec2f : PiHar MBR Code!

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 697517 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1428924416 | Size: 17584 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] b92f5067bdbb56eec094dcd0a4139198

[bSP] bfd02b011fc8a2c487a9317c1d7bec2f : PiHar MBR Code!

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 697517 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1428924416 | Size: 17584 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

OK, please do this......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Share this post


Link to post
Share on other sites

00:11:57.0315 4268 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

00:11:57.0970 4268 ============================================================

00:11:57.0970 4268 Current date / time: 2012/07/14 00:11:57.0970

00:11:57.0970 4268 SystemInfo:

00:11:57.0970 4268

00:11:57.0970 4268 OS Version: 6.1.7601 ServicePack: 1.0

00:11:57.0970 4268 Product type: Workstation

00:11:57.0970 4268 ComputerName: PATRIC-HP

00:11:57.0970 4268 UserName: Patric

00:11:57.0970 4268 Windows directory: C:\Windows

00:11:57.0970 4268 System windows directory: C:\Windows

00:11:57.0970 4268 Running under WOW64

00:11:57.0970 4268 Processor architecture: Intel x64

00:11:57.0970 4268 Number of processors: 8

00:11:57.0970 4268 Page size: 0x1000

00:11:57.0970 4268 Boot type: Normal boot

00:11:57.0970 4268 ============================================================

00:11:58.0656 4268 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

00:11:58.0656 4268 ============================================================

00:11:58.0656 4268 \Device\Harddisk0\DR0:

00:11:58.0656 4268 MBR partitions:

00:11:58.0656 4268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

00:11:58.0656 4268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55256800

00:11:58.0656 4268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x552BA800, BlocksNum 0x2258000

00:11:58.0656 4268 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0

00:11:58.0656 4268 ============================================================

00:11:58.0688 4268 C: <-> \Device\Harddisk0\DR0\Partition1

00:11:58.0719 4268 D: <-> \Device\Harddisk0\DR0\Partition2

00:11:58.0719 4268 ============================================================

00:11:58.0719 4268 Initialize success

00:11:58.0719 4268 ============================================================

00:12:09.0670 4072 ============================================================

00:12:09.0670 4072 Scan started

00:12:09.0670 4072 Mode: Manual; SigCheck; TDLFS;

00:12:09.0670 4072 ============================================================

00:12:10.0762 4072 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

00:12:10.0934 4072 1394ohci - ok

00:12:10.0996 4072 Accelerometer (7a330a42870eb1fa81f88be514d2d566) C:\Windows\system32\DRIVERS\Accelerometer.sys

00:12:11.0059 4072 Accelerometer - ok

00:12:11.0105 4072 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

00:12:11.0137 4072 ACPI - ok

00:12:11.0168 4072 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

00:12:11.0246 4072 AcpiPmi - ok

00:12:11.0355 4072 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

00:12:11.0371 4072 AdobeARMservice - ok

00:12:11.0480 4072 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

00:12:11.0511 4072 AdobeFlashPlayerUpdateSvc - ok

00:12:11.0573 4072 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

00:12:11.0605 4072 adp94xx - ok

00:12:11.0683 4072 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

00:12:11.0698 4072 adpahci - ok

00:12:11.0729 4072 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

00:12:11.0729 4072 adpu320 - ok

00:12:11.0776 4072 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

00:12:11.0901 4072 AeLookupSvc - ok

00:12:11.0979 4072 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

00:12:12.0057 4072 AESTFilters - ok

00:12:12.0135 4072 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

00:12:12.0213 4072 AFD - ok

00:12:12.0244 4072 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

00:12:12.0260 4072 agp440 - ok

00:12:12.0275 4072 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

00:12:12.0338 4072 ALG - ok

00:12:12.0353 4072 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

00:12:12.0369 4072 aliide - ok

00:12:12.0431 4072 AMD External Events Utility (46052887a640397a834cfa61d607bfc5) C:\Windows\system32\atiesrxx.exe

00:12:12.0541 4072 AMD External Events Utility - ok

00:12:12.0556 4072 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

00:12:12.0572 4072 amdide - ok

00:12:12.0634 4072 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

00:12:12.0681 4072 AmdK8 - ok

00:12:13.0102 4072 amdkmdag (f419e5cc07decdab85e4e6adab1dbb49) C:\Windows\system32\DRIVERS\atikmdag.sys

00:12:13.0367 4072 amdkmdag - ok

00:12:13.0508 4072 amdkmdap (a2f3f99349169d53e91a953a6f539635) C:\Windows\system32\DRIVERS\atikmpag.sys

00:12:13.0570 4072 amdkmdap - ok

00:12:13.0601 4072 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

00:12:13.0633 4072 AmdPPM - ok

00:12:13.0695 4072 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

00:12:13.0711 4072 amdsata - ok

00:12:13.0742 4072 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

00:12:13.0742 4072 amdsbs - ok

00:12:13.0757 4072 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

00:12:13.0757 4072 amdxata - ok

00:12:13.0804 4072 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

00:12:13.0976 4072 AppID - ok

00:12:13.0991 4072 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

00:12:14.0038 4072 AppIDSvc - ok

00:12:14.0038 4072 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

00:12:14.0085 4072 Appinfo - ok

00:12:14.0179 4072 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

00:12:14.0179 4072 Apple Mobile Device - ok

00:12:14.0210 4072 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

00:12:14.0225 4072 arc - ok

00:12:14.0241 4072 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

00:12:14.0257 4072 arcsas - ok

00:12:14.0272 4072 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

00:12:14.0303 4072 AsyncMac - ok

00:12:14.0303 4072 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

00:12:14.0319 4072 atapi - ok

00:12:14.0459 4072 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:12:14.0522 4072 AudioEndpointBuilder - ok

00:12:14.0537 4072 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:12:14.0569 4072 AudioSrv - ok

00:12:14.0615 4072 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

00:12:14.0709 4072 AxInstSV - ok

00:12:14.0771 4072 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

00:12:14.0834 4072 b06bdrv - ok

00:12:14.0881 4072 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

00:12:14.0927 4072 b57nd60a - ok

00:12:15.0005 4072 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

00:12:15.0052 4072 BBSvc - ok

00:12:15.0177 4072 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

00:12:15.0255 4072 BCM43XX - ok

00:12:15.0286 4072 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

00:12:15.0317 4072 BDESVC - ok

00:12:15.0395 4072 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

00:12:15.0489 4072 Beep - ok

00:12:15.0598 4072 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

00:12:15.0676 4072 BFE - ok

00:12:16.0035 4072 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002_16d\BHDrvx64.sys

00:12:16.0082 4072 BHDrvx64 - ok

00:12:16.0222 4072 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

00:12:16.0300 4072 BITS - ok

00:12:16.0363 4072 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

00:12:16.0394 4072 blbdrive - ok

00:12:16.0487 4072 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

00:12:16.0519 4072 Bonjour Service - ok

00:12:16.0565 4072 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

00:12:16.0612 4072 bowser - ok

00:12:16.0643 4072 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

00:12:16.0690 4072 BrFiltLo - ok

00:12:16.0690 4072 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

00:12:16.0706 4072 BrFiltUp - ok

00:12:16.0753 4072 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

00:12:16.0846 4072 Browser - ok

00:12:16.0877 4072 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

00:12:16.0940 4072 Brserid - ok

00:12:16.0940 4072 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

00:12:16.0971 4072 BrSerWdm - ok

00:12:16.0971 4072 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:12:16.0987 4072 BrUsbMdm - ok

00:12:17.0002 4072 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

00:12:17.0018 4072 BrUsbSer - ok

00:12:17.0033 4072 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

00:12:17.0049 4072 BTHMODEM - ok

00:12:17.0080 4072 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

00:12:17.0127 4072 bthserv - ok

00:12:17.0189 4072 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys

00:12:17.0221 4072 ccSet_N360 - ok

00:12:17.0252 4072 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

00:12:17.0314 4072 cdfs - ok

00:12:17.0377 4072 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

00:12:17.0423 4072 cdrom - ok

00:12:17.0470 4072 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:12:17.0533 4072 CertPropSvc - ok

00:12:17.0579 4072 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

00:12:17.0642 4072 circlass - ok

00:12:17.0673 4072 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

00:12:17.0704 4072 CLFS - ok

00:12:17.0798 4072 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe

00:12:17.0845 4072 CLKMSVC10_38F51D56 - ok

00:12:17.0923 4072 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:12:17.0954 4072 clr_optimization_v2.0.50727_32 - ok

00:12:17.0985 4072 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

00:12:18.0001 4072 clr_optimization_v2.0.50727_64 - ok

00:12:18.0172 4072 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:12:18.0203 4072 clr_optimization_v4.0.30319_32 - ok

00:12:18.0344 4072 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

00:12:18.0359 4072 clr_optimization_v4.0.30319_64 - ok

00:12:18.0453 4072 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

00:12:18.0469 4072 clwvd - ok

00:12:18.0500 4072 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

00:12:18.0531 4072 CmBatt - ok

00:12:18.0531 4072 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

00:12:18.0547 4072 cmdide - ok

00:12:18.0593 4072 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

00:12:18.0640 4072 CNG - ok

00:12:18.0671 4072 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

00:12:18.0671 4072 Compbatt - ok

00:12:18.0703 4072 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

00:12:18.0718 4072 CompositeBus - ok

00:12:18.0718 4072 COMSysApp - ok

00:12:18.0734 4072 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

00:12:18.0749 4072 crcdisk - ok

00:12:18.0781 4072 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

00:12:18.0796 4072 CryptSvc - ok

00:12:18.0859 4072 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:12:18.0937 4072 DcomLaunch - ok

00:12:18.0983 4072 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

00:12:19.0030 4072 defragsvc - ok

00:12:19.0093 4072 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

00:12:19.0202 4072 DfsC - ok

00:12:19.0249 4072 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

00:12:19.0327 4072 Dhcp - ok

00:12:19.0327 4072 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

00:12:19.0358 4072 discache - ok

00:12:19.0389 4072 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

00:12:19.0389 4072 Disk - ok

00:12:19.0420 4072 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

00:12:19.0483 4072 Dnscache - ok

00:12:19.0514 4072 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

00:12:19.0576 4072 dot3svc - ok

00:12:19.0592 4072 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

00:12:19.0654 4072 DPS - ok

00:12:19.0685 4072 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

00:12:19.0732 4072 drmkaud - ok

00:12:19.0826 4072 DXGKrnl (a4f408ad1065c7ad2ed332c68025b435) C:\Windows\System32\drivers\dxgkrnl.sys

00:12:19.0857 4072 DXGKrnl - ok

00:12:19.0904 4072 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

00:12:19.0966 4072 EapHost - ok

00:12:20.0122 4072 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

00:12:20.0200 4072 ebdrv - ok

00:12:20.0294 4072 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

00:12:20.0309 4072 eeCtrl - ok

00:12:20.0434 4072 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

00:12:20.0497 4072 EFS - ok

00:12:20.0590 4072 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

00:12:20.0653 4072 ehRecvr - ok

00:12:20.0668 4072 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

00:12:20.0668 4072 ehSched - ok

00:12:20.0762 4072 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

00:12:20.0824 4072 elxstor - ok

00:12:20.0933 4072 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

00:12:20.0965 4072 EraserUtilRebootDrv - ok

00:12:20.0980 4072 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

00:12:21.0011 4072 ErrDev - ok

00:12:21.0074 4072 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

00:12:21.0152 4072 EventSystem - ok

00:12:21.0308 4072 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

00:12:21.0339 4072 EvtEng - ok

00:12:21.0433 4072 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

00:12:21.0511 4072 exfat - ok

00:12:21.0526 4072 ezSharedSvc - ok

00:12:21.0557 4072 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

00:12:21.0604 4072 fastfat - ok

00:12:21.0667 4072 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

00:12:21.0745 4072 Fax - ok

00:12:21.0760 4072 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

00:12:21.0791 4072 fdc - ok

00:12:21.0823 4072 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

00:12:21.0869 4072 fdPHost - ok

00:12:21.0885 4072 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

00:12:21.0901 4072 FDResPub - ok

00:12:21.0932 4072 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

00:12:21.0947 4072 FileInfo - ok

00:12:21.0947 4072 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

00:12:21.0994 4072 Filetrace - ok

00:12:21.0994 4072 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

00:12:22.0010 4072 flpydisk - ok

00:12:22.0041 4072 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

00:12:22.0072 4072 FltMgr - ok

00:12:22.0166 4072 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

00:12:22.0244 4072 FontCache - ok

00:12:22.0306 4072 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

00:12:22.0337 4072 FontCache3.0.0.0 - ok

00:12:22.0431 4072 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

00:12:22.0447 4072 FPLService - ok

00:12:22.0540 4072 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

00:12:22.0556 4072 FsDepends - ok

00:12:22.0571 4072 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

00:12:22.0587 4072 Fs_Rec - ok

00:12:22.0618 4072 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

00:12:22.0634 4072 fvevol - ok

00:12:22.0649 4072 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

00:12:22.0665 4072 gagp30kx - ok

00:12:22.0743 4072 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

00:12:22.0759 4072 GamesAppService - ok

00:12:22.0805 4072 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

00:12:22.0837 4072 GEARAspiWDM - ok

00:12:22.0899 4072 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

00:12:23.0008 4072 gpsvc - ok

00:12:23.0071 4072 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

00:12:23.0117 4072 hcw85cir - ok

00:12:23.0164 4072 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

00:12:23.0227 4072 HdAudAddService - ok

00:12:23.0258 4072 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

00:12:23.0289 4072 HDAudBus - ok

00:12:23.0289 4072 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

00:12:23.0320 4072 HidBatt - ok

00:12:23.0336 4072 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

00:12:23.0383 4072 HidBth - ok

00:12:23.0398 4072 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

00:12:23.0414 4072 HidIr - ok

00:12:23.0445 4072 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

00:12:23.0507 4072 hidserv - ok

00:12:23.0523 4072 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

00:12:23.0539 4072 HidUsb - ok

00:12:23.0554 4072 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

00:12:23.0601 4072 hkmsvc - ok

00:12:23.0632 4072 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

00:12:23.0663 4072 HomeGroupListener - ok

00:12:23.0695 4072 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

00:12:23.0710 4072 HomeGroupProvider - ok

00:12:23.0788 4072 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

00:12:23.0819 4072 HP Health Check Service - ok

00:12:23.0913 4072 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

00:12:23.0929 4072 HPAuto - ok

00:12:23.0960 4072 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

00:12:23.0975 4072 HPClientSvc - ok

00:12:24.0100 4072 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

00:12:24.0116 4072 hpCMSrv - ok

00:12:24.0209 4072 HPDrvMntSvc.exe (18062df0dceb4ed88e03a8b161935722) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

00:12:24.0241 4072 HPDrvMntSvc.exe - ok

00:12:24.0369 4072 hpdskflt (a4be23c451adeb252cd17a0532cae220) C:\Windows\system32\DRIVERS\hpdskflt.sys

00:12:24.0383 4072 hpdskflt - ok

00:12:24.0437 4072 hpqwmiex (7b1637e5e0476ce22e8d76ac1203205e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

00:12:24.0457 4072 hpqwmiex - ok

00:12:24.0520 4072 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

00:12:24.0535 4072 HpSAMD - ok

00:12:24.0585 4072 hpsrv (a88a45e82bc54bffb49c63973010226a) C:\Windows\system32\Hpservice.exe

00:12:24.0593 4072 hpsrv - ok

00:12:24.0645 4072 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

00:12:24.0652 4072 HPWMISVC - ok

00:12:24.0710 4072 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

00:12:24.0772 4072 HTTP - ok

00:12:24.0772 4072 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

00:12:24.0772 4072 hwpolicy - ok

00:12:24.0788 4072 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

00:12:24.0804 4072 i8042prt - ok

00:12:24.0882 4072 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys

00:12:24.0913 4072 iaStor - ok

00:12:25.0006 4072 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

00:12:25.0022 4072 IAStorDataMgrSvc - ok

00:12:25.0100 4072 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

00:12:25.0147 4072 iaStorV - ok

00:12:25.0272 4072 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

00:12:25.0381 4072 idsvc - ok

00:12:25.0552 4072 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120713.001\IDSvia64.sys

00:12:25.0584 4072 IDSVia64 - ok

00:12:25.0677 4072 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

00:12:25.0708 4072 iirsp - ok

00:12:25.0755 4072 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

00:12:25.0818 4072 IKEEXT - ok

00:12:25.0880 4072 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys

00:12:25.0896 4072 intaud_WaveExtensible - ok

00:12:25.0958 4072 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

00:12:26.0005 4072 IntcDAud - ok

00:12:26.0036 4072 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

00:12:26.0067 4072 intelide - ok

00:12:26.0566 4072 intelkmd (6383899c5f964d71b0f96b81fbe59bb8) C:\Windows\system32\DRIVERS\igdpmd64.sys

00:12:26.0816 4072 intelkmd - ok

00:12:26.0925 4072 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

00:12:26.0956 4072 intelppm - ok

00:12:26.0988 4072 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

00:12:27.0050 4072 IPBusEnum - ok

00:12:27.0050 4072 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:12:27.0081 4072 IpFilterDriver - ok

00:12:27.0128 4072 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

00:12:27.0190 4072 iphlpsvc - ok

00:12:27.0206 4072 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

00:12:27.0222 4072 IPMIDRV - ok

00:12:27.0237 4072 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

00:12:27.0268 4072 IPNAT - ok

00:12:27.0362 4072 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

00:12:27.0393 4072 iPod Service - ok

00:12:27.0424 4072 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

00:12:27.0440 4072 IRENUM - ok

00:12:27.0456 4072 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

00:12:27.0471 4072 isapnp - ok

00:12:27.0487 4072 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

00:12:27.0502 4072 iScsiPrt - ok

00:12:27.0549 4072 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys

00:12:27.0565 4072 iwdbus - ok

00:12:27.0580 4072 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

00:12:27.0596 4072 kbdclass - ok

00:12:27.0612 4072 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

00:12:27.0643 4072 kbdhid - ok

00:12:27.0674 4072 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:12:27.0690 4072 KeyIso - ok

00:12:27.0721 4072 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

00:12:27.0736 4072 KSecDD - ok

00:12:27.0752 4072 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

00:12:27.0768 4072 KSecPkg - ok

00:12:27.0783 4072 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

00:12:27.0814 4072 ksthunk - ok

00:12:27.0846 4072 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

00:12:27.0892 4072 KtmRm - ok

00:12:27.0939 4072 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

00:12:27.0986 4072 LanmanServer - ok

00:12:28.0017 4072 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

00:12:28.0048 4072 LanmanWorkstation - ok

00:12:28.0095 4072 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

00:12:28.0142 4072 lltdio - ok

00:12:28.0173 4072 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

00:12:28.0220 4072 lltdsvc - ok

00:12:28.0220 4072 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

00:12:28.0251 4072 lmhosts - ok

00:12:28.0329 4072 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

00:12:28.0360 4072 LMS - ok

00:12:28.0392 4072 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

00:12:28.0423 4072 LSI_FC - ok

00:12:28.0438 4072 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

00:12:28.0454 4072 LSI_SAS - ok

00:12:28.0454 4072 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

00:12:28.0470 4072 LSI_SAS2 - ok

00:12:28.0485 4072 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

00:12:28.0501 4072 LSI_SCSI - ok

00:12:28.0501 4072 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

00:12:28.0548 4072 luafv - ok

00:12:28.0563 4072 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

00:12:28.0579 4072 MBAMProtector - ok

00:12:28.0657 4072 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

00:12:28.0688 4072 MBAMService - ok

00:12:28.0735 4072 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

00:12:28.0766 4072 Mcx2Svc - ok

00:12:28.0797 4072 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

00:12:28.0813 4072 megasas - ok

00:12:28.0844 4072 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

00:12:28.0860 4072 MegaSR - ok

00:12:28.0922 4072 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

00:12:28.0953 4072 MEIx64 - ok

00:12:28.0969 4072 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:12:29.0016 4072 MMCSS - ok

00:12:29.0047 4072 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

00:12:29.0078 4072 Modem - ok

00:12:29.0094 4072 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

00:12:29.0109 4072 monitor - ok

00:12:29.0140 4072 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

00:12:29.0140 4072 mouclass - ok

00:12:29.0140 4072 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

00:12:29.0156 4072 mouhid - ok

00:12:29.0187 4072 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

00:12:29.0187 4072 mountmgr - ok

00:12:29.0265 4072 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

00:12:29.0296 4072 MozillaMaintenance - ok

00:12:29.0312 4072 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

00:12:29.0328 4072 mpio - ok

00:12:29.0343 4072 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

00:12:29.0390 4072 mpsdrv - ok

00:12:29.0437 4072 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

00:12:29.0530 4072 MpsSvc - ok

00:12:29.0577 4072 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

00:12:29.0624 4072 MRxDAV - ok

00:12:29.0655 4072 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:12:29.0718 4072 mrxsmb - ok

00:12:29.0749 4072 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:12:29.0811 4072 mrxsmb10 - ok

00:12:29.0827 4072 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:12:29.0842 4072 mrxsmb20 - ok

00:12:29.0874 4072 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

00:12:29.0905 4072 msahci - ok

00:12:29.0936 4072 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

00:12:29.0967 4072 msdsm - ok

00:12:29.0983 4072 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

00:12:30.0030 4072 MSDTC - ok

00:12:30.0045 4072 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

00:12:30.0076 4072 Msfs - ok

00:12:30.0092 4072 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

00:12:30.0123 4072 mshidkmdf - ok

00:12:30.0123 4072 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

00:12:30.0139 4072 msisadrv - ok

00:12:30.0170 4072 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

00:12:30.0201 4072 MSiSCSI - ok

00:12:30.0201 4072 msiserver - ok

00:12:30.0217 4072 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

00:12:30.0248 4072 MSKSSRV - ok

00:12:30.0264 4072 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

00:12:30.0295 4072 MSPCLOCK - ok

00:12:30.0295 4072 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

00:12:30.0342 4072 MSPQM - ok

00:12:30.0373 4072 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

00:12:30.0373 4072 MsRPC - ok

00:12:30.0388 4072 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

00:12:30.0388 4072 mssmbios - ok

00:12:30.0388 4072 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

00:12:30.0435 4072 MSTEE - ok

00:12:30.0435 4072 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

00:12:30.0451 4072 MTConfig - ok

00:12:30.0466 4072 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

00:12:30.0466 4072 Mup - ok

00:12:30.0576 4072 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

00:12:30.0607 4072 MyWiFiDHCPDNS - ok

00:12:30.0669 4072 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe

00:12:30.0700 4072 N360 - ok

00:12:30.0732 4072 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

00:12:30.0810 4072 napagent - ok

00:12:30.0856 4072 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

00:12:30.0903 4072 NativeWifiP - ok

00:12:31.0059 4072 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120713.004\ENG64.SYS

00:12:31.0090 4072 NAVENG - ok

00:12:31.0200 4072 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120713.004\EX64.SYS

00:12:31.0215 4072 NAVEX15 - ok

00:12:31.0387 4072 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

00:12:31.0449 4072 NDIS - ok

00:12:31.0465 4072 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

00:12:31.0480 4072 NdisCap - ok

00:12:31.0496 4072 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

00:12:31.0527 4072 NdisTapi - ok

00:12:31.0543 4072 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

00:12:31.0574 4072 Ndisuio - ok

00:12:31.0590 4072 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

00:12:31.0621 4072 NdisWan - ok

00:12:31.0621 4072 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

00:12:31.0652 4072 NDProxy - ok

00:12:31.0652 4072 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

00:12:31.0683 4072 NetBIOS - ok

00:12:31.0714 4072 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

00:12:31.0746 4072 NetBT - ok

00:12:31.0777 4072 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:12:31.0792 4072 Netlogon - ok

00:12:31.0855 4072 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

00:12:31.0917 4072 Netman - ok

00:12:31.0964 4072 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

00:12:32.0026 4072 netprofm - ok

00:12:32.0104 4072 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:12:32.0136 4072 NetTcpPortSharing - ok

00:12:32.0557 4072 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys

00:12:32.0775 4072 NETwNs64 - ok

00:12:32.0900 4072 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

00:12:32.0931 4072 nfrd960 - ok

00:12:32.0994 4072 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

00:12:33.0056 4072 NlaSvc - ok

00:12:33.0072 4072 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

00:12:33.0103 4072 Npfs - ok

00:12:33.0103 4072 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

00:12:33.0150 4072 nsi - ok

00:12:33.0150 4072 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

00:12:33.0181 4072 nsiproxy - ok

00:12:33.0290 4072 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

00:12:33.0352 4072 Ntfs - ok

00:12:33.0462 4072 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

00:12:33.0524 4072 Null - ok

00:12:33.0586 4072 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys

00:12:33.0618 4072 nusb3hub - ok

00:12:33.0649 4072 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys

00:12:33.0696 4072 nusb3xhc - ok

00:12:33.0727 4072 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

00:12:33.0789 4072 NVENETFD - ok

00:12:33.0820 4072 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

00:12:33.0852 4072 nvraid - ok

00:12:33.0867 4072 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

00:12:33.0883 4072 nvstor - ok

00:12:33.0883 4072 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

00:12:33.0898 4072 nv_agp - ok

00:12:33.0914 4072 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

00:12:33.0930 4072 ohci1394 - ok

00:12:33.0961 4072 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:12:33.0992 4072 p2pimsvc - ok

00:12:34.0023 4072 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

00:12:34.0070 4072 p2psvc - ok

00:12:34.0086 4072 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

00:12:34.0101 4072 Parport - ok

00:12:34.0117 4072 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

00:12:34.0132 4072 partmgr - ok

00:12:34.0148 4072 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

00:12:34.0179 4072 PcaSvc - ok

00:12:34.0195 4072 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

00:12:34.0210 4072 pci - ok

00:12:34.0210 4072 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

00:12:34.0210 4072 pciide - ok

00:12:34.0242 4072 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

00:12:34.0257 4072 pcmcia - ok

00:12:34.0257 4072 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

00:12:34.0273 4072 pcw - ok

00:12:34.0335 4072 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

00:12:34.0398 4072 PEAUTH - ok

00:12:34.0460 4072 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

00:12:34.0507 4072 PerfHost - ok

00:12:34.0600 4072 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

00:12:34.0678 4072 pla - ok

00:12:34.0756 4072 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

00:12:34.0834 4072 PlugPlay - ok

00:12:34.0850 4072 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

00:12:34.0897 4072 PNRPAutoReg - ok

00:12:34.0928 4072 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:12:34.0959 4072 PNRPsvc - ok

00:12:35.0006 4072 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

00:12:35.0068 4072 PolicyAgent - ok

00:12:35.0100 4072 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

00:12:35.0131 4072 Power - ok

00:12:35.0193 4072 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

00:12:35.0271 4072 PptpMiniport - ok

00:12:35.0302 4072 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

00:12:35.0334 4072 Processor - ok

00:12:35.0380 4072 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

00:12:35.0412 4072 ProfSvc - ok

00:12:35.0443 4072 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:12:35.0458 4072 ProtectedStorage - ok

00:12:35.0505 4072 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

00:12:35.0568 4072 Psched - ok

00:12:35.0677 4072 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

00:12:35.0739 4072 ql2300 - ok

00:12:35.0848 4072 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

00:12:35.0880 4072 ql40xx - ok

00:12:35.0911 4072 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

00:12:35.0942 4072 QWAVE - ok

00:12:35.0942 4072 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

00:12:35.0973 4072 QWAVEdrv - ok

00:12:35.0973 4072 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

00:12:36.0020 4072 RasAcd - ok

00:12:36.0051 4072 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:12:36.0098 4072 RasAgileVpn - ok

00:12:36.0114 4072 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

00:12:36.0160 4072 RasAuto - ok

00:12:36.0176 4072 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:12:36.0207 4072 Rasl2tp - ok

00:12:36.0254 4072 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

00:12:36.0301 4072 RasMan - ok

00:12:36.0301 4072 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

00:12:36.0348 4072 RasPppoe - ok

00:12:36.0379 4072 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

00:12:36.0441 4072 RasSstp - ok

00:12:36.0488 4072 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

00:12:36.0550 4072 rdbss - ok

00:12:36.0550 4072 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

00:12:36.0582 4072 rdpbus - ok

00:12:36.0597 4072 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:12:36.0628 4072 RDPCDD - ok

00:12:36.0628 4072 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

00:12:36.0660 4072 RDPENCDD - ok

00:12:36.0660 4072 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

00:12:36.0691 4072 RDPREFMP - ok

00:12:36.0722 4072 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

00:12:36.0753 4072 RDPWD - ok

00:12:36.0784 4072 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

00:12:36.0800 4072 rdyboost - ok

00:12:36.0925 4072 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

00:12:36.0956 4072 RegSrvc - ok

00:12:36.0987 4072 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

00:12:37.0018 4072 RemoteAccess - ok

00:12:37.0065 4072 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

00:12:37.0096 4072 RemoteRegistry - ok

00:12:37.0174 4072 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

00:12:37.0206 4072 RoxioNow Service - ok

00:12:37.0221 4072 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

00:12:37.0284 4072 RpcEptMapper - ok

00:12:37.0299 4072 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

00:12:37.0330 4072 RpcLocator - ok

00:12:37.0362 4072 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:12:37.0393 4072 RpcSs - ok

00:12:37.0471 4072 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys

00:12:37.0502 4072 RSPCIESTOR - ok

00:12:37.0533 4072 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

00:12:37.0580 4072 rspndr - ok

00:12:37.0627 4072 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys

00:12:37.0642 4072 RTL8167 - ok

00:12:37.0674 4072 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:12:37.0689 4072 SamSs - ok

00:12:37.0705 4072 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

00:12:37.0720 4072 sbp2port - ok

00:12:37.0752 4072 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

00:12:37.0783 4072 SCardSvr - ok

00:12:37.0783 4072 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

00:12:37.0814 4072 scfilter - ok

00:12:37.0892 4072 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

00:12:37.0954 4072 Schedule - ok

00:12:37.0986 4072 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:12:38.0017 4072 SCPolicySvc - ok

00:12:38.0079 4072 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

00:12:38.0126 4072 sdbus - ok

00:12:38.0157 4072 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

00:12:38.0220 4072 SDRSVC - ok

00:12:38.0298 4072 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

00:12:38.0313 4072 SeaPort - ok

00:12:38.0344 4072 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

00:12:38.0407 4072 secdrv - ok

00:12:38.0438 4072 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

00:12:38.0500 4072 seclogon - ok

00:12:38.0532 4072 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

00:12:38.0563 4072 SENS - ok

00:12:38.0594 4072 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

00:12:38.0641 4072 SensrSvc - ok

00:12:38.0672 4072 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

00:12:38.0719 4072 Serenum - ok

00:12:38.0734 4072 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

00:12:38.0750 4072 Serial - ok

00:12:38.0766 4072 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

00:12:38.0781 4072 sermouse - ok

00:12:38.0828 4072 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

00:12:38.0859 4072 SessionEnv - ok

00:12:38.0859 4072 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

00:12:38.0875 4072 sffdisk - ok

00:12:38.0875 4072 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

00:12:38.0890 4072 sffp_mmc - ok

00:12:38.0890 4072 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

00:12:38.0906 4072 sffp_sd - ok

00:12:38.0922 4072 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

00:12:38.0937 4072 sfloppy - ok

00:12:38.0968 4072 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

00:12:39.0000 4072 SharedAccess - ok

00:12:39.0046 4072 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

00:12:39.0093 4072 ShellHWDetection - ok

00:12:39.0124 4072 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

00:12:39.0140 4072 SiSRaid2 - ok

00:12:39.0156 4072 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

00:12:39.0156 4072 SiSRaid4 - ok

00:12:39.0187 4072 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

00:12:39.0218 4072 Smb - ok

00:12:39.0265 4072 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

00:12:39.0296 4072 SNMPTRAP - ok

00:12:39.0312 4072 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

00:12:39.0312 4072 spldr - ok

00:12:39.0358 4072 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

00:12:39.0421 4072 Spooler - ok

00:12:39.0592 4072 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

00:12:39.0686 4072 sppsvc - ok

00:12:39.0780 4072 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

00:12:39.0811 4072 sppuinotify - ok

00:12:39.0904 4072 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSP64.SYS

00:12:39.0936 4072 SRTSP - ok

00:12:39.0936 4072 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS

00:12:39.0936 4072 SRTSPX - ok

00:12:39.0982 4072 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

00:12:40.0045 4072 srv - ok

00:12:40.0076 4072 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

00:12:40.0123 4072 srv2 - ok

00:12:40.0185 4072 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

00:12:40.0201 4072 SrvHsfHDA - ok

00:12:40.0263 4072 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

00:12:40.0326 4072 SrvHsfV92 - ok

00:12:40.0482 4072 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

00:12:40.0528 4072 SrvHsfWinac - ok

00:12:40.0544 4072 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

00:12:40.0560 4072 srvnet - ok

00:12:40.0606 4072 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

00:12:40.0653 4072 SSDPSRV - ok

00:12:40.0669 4072 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

00:12:40.0700 4072 SstpSvc - ok

00:12:40.0778 4072 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe

00:12:40.0794 4072 STacSV - ok

00:12:40.0856 4072 Steam Client Service - ok

00:12:40.0872 4072 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

00:12:40.0887 4072 stexstor - ok

00:12:40.0950 4072 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys

00:12:40.0996 4072 STHDA - ok

00:12:41.0059 4072 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

00:12:41.0106 4072 stisvc - ok

00:12:41.0121 4072 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

00:12:41.0137 4072 swenum - ok

00:12:41.0168 4072 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

00:12:41.0246 4072 swprv - ok

00:12:41.0308 4072 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS

00:12:41.0355 4072 SymDS - ok

00:12:41.0464 4072 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS

00:12:41.0511 4072 SymEFA - ok

00:12:41.0542 4072 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

00:12:41.0558 4072 SymEvent - ok

00:12:41.0574 4072 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS

00:12:41.0589 4072 SymIRON - ok

00:12:41.0605 4072 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS

00:12:41.0620 4072 SymNetS - ok

00:12:41.0714 4072 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys

00:12:41.0745 4072 SynTP - ok

00:12:41.0932 4072 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

00:12:41.0995 4072 SysMain - ok

00:12:42.0073 4072 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

00:12:42.0104 4072 TabletInputService - ok

00:12:42.0135 4072 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

00:12:42.0182 4072 TapiSrv - ok

00:12:42.0213 4072 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

00:12:42.0229 4072 TBS - ok

00:12:42.0369 4072 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

00:12:42.0416 4072 Tcpip - ok

00:12:42.0603 4072 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

00:12:42.0650 4072 TCPIP6 - ok

00:12:42.0712 4072 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

00:12:42.0759 4072 tcpipreg - ok

00:12:42.0775 4072 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

00:12:42.0790 4072 TDPIPE - ok

00:12:42.0806 4072 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

00:12:42.0837 4072 TDTCP - ok

00:12:42.0837 4072 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

00:12:42.0868 4072 tdx - ok

00:12:42.0884 4072 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

00:12:42.0900 4072 TermDD - ok

00:12:42.0946 4072 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

00:12:43.0024 4072 TermService - ok

00:12:43.0040 4072 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

00:12:43.0056 4072 Themes - ok

00:12:43.0087 4072 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:12:43.0118 4072 THREADORDER - ok

00:12:43.0149 4072 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

00:12:43.0180 4072 TrkWks - ok

00:12:43.0243 4072 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

00:12:43.0290 4072 TrustedInstaller - ok

00:12:43.0305 4072 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:12:43.0336 4072 tssecsrv - ok

00:12:43.0368 4072 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

00:12:43.0383 4072 TsUsbFlt - ok

00:12:43.0399 4072 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

00:12:43.0399 4072 TsUsbGD - ok

00:12:43.0430 4072 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

00:12:43.0477 4072 tunnel - ok

00:12:43.0492 4072 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

00:12:43.0492 4072 uagp35 - ok

00:12:43.0524 4072 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

00:12:43.0570 4072 udfs - ok

00:12:43.0602 4072 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

00:12:43.0617 4072 UI0Detect - ok

00:12:43.0617 4072 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

00:12:43.0633 4072 uliagpkx - ok

00:12:43.0664 4072 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

00:12:43.0680 4072 umbus - ok

00:12:43.0680 4072 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

00:12:43.0711 4072 UmPass - ok

00:12:43.0898 4072 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

00:12:43.0929 4072 UNS - ok

00:12:44.0038 4072 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

00:12:44.0132 4072 upnphost - ok

00:12:44.0194 4072 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

00:12:44.0226 4072 usbccgp - ok

00:12:44.0272 4072 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

00:12:44.0304 4072 usbcir - ok

00:12:44.0319 4072 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

00:12:44.0335 4072 usbehci - ok

00:12:44.0382 4072 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

00:12:44.0444 4072 usbhub - ok

00:12:44.0444 4072 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

00:12:44.0460 4072 usbohci - ok

00:12:44.0475 4072 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

00:12:44.0506 4072 usbprint - ok

00:12:44.0522 4072 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:12:44.0553 4072 USBSTOR - ok

00:12:44.0569 4072 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

00:12:44.0600 4072 usbuhci - ok

00:12:44.0631 4072 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

00:12:44.0647 4072 usbvideo - ok

00:12:44.0678 4072 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

00:12:44.0725 4072 UxSms - ok

00:12:44.0756 4072 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:12:44.0772 4072 VaultSvc - ok

00:12:44.0772 4072 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

00:12:44.0787 4072 vdrvroot - ok

00:12:44.0818 4072 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

00:12:44.0865 4072 vds - ok

00:12:44.0881 4072 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

00:12:44.0881 4072 vga - ok

00:12:44.0896 4072 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

00:12:44.0928 4072 VgaSave - ok

00:12:44.0959 4072 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

00:12:44.0990 4072 vhdmp - ok

00:12:44.0990 4072 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

00:12:45.0006 4072 viaide - ok

00:12:45.0021 4072 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

00:12:45.0037 4072 volmgr - ok

00:12:45.0068 4072 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

00:12:45.0099 4072 volmgrx - ok

00:12:45.0115 4072 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

00:12:45.0146 4072 volsnap - ok

00:12:45.0162 4072 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

00:12:45.0162 4072 vsmraid - ok

00:12:45.0255 4072 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

00:12:45.0333 4072 VSS - ok

00:12:45.0442 4072 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

00:12:45.0489 4072 vwifibus - ok

00:12:45.0505 4072 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

00:12:45.0536 4072 vwififlt - ok

00:12:45.0552 4072 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

00:12:45.0583 4072 vwifimp - ok

00:12:45.0614 4072 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

00:12:45.0692 4072 W32Time - ok

00:12:45.0708 4072 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

00:12:45.0739 4072 WacomPen - ok

00:12:45.0754 4072 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:12:45.0801 4072 WANARP - ok

00:12:45.0801 4072 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:12:45.0832 4072 Wanarpv6 - ok

00:12:45.0942 4072 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

00:12:46.0004 4072 WatAdminSvc - ok

00:12:46.0098 4072 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

00:12:46.0191 4072 wbengine - ok

00:12:46.0300 4072 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

00:12:46.0332 4072 WbioSrvc - ok

00:12:46.0363 4072 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

00:12:46.0394 4072 wcncsvc - ok

00:12:46.0410 4072 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

00:12:46.0441 4072 WcsPlugInService - ok

00:12:46.0472 4072 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

00:12:46.0488 4072 Wd - ok

00:12:46.0519 4072 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

00:12:46.0566 4072 Wdf01000 - ok

00:12:46.0581 4072 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:12:46.0628 4072 WdiServiceHost - ok

00:12:46.0628 4072 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:12:46.0644 4072 WdiSystemHost - ok

00:12:46.0690 4072 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

00:12:46.0737 4072 WebClient - ok

00:12:46.0753 4072 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

00:12:46.0800 4072 Wecsvc - ok

00:12:46.0815 4072 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

00:12:46.0831 4072 wercplsupport - ok

00:12:46.0846 4072 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

00:12:46.0893 4072 WerSvc - ok

00:12:46.0940 4072 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

00:12:47.0002 4072 WfpLwf - ok

00:12:47.0018 4072 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

00:12:47.0018 4072 WIMMount - ok

00:12:47.0065 4072 WinDefend - ok

00:12:47.0065 4072 WinHttpAutoProxySvc - ok

00:12:47.0143 4072 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

00:12:47.0190 4072 Winmgmt - ok

00:12:47.0361 4072 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

00:12:47.0439 4072 WinRM - ok

00:12:47.0548 4072 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

00:12:47.0564 4072 WinUsb - ok

00:12:47.0626 4072 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

00:12:47.0673 4072 Wlansvc - ok

00:12:47.0720 4072 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

00:12:47.0736 4072 wlcrasvc - ok

00:12:47.0907 4072 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:12:47.0938 4072 wlidsvc - ok

00:12:48.0048 4072 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

00:12:48.0079 4072 WmiAcpi - ok

00:12:48.0126 4072 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

00:12:48.0172 4072 wmiApSrv - ok

00:12:48.0219 4072 WMPNetworkSvc - ok

00:12:48.0266 4072 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

00:12:48.0282 4072 WPCSvc - ok

00:12:48.0313 4072 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

00:12:48.0313 4072 WPDBusEnum - ok

00:12:48.0328 4072 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

00:12:48.0360 4072 ws2ifsl - ok

00:12:48.0375 4072 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

00:12:48.0406 4072 wscsvc - ok

00:12:48.0406 4072 WSearch - ok

00:12:48.0531 4072 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

00:12:48.0656 4072 wuauserv - ok

00:12:48.0750 4072 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

00:12:48.0812 4072 WudfPf - ok

00:12:48.0843 4072 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:12:48.0874 4072 WUDFRd - ok

00:12:48.0906 4072 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

00:12:48.0921 4072 wudfsvc - ok

00:12:48.0952 4072 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

00:12:48.0984 4072 WwanSvc - ok

00:12:48.0999 4072 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

00:12:49.0030 4072 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

00:12:49.0030 4072 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

00:12:49.0202 4072 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

00:12:49.0202 4072 \Device\Harddisk0\DR0 - detected TDSS File System (1)

00:12:49.0233 4072 Boot (0x1200) (77df3104b4d6f5101075e0e5a69db8d7) \Device\Harddisk0\DR0\Partition0

00:12:49.0233 4072 \Device\Harddisk0\DR0\Partition0 - ok

00:12:49.0249 4072 Boot (0x1200) (f5017d46674d713064eae4a9f6ba488f) \Device\Harddisk0\DR0\Partition1

00:12:49.0264 4072 \Device\Harddisk0\DR0\Partition1 - ok

00:12:49.0280 4072 Boot (0x1200) (777b4e803c8731ac74191ccd4595c04f) \Device\Harddisk0\DR0\Partition2

00:12:49.0296 4072 \Device\Harddisk0\DR0\Partition2 - ok

00:12:49.0311 4072 Boot (0x1200) (db0034b67ca40575ceb72324dfba234c) \Device\Harddisk0\DR0\Partition3

00:12:49.0311 4072 \Device\Harddisk0\DR0\Partition3 - ok

00:12:49.0311 4072 ============================================================

00:12:49.0311 4072 Scan finished

00:12:49.0311 4072 ============================================================

00:12:49.0327 4632 Detected object count: 2

00:12:49.0327 4632 Actual detected object count: 2

00:13:08.0718 4632 \Device\Harddisk0\DR0\# - copied to quarantine

00:13:08.0718 4632 \Device\Harddisk0\DR0 - copied to quarantine

00:13:08.0780 4632 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

00:13:08.0796 4632 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

00:13:08.0796 4632 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

00:13:08.0796 4632 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

00:13:08.0811 4632 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

00:13:08.0842 4632 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

00:13:08.0858 4632 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

00:13:08.0874 4632 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

00:13:08.0889 4632 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

00:13:08.0889 4632 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

00:13:08.0936 4632 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

00:13:08.0936 4632 \Device\Harddisk0\DR0 - ok

00:13:09.0310 4632 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

00:13:09.0326 4632 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

00:13:09.0326 4632 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

00:13:09.0342 4632 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

00:13:09.0342 4632 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

00:13:09.0357 4632 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

00:13:09.0373 4632 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

00:13:09.0404 4632 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

00:13:09.0420 4632 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

00:13:09.0435 4632 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

00:13:09.0466 4632 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

00:13:09.0466 4632 \Device\Harddisk0\DR0\TDLFS - deleted

00:13:09.0466 4632 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

00:13:57.0382 6836 Deinitialize success

Share this post


Link to post
Share on other sites

Okay, just as an update, I noticed that the mystery svchost.exe*32 process has now disappeared from my task manager and the windows updates that kept failing to install have now installed successfully. I did another malwarebyte scan and it didn't detect any malware this time.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.14.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Patric :: PATRIC-HP [administrator]

Protection: Enabled

7/14/2012 1:34:49 AM

mbam-log-2012-07-14 (01-34-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206869

Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Great...just run ComboFix to make sure we got it all:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

I've tried following the instructions, but the scan seems to stop at Stage 4 and doesn't progress, even after I've left it running for at least an hour.

Share this post


Link to post
Share on other sites

OK...try this..........

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. Stop it after half an hour or so of no activity.

MrC

Share this post


Link to post
Share on other sites

Great :)

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

MBAM didn't detect anything, and my computer is now running better than ever.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.15.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Patric :: PATRIC-HP [administrator]

Protection: Enabled

7/15/2012 12:19:22 PM

mbam-log-2012-07-15 (12-19-22).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210966

Time elapsed: 1 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.