24 replies to this topic

[mandre87]

I have an ASUS laptop running windows 7 ultimate. I noticed my browser (I only use FireFox) slowing significantly, and when I closed my laptop lid to "sleep" it until I used it next, everytime I would turn it back on it would state that windows had shutdown inappropriately/unsafely, and gave me the screen prompting "start windows normally", try "startup repair", etc. I ran norton antivirus and the virus was not caught. I have no previous system restore points to go back to unfortunately.

Malwarebytes was the only thing that caught the trojan. I tried clicking the remove option, and was prompted that I needed to restart my computer to completely delete the trojan. I followed the instructions. On reboot I reran Malwarebytes, but the trojan was still present. I repeated this 2 more times with no luck, the trojan will not stay removed. Here is a picture of my scan results:




What do I do?

Here are the posting requirements:
1) Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 5/27/2011 6:42:18 AM
System Uptime: 3/8/2012 6:22:53 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | N53SV
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 14.816 GiB free.
D: is FIXED (NTFS) - 328 GiB total, 327.185 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0031
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0031
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart 5510 series
Device ID: ROOT\MULTIFUNCTION\0032
Manufacturer: HP
Name: Photosmart 5510 series
PNP Device ID: ROOT\MULTIFUNCTION\0032
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0013
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0013
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0033
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0033
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer: HP
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8000 A809
Device ID: ROOT\MULTIFUNCTION\0015
Manufacturer: HP
Name: Officejet Pro 8000 A809
PNP Device ID: ROOT\MULTIFUNCTION\0015
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0016
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0016
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0017
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0017
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0018
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0018
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E710n-z
Device ID: ROOT\MULTIFUNCTION\0019
Manufacturer: HP
Name: Officejet 6500 E710n-z
PNP Device ID: ROOT\MULTIFUNCTION\0019
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet Professional P1102w
Device ID: ROOT\MULTIFUNCTION\0020
Manufacturer: Hewlett-Packard
Name: HP LaserJet Professional P1102w
PNP Device ID: ROOT\MULTIFUNCTION\0020
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Envy 100 D410 series
Device ID: ROOT\MULTIFUNCTION\0021
Manufacturer: HP
Name: Envy 100 D410 series
PNP Device ID: ROOT\MULTIFUNCTION\0021
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID:
Description: Officejet 6500 E710n-z
Device ID: ROOT\MULTIFUNCTION\0022
Manufacturer:
Name: Officejet 6500 E710n-z
PNP Device ID: ROOT\MULTIFUNCTION\0022
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet Professional P1102w
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: HP LaserJet Professional P1102w
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0023
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0023
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Prem C310 series
Device ID: ROOT\MULTIFUNCTION\0024
Manufacturer: HP
Name: Photosmart Prem C310 series
PNP Device ID: ROOT\MULTIFUNCTION\0024
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Plus B210 series
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: HP
Name: Photosmart Plus B210 series
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050A J611 series
Device ID: ROOT\MULTIFUNCTION\0025
Manufacturer: HP
Name: Deskjet 3050A J611 series
PNP Device ID: ROOT\MULTIFUNCTION\0025
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0026
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0026
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0027
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0027
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0028
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0028
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0029
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0029
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet Professional P1102w
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer: Hewlett-Packard
Name: HP LaserJet Professional P1102w
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart Premium C309g-m
Device ID: ROOT\MULTIFUNCTION\0030
Manufacturer: HP
Name: Photosmart Premium C309g-m
PNP Device ID: ROOT\MULTIFUNCTION\0030
Service:
.
==== System Restore Points ===================
.
RP120: 3/8/2012 4:43:44 PM - Trojan Infected =(
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS_Screensaver
Atheros WLAN and Bluetooth Client Installation Program
ATK Package
BitTorrent
BufferChm
D3DX10
DAEMON Tools Lite
Destinations
DeviceDiscovery
DocMgr
DocProc
Dropbox
ExpressGate Cloud
Fax
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Update Helper
GPBaseService2
High-Definition Video Playback 10
HP Update
HPProductAssistant
HPSSupply
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Java Auto Updater
Java™ 6 Update 26
League of Legends
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Netscape Navigator (9.0.0.6)
Norton Security Suite
Notepad++
PDF Settings CS5
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
RealUpgrade 1.1
SafeConnect
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skype™ 5.3
SmartWebPrinting
SolutionCenter
SonicMaster
Status
System Requirements Lab
Toolbox
TrayApp
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.9
WebReg
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinFlash
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
3/8/2012 6:24:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/8/2012 6:23:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
3/8/2012 6:23:25 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/8/2012 5:38:27 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/8/2012 5:38:27 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
3/8/2012 5:38:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/8/2012 5:38:26 PM, Error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2012 5:37:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/8/2012 5:37:16 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/8/2012 5:36:02 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..
3/8/2012 5:36:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/8/2012 4:39:33 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/8/2012 1:19:03 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 0, function 0. Please contact your system vendor for technical assistance.
3/8/2012 1:09:19 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2012 2:41:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RON-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{358434BC-67C6-4BBE-BC51-C316E9B5F9A5}. The master browser is stopping or an election is being forced.
3/4/2012 1:04:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/3/2012 8:08:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Atheros Bt&Wlan Coex Agent service.
3/2/2012 5:10:49 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
.
==== End Of File ===========================






2) DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Mark at 18:29:12 on 2012-03-08
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4007.1448 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\RunFDS.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files\Rocketfish 2.4GHz Ergo Laser Mouse Driver\ICO.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\Rocketfish 2.4GHz Ergo Laser Mouse Driver\Pelmiced.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\rstrui.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\vds.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AdobeBridge]
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{338131A1-356A-4E24-A5F4-B75ADF52BFC8} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{358434BC-67C6-4BBE-BC51-C316E9B5F9A5} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\796abxhh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-3-2 1157240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120307.002\IDSviA64.sys [2012-3-7 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [2011-4-12 151552]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe [2010-11-25 52896]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-12 2009704]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-12 2656280]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-15 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-12 135664]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]
.
=============== Created Last 30 ================
.
2012-03-09 02:24:15 20480 ----a-w- C:\Windows\svchost.exe
2012-03-08 08:10:45 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3433.tmp
2012-03-08 08:10:45 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3413.tmp
2012-03-06 16:22:55 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4557DA22-4D41-4A39-8DD0-FFA7AA5798BC}\mpengine.dll
2012-03-02 06:59:06 -------- d-----w- C:\Riot Games
2012-02-15 18:30:37 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 18:30:37 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 18:30:35 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 18:30:35 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 18:30:34 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 18:30:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 18:30:30 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 18:30:30 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-08 03:06:43 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys
2012-02-08 03:06:43 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys
2012-02-08 03:06:43 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys
2012-02-08 03:06:43 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys
2012-02-08 03:06:43 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symnets.sys
2012-02-08 03:06:43 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys
2012-02-08 03:06:25 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502000.00D
.
==================== Find3M ====================
.
2012-03-09 02:23:35 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-17 02:34:17 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 18:31:38.08 ===============


Thank you!

Attached Files

•  DDS.txt   23.77K   7 downloads
•  Attach.txt   16.85K   7 downloads

[mandre87]

Also, I keep getting redirected when I use google.

I forgot to include it before, but here is my latest Malwarebytes quick scan log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.09.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mark :: MARK-PC [administrator]

3/9/2012 2:23:03 PM
mbam-log-2012-03-09 (14-23-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205243
Time elapsed: 52 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5728 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

[Elise]

Hello and

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

[mandre87]

While my antivirus, Norton security suite, never detected the virus before, it popped up after I ran the TDSSKiller saying it had found and was now blocking tsk0000 (trojan.gen), tsk0001 (trojan horse), task0003 (Backdoor.Pihar), tsk0005 (Backdoor.Pihar), task0009 (Trojan horse), & tsk0010.dta (Trojan horse).

Here are the results of the TDSS scan:

11:15:58.0718 1636 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
11:16:00.0719 1636 ============================================================
11:16:00.0719 1636 Current date / time: 2012/03/10 11:16:00.0719
11:16:00.0719 1636 SystemInfo:
11:16:00.0719 1636
11:16:00.0720 1636 OS Version: 6.1.7601 ServicePack: 1.0
11:16:00.0720 1636 Product type: Workstation
11:16:00.0720 1636 ComputerName: MARK-PC
11:16:00.0720 1636 UserName: Mark
11:16:00.0720 1636 Windows directory: C:\Windows
11:16:00.0720 1636 System windows directory: C:\Windows
11:16:00.0720 1636 Running under WOW64
11:16:00.0720 1636 Processor architecture: Intel x64
11:16:00.0720 1636 Number of processors: 8
11:16:00.0720 1636 Page size: 0x1000
11:16:00.0720 1636 Boot type: Normal boot
11:16:00.0720 1636 ============================================================
11:16:01.0722 1636 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:16:01.0728 1636 \Device\Harddisk0\DR0:
11:16:01.0728 1636 MBR used
11:16:01.0728 1636 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0xE8E0909
11:16:01.0741 1636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x113DB000, BlocksNum 0x28FAA800
11:16:01.0829 1636 Initialize success
11:16:01.0829 1636 ============================================================
11:16:25.0945 2264 ============================================================
11:16:25.0945 2264 Scan started
11:16:25.0945 2264 Mode: Manual;
11:16:25.0945 2264 ============================================================
11:16:26.0433 2264 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:16:26.0446 2264 1394ohci - ok
11:16:26.0502 2264 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:16:26.0508 2264 ACPI - ok
11:16:26.0546 2264 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:16:26.0548 2264 AcpiPmi - ok
11:16:26.0625 2264 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:16:26.0649 2264 adp94xx - ok
11:16:26.0694 2264 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:16:26.0701 2264 adpahci - ok
11:16:26.0743 2264 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:16:26.0748 2264 adpu320 - ok
11:16:26.0833 2264 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:16:26.0852 2264 AFD - ok
11:16:26.0904 2264 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:16:26.0908 2264 agp440 - ok
11:16:26.0960 2264 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:16:26.0963 2264 aliide - ok
11:16:26.0998 2264 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:16:27.0001 2264 amdide - ok
11:16:27.0031 2264 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:16:27.0035 2264 AmdK8 - ok
11:16:27.0070 2264 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:16:27.0073 2264 AmdPPM - ok
11:16:27.0121 2264 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:16:27.0124 2264 amdsata - ok
11:16:27.0158 2264 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:16:27.0163 2264 amdsbs - ok
11:16:27.0196 2264 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:16:27.0199 2264 amdxata - ok
11:16:27.0267 2264 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
11:16:27.0270 2264 AmUStor - ok
11:16:27.0331 2264 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:16:27.0350 2264 AppID - ok
11:16:27.0443 2264 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:16:27.0447 2264 arc - ok
11:16:27.0469 2264 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:16:27.0471 2264 arcsas - ok
11:16:27.0543 2264 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
11:16:27.0545 2264 ASMMAP64 - ok
11:16:27.0582 2264 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:16:27.0584 2264 AsyncMac - ok
11:16:27.0639 2264 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:16:27.0642 2264 atapi - ok
11:16:27.0707 2264 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
11:16:27.0718 2264 AthBTPort - ok
11:16:27.0815 2264 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
11:16:27.0898 2264 athr - ok
11:16:27.0987 2264 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
11:16:27.0990 2264 ATKWMIACPIIO - ok
11:16:28.0217 2264 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:16:37.0500 2264 b06bdrv - ok
11:16:37.0583 2264 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:16:37.0603 2264 b57nd60a - ok
11:16:37.0662 2264 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:16:37.0664 2264 Beep - ok
11:16:37.0842 2264 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys
11:16:37.0884 2264 BHDrvx64 - ok
11:16:37.0946 2264 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:16:37.0949 2264 blbdrive - ok
11:16:38.0030 2264 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:16:38.0033 2264 bowser - ok
11:16:38.0069 2264 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:16:38.0071 2264 BrFiltLo - ok
11:16:38.0104 2264 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:16:38.0107 2264 BrFiltUp - ok
11:16:38.0162 2264 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:16:38.0168 2264 Brserid - ok
11:16:38.0204 2264 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:16:38.0206 2264 BrSerWdm - ok
11:16:38.0228 2264 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:16:38.0230 2264 BrUsbMdm - ok
11:16:38.0253 2264 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:16:38.0254 2264 BrUsbSer - ok
11:16:38.0305 2264 BTATH_A2DP (227c8f308de4af4808e587465ceab838) C:\Windows\system32\drivers\btath_a2dp.sys
11:16:38.0310 2264 BTATH_A2DP - ok
11:16:38.0358 2264 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
11:16:38.0361 2264 BTATH_BUS - ok
11:16:38.0403 2264 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
11:16:38.0419 2264 BTATH_HCRP - ok
11:16:38.0468 2264 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
11:16:38.0471 2264 BTATH_LWFLT - ok
11:16:38.0504 2264 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
11:16:38.0508 2264 BTATH_RCP - ok
11:16:38.0563 2264 BtFilter (0f4c980b9612abdb25bcabf0c660c058) C:\Windows\system32\DRIVERS\btfilter.sys
11:16:38.0568 2264 BtFilter - ok
11:16:38.0620 2264 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:16:38.0623 2264 BthEnum - ok
11:16:38.0677 2264 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:16:38.0680 2264 BTHMODEM - ok
11:16:38.0713 2264 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:16:38.0716 2264 BthPan - ok
11:16:38.0773 2264 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
11:16:38.0791 2264 BTHPORT - ok
11:16:38.0852 2264 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
11:16:38.0855 2264 BTHUSB - ok
11:16:38.0892 2264 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:16:38.0896 2264 cdfs - ok
11:16:38.0960 2264 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:16:38.0974 2264 cdrom - ok
11:16:39.0021 2264 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:16:39.0023 2264 circlass - ok
11:16:39.0068 2264 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:16:39.0074 2264 CLFS - ok
11:16:39.0125 2264 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:16:39.0127 2264 CmBatt - ok
11:16:39.0156 2264 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:16:39.0158 2264 cmdide - ok
11:16:39.0200 2264 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:16:39.0236 2264 CNG - ok
11:16:39.0291 2264 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:16:39.0293 2264 Compbatt - ok
11:16:39.0344 2264 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:16:39.0347 2264 CompositeBus - ok
11:16:39.0365 2264 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:16:39.0383 2264 crcdisk - ok
11:16:39.0425 2264 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:16:39.0433 2264 CSC - ok
11:16:39.0495 2264 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
11:16:39.0498 2264 CVirtA - ok
11:16:39.0546 2264 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
11:16:39.0569 2264 CVPNDRVA - ok
11:16:39.0630 2264 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:16:39.0634 2264 DfsC - ok
11:16:39.0674 2264 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:16:39.0676 2264 discache - ok
11:16:39.0708 2264 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:16:39.0710 2264 Disk - ok
11:16:39.0744 2264 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
11:16:39.0747 2264 DNE - ok
11:16:39.0813 2264 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
11:16:39.0830 2264 Dot4 - ok
11:16:39.0866 2264 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:16:39.0870 2264 Dot4Print - ok
11:16:39.0888 2264 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
11:16:39.0891 2264 dot4usb - ok
11:16:39.0931 2264 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:16:39.0946 2264 drmkaud - ok
11:16:39.0988 2264 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:16:39.0993 2264 dtsoftbus01 - ok
11:16:40.0034 2264 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:16:40.0076 2264 DXGKrnl - ok
11:16:40.0142 2264 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:16:40.0236 2264 ebdrv - ok
11:16:40.0328 2264 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:16:40.0336 2264 eeCtrl - ok
11:16:40.0412 2264 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:16:40.0421 2264 elxstor - ok
11:16:40.0458 2264 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:16:40.0462 2264 EraserUtilRebootDrv - ok
11:16:40.0498 2264 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:16:40.0501 2264 ErrDev - ok
11:16:40.0556 2264 ETD (05b0dcda418e297a1b4cd8d7b8ade403) C:\Windows\system32\DRIVERS\ETD.sys
11:16:40.0574 2264 ETD - ok
11:16:40.0640 2264 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:16:40.0644 2264 exfat - ok
11:16:40.0678 2264 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:16:40.0682 2264 fastfat - ok
11:16:40.0730 2264 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:16:40.0732 2264 fdc - ok
11:16:40.0769 2264 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:16:40.0773 2264 FileInfo - ok
11:16:40.0799 2264 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:16:40.0801 2264 Filetrace - ok
11:16:40.0831 2264 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:16:40.0833 2264 flpydisk - ok
11:16:40.0888 2264 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:16:40.0894 2264 FltMgr - ok
11:16:40.0960 2264 FLxHCIc (d0adbcf2a5316d23ef67dfaa02d5d544) C:\Windows\system32\DRIVERS\FLxHCIc.sys
11:16:40.0965 2264 FLxHCIc - ok
11:16:40.0993 2264 FLxHCIh (f9b6db9727ad2f14ecf84e43eb5279f7) C:\Windows\system32\DRIVERS\FLxHCIh.sys
11:16:41.0009 2264 FLxHCIh - ok
11:16:41.0079 2264 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:16:41.0082 2264 FsDepends - ok
11:16:41.0104 2264 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:16:41.0106 2264 Fs_Rec - ok
11:16:41.0171 2264 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:16:41.0175 2264 fvevol - ok
11:16:41.0219 2264 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:16:41.0222 2264 gagp30kx - ok
11:16:41.0288 2264 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:16:41.0296 2264 GEARAspiWDM - ok
11:16:41.0339 2264 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:16:41.0341 2264 hcw85cir - ok
11:16:41.0396 2264 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:16:41.0403 2264 HdAudAddService - ok
11:16:41.0464 2264 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:16:41.0467 2264 HDAudBus - ok
11:16:41.0498 2264 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:16:41.0513 2264 HidBatt - ok
11:16:41.0550 2264 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:16:41.0553 2264 HidBth - ok
11:16:41.0594 2264 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:16:41.0597 2264 HidIr - ok
11:16:41.0653 2264 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:16:41.0656 2264 HidUsb - ok
11:16:41.0729 2264 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:16:41.0732 2264 HpSAMD - ok
11:16:41.0808 2264 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:16:41.0828 2264 HTTP - ok
11:16:41.0873 2264 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:16:41.0876 2264 hwpolicy - ok
11:16:41.0951 2264 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:16:41.0954 2264 i8042prt - ok
11:16:42.0025 2264 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
11:16:42.0027 2264 iaStor - ok
11:16:42.0088 2264 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:16:42.0096 2264 iaStorV - ok
11:16:42.0234 2264 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvia64.sys
11:16:42.0242 2264 IDSVia64 - ok
11:16:42.0500 2264 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:16:42.0724 2264 igfx - ok
11:16:42.0778 2264 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:16:42.0781 2264 iirsp - ok
11:16:42.0874 2264 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
11:16:42.0950 2264 IntcAzAudAddService - ok
11:16:43.0019 2264 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:16:43.0035 2264 IntcDAud - ok
11:16:43.0080 2264 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:16:43.0083 2264 intelide - ok
11:16:43.0137 2264 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:16:43.0141 2264 intelppm - ok
11:16:43.0212 2264 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:16:43.0215 2264 IpFilterDriver - ok
11:16:43.0266 2264 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:16:43.0269 2264 IPMIDRV - ok
11:16:43.0321 2264 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:16:43.0324 2264 IPNAT - ok
11:16:43.0400 2264 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:16:43.0402 2264 IRENUM - ok
11:16:43.0449 2264 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:16:43.0451 2264 isapnp - ok
11:16:43.0487 2264 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:16:43.0492 2264 iScsiPrt - ok
11:16:43.0537 2264 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:16:43.0540 2264 kbdclass - ok
11:16:43.0585 2264 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:16:43.0596 2264 kbdhid - ok
11:16:43.0647 2264 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
11:16:43.0666 2264 kbfiltr - ok
11:16:43.0727 2264 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:16:43.0731 2264 KSecDD - ok
11:16:43.0774 2264 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:16:43.0779 2264 KSecPkg - ok
11:16:43.0819 2264 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:16:43.0821 2264 ksthunk - ok
11:16:43.0890 2264 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:16:43.0892 2264 lltdio - ok
11:16:43.0980 2264 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:16:43.0984 2264 LSI_FC - ok
11:16:44.0024 2264 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:16:44.0027 2264 LSI_SAS - ok
11:16:44.0054 2264 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:16:44.0069 2264 LSI_SAS2 - ok
11:16:44.0102 2264 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:16:44.0104 2264 LSI_SCSI - ok
11:16:44.0146 2264 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:16:44.0150 2264 luafv - ok
11:16:44.0194 2264 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:16:44.0197 2264 megasas - ok
11:16:44.0252 2264 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:16:44.0257 2264 MegaSR - ok
11:16:44.0300 2264 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
11:16:44.0302 2264 MEIx64 - ok
11:16:44.0326 2264 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:16:44.0327 2264 Modem - ok
11:16:44.0370 2264 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:16:44.0372 2264 monitor - ok
11:16:44.0434 2264 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:16:44.0437 2264 mouclass - ok
11:16:44.0477 2264 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:16:44.0479 2264 mouhid - ok
11:16:44.0546 2264 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:16:44.0550 2264 mountmgr - ok
11:16:44.0595 2264 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:16:44.0600 2264 mpio - ok
11:16:44.0643 2264 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:16:44.0657 2264 mpsdrv - ok
11:16:44.0730 2264 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:16:44.0735 2264 MRxDAV - ok
11:16:44.0786 2264 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:16:44.0802 2264 mrxsmb - ok
11:16:44.0878 2264 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:16:44.0883 2264 mrxsmb10 - ok
11:16:44.0929 2264 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:16:44.0954 2264 mrxsmb20 - ok
11:16:45.0006 2264 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:16:45.0009 2264 msahci - ok
11:16:45.0036 2264 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:16:45.0040 2264 msdsm - ok
11:16:45.0097 2264 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:16:45.0099 2264 Msfs - ok
11:16:45.0132 2264 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:16:45.0135 2264 mshidkmdf - ok
11:16:45.0253 2264 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:16:45.0256 2264 msisadrv - ok
11:16:45.0309 2264 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:16:45.0311 2264 MSKSSRV - ok
11:16:45.0348 2264 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:16:45.0351 2264 MSPCLOCK - ok
11:16:45.0380 2264 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:16:45.0382 2264 MSPQM - ok
11:16:45.0435 2264 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:16:45.0441 2264 MsRPC - ok
11:16:45.0485 2264 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:16:45.0487 2264 mssmbios - ok
11:16:45.0547 2264 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:16:45.0565 2264 MSTEE - ok
11:16:45.0639 2264 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:16:45.0641 2264 MTConfig - ok
11:16:45.0673 2264 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:16:45.0676 2264 Mup - ok
11:16:45.0764 2264 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:16:45.0789 2264 NativeWifiP - ok
11:16:46.0021 2264 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\ENG64.SYS
11:16:46.0024 2264 NAVENG - ok
11:16:46.0208 2264 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\EX64.SYS
11:16:46.0259 2264 NAVEX15 - ok
11:16:46.0373 2264 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:16:46.0399 2264 NDIS - ok
11:16:46.0451 2264 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:16:46.0454 2264 NdisCap - ok
11:16:46.0501 2264 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:16:46.0504 2264 NdisTapi - ok
11:16:46.0551 2264 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:16:46.0554 2264 Ndisuio - ok
11:16:46.0624 2264 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:16:46.0629 2264 NdisWan - ok
11:16:46.0698 2264 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:16:46.0701 2264 NDProxy - ok
11:16:46.0800 2264 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:16:46.0803 2264 NetBIOS - ok
11:16:46.0856 2264 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:16:46.0861 2264 NetBT - ok
11:16:46.0967 2264 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:16:46.0980 2264 nfrd960 - ok
11:16:47.0166 2264 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:16:47.0168 2264 Npfs - ok
11:16:47.0198 2264 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:16:47.0200 2264 nsiproxy - ok
11:16:47.0258 2264 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:16:47.0292 2264 Ntfs - ok
11:16:47.0369 2264 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:16:47.0371 2264 Null - ok
11:16:47.0809 2264 nvlddmkm (7328528daf9b8a486e16595a35043db0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:16:48.0093 2264 nvlddmkm - ok
11:16:48.0183 2264 nvpciflt (8ae5a124f3b65c3ec531d251a3e9c87f) C:\Windows\system32\DRIVERS\nvpciflt.sys
11:16:48.0186 2264 nvpciflt - ok
11:16:48.0242 2264 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:16:48.0259 2264 nvraid - ok
11:16:48.0299 2264 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:16:48.0302 2264 nvstor - ok
11:16:48.0359 2264 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:16:48.0362 2264 nv_agp - ok
11:16:48.0398 2264 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:16:48.0402 2264 ohci1394 - ok
11:16:48.0440 2264 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:16:48.0451 2264 Parport - ok
11:16:48.0502 2264 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:16:48.0505 2264 partmgr - ok
11:16:48.0556 2264 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:16:48.0560 2264 pci - ok
11:16:48.0605 2264 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:16:48.0608 2264 pciide - ok
11:16:48.0641 2264 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:16:48.0645 2264 pcmcia - ok
11:16:48.0674 2264 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:16:48.0676 2264 pcw - ok
11:16:48.0718 2264 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:16:48.0726 2264 PEAUTH - ok
11:16:48.0768 2264 pelmouse (7a64358cb01d67dad925d9003f582cbd) C:\Windows\system32\DRIVERS\pelmouse.sys
11:16:48.0770 2264 pelmouse - ok
11:16:48.0795 2264 pelusblf (03980fdaaed3eaf00e4a206f0a632b3d) C:\Windows\system32\DRIVERS\pelusblf.sys
11:16:48.0797 2264 pelusblf - ok
11:16:48.0864 2264 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
11:16:48.0867 2264 Point64 - ok
11:16:48.0935 2264 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:16:48.0938 2264 PptpMiniport - ok
11:16:48.0974 2264 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:16:48.0978 2264 Processor - ok
11:16:49.0040 2264 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:16:49.0043 2264 Psched - ok
11:16:49.0109 2264 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:16:49.0143 2264 ql2300 - ok
11:16:49.0179 2264 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:16:49.0196 2264 ql40xx - ok
11:16:49.0239 2264 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:16:49.0241 2264 QWAVEdrv - ok
11:16:49.0260 2264 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:16:49.0261 2264 RasAcd - ok
11:16:49.0308 2264 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:16:49.0310 2264 RasAgileVpn - ok
11:16:49.0361 2264 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:16:49.0364 2264 Rasl2tp - ok
11:16:49.0394 2264 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:16:49.0396 2264 RasPppoe - ok
11:16:49.0425 2264 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:16:49.0428 2264 RasSstp - ok
11:16:49.0467 2264 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:16:49.0472 2264 rdbss - ok
11:16:49.0496 2264 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:16:49.0498 2264 rdpbus - ok
11:16:49.0539 2264 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:16:49.0541 2264 RDPCDD - ok
11:16:49.0593 2264 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:16:49.0596 2264 RDPDR - ok
11:16:49.0672 2264 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:16:49.0679 2264 RDPENCDD - ok
11:16:49.0838 2264 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:16:49.0839 2264 RDPREFMP - ok
11:16:49.0984 2264 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
11:16:49.0986 2264 RdpVideoMiniport - ok
11:16:50.0032 2264 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:16:50.0036 2264 RDPWD - ok
11:16:50.0109 2264 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:16:50.0113 2264 rdyboost - ok
11:16:50.0166 2264 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:16:50.0170 2264 RFCOMM - ok
11:16:50.0202 2264 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:16:50.0214 2264 rspndr - ok
11:16:50.0282 2264 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:16:50.0304 2264 RTL8167 - ok
11:16:50.0352 2264 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:16:50.0356 2264 sbp2port - ok
11:16:50.0410 2264 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:16:50.0412 2264 scfilter - ok
11:16:50.0465 2264 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:16:50.0467 2264 secdrv - ok
11:16:50.0516 2264 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:16:50.0519 2264 Serenum - ok
11:16:50.0556 2264 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:16:50.0559 2264 Serial - ok
11:16:50.0605 2264 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:16:50.0608 2264 sermouse - ok
11:16:50.0645 2264 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:16:50.0656 2264 sffdisk - ok
11:16:50.0688 2264 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:16:50.0690 2264 sffp_mmc - ok
11:16:50.0719 2264 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:16:50.0722 2264 sffp_sd - ok
11:16:50.0766 2264 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:16:50.0769 2264 sfloppy - ok
11:16:50.0804 2264 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
11:16:50.0807 2264 SiSGbeLH - ok
11:16:50.0828 2264 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:16:50.0830 2264 SiSRaid2 - ok
11:16:50.0865 2264 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:16:50.0868 2264 SiSRaid4 - ok
11:16:50.0915 2264 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:16:50.0917 2264 Smb - ok
11:16:50.0961 2264 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:16:50.0963 2264 spldr - ok
11:16:51.0058 2264 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
11:16:51.0075 2264 SRTSP - ok
11:16:51.0115 2264 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
11:16:51.0128 2264 SRTSPX - ok
11:16:51.0174 2264 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:16:51.0203 2264 srv - ok
11:16:51.0244 2264 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:16:51.0250 2264 srv2 - ok
11:16:51.0288 2264 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:16:51.0305 2264 srvnet - ok
11:16:51.0363 2264 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:16:51.0366 2264 stexstor - ok
11:16:51.0415 2264 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:16:51.0429 2264 swenum - ok
11:16:51.0535 2264 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
11:16:51.0569 2264 SymDS - ok
11:16:51.0614 2264 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
11:16:51.0655 2264 SymEFA - ok
11:16:51.0721 2264 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:16:51.0725 2264 SymEvent - ok
11:16:51.0794 2264 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
11:16:51.0799 2264 SymIRON - ok
11:16:51.0846 2264 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
11:16:51.0852 2264 SymNetS - ok
11:16:51.0882 2264 Synth3dVsc - ok
11:16:51.0970 2264 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:16:52.0028 2264 Tcpip - ok
11:16:52.0118 2264 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:16:52.0127 2264 TCPIP6 - ok
11:16:52.0171 2264 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:16:52.0174 2264 tcpipreg - ok
11:16:52.0208 2264 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:16:52.0221 2264 TDPIPE - ok
11:16:52.0414 2264 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:16:52.0417 2264 TDTCP - ok
11:16:52.0471 2264 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:16:52.0474 2264 tdx - ok
11:16:52.0517 2264 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:16:52.0520 2264 TermDD - ok
11:16:52.0585 2264 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:16:52.0588 2264 tssecsrv - ok
11:16:52.0640 2264 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:16:52.0643 2264 TsUsbFlt - ok
11:16:52.0666 2264 tsusbhub - ok
11:16:52.0722 2264 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:16:52.0725 2264 tunnel - ok
11:16:52.0768 2264 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
11:16:52.0775 2264 TurboB - ok
11:16:52.0819 2264 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:16:52.0823 2264 uagp35 - ok
11:16:52.0875 2264 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:16:52.0881 2264 udfs - ok
11:16:52.0931 2264 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:16:52.0934 2264 uliagpkx - ok
11:16:52.0965 2264 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:16:52.0967 2264 umbus - ok
11:16:53.0000 2264 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:16:53.0003 2264 UmPass - ok
11:16:53.0048 2264 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:16:53.0051 2264 usbccgp - ok
11:16:53.0080 2264 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:16:53.0083 2264 usbcir - ok
11:16:53.0132 2264 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:16:53.0134 2264 usbehci - ok
11:16:53.0185 2264 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:16:53.0191 2264 usbhub - ok
11:16:53.0229 2264 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:16:53.0231 2264 usbohci - ok
11:16:53.0278 2264 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:16:53.0292 2264 usbprint - ok
11:16:53.0340 2264 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:16:53.0355 2264 usbscan - ok
11:16:53.0404 2264 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:16:53.0407 2264 USBSTOR - ok
11:16:53.0440 2264 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:16:53.0443 2264 usbuhci - ok
11:16:53.0493 2264 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:16:53.0496 2264 usbvideo - ok
11:16:53.0530 2264 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
11:16:53.0555 2264 usb_rndisx - ok
11:16:53.0604 2264 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:16:53.0607 2264 vdrvroot - ok
11:16:53.0649 2264 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:16:53.0652 2264 vga - ok
11:16:53.0683 2264 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:16:53.0685 2264 VgaSave - ok
11:16:53.0714 2264 VGPU - ok
11:16:53.0748 2264 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:16:53.0753 2264 vhdmp - ok
11:16:53.0793 2264 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:16:53.0796 2264 viaide - ok
11:16:53.0837 2264 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:16:53.0841 2264 volmgr - ok
11:16:53.0899 2264 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:16:53.0905 2264 volmgrx - ok
11:16:53.0933 2264 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:16:53.0938 2264 volsnap - ok
11:16:53.0987 2264 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:16:53.0991 2264 vsmraid - ok
11:16:54.0038 2264 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:16:54.0041 2264 vwifibus - ok
11:16:54.0072 2264 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:16:54.0074 2264 vwififlt - ok
11:16:54.0120 2264 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:16:54.0123 2264 vwifimp - ok
11:16:54.0161 2264 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:16:54.0163 2264 WacomPen - ok
11:16:54.0232 2264 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:16:54.0235 2264 WANARP - ok
11:16:54.0239 2264 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:16:54.0240 2264 Wanarpv6 - ok
11:16:54.0287 2264 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:16:54.0303 2264 Wd - ok
11:16:54.0346 2264 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:16:54.0363 2264 Wdf01000 - ok
11:16:54.0399 2264 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:16:54.0401 2264 WfpLwf - ok
11:16:54.0469 2264 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
11:16:54.0473 2264 WimFltr - ok
11:16:54.0507 2264 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:16:54.0509 2264 WIMMount - ok
11:16:54.0589 2264 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:16:54.0590 2264 WmiAcpi - ok
11:16:54.0626 2264 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:16:54.0628 2264 ws2ifsl - ok
11:16:54.0686 2264 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:16:54.0703 2264 WSDPrintDevice - ok
11:16:54.0758 2264 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:16:54.0760 2264 WudfPf - ok
11:16:54.0795 2264 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:16:54.0800 2264 WUDFRd - ok
11:16:54.0829 2264 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
11:16:54.0861 2264 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:16:54.0861 2264 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:16:54.0904 2264 Boot (0x1200) (a76b6a2af9815e2e1f641dff1ae32783) \Device\Harddisk0\DR0\Partition0
11:16:54.0906 2264 \Device\Harddisk0\DR0\Partition0 - ok
11:16:54.0923 2264 Boot (0x1200) (7b56c55d99e128770e4ed3809da5f27c) \Device\Harddisk0\DR0\Partition1
11:16:54.0925 2264 \Device\Harddisk0\DR0\Partition1 - ok
11:16:54.0925 2264 ============================================================
11:16:54.0925 2264 Scan finished
11:16:54.0925 2264 ============================================================
11:16:54.0927 2088 Detected object count: 1
11:16:54.0927 2088 Actual detected object count: 1
11:17:12.0379 2088 \Device\Harddisk0\DR0\# - copied to quarantine
11:17:12.0379 2088 \Device\Harddisk0\DR0 - copied to quarantine
11:17:12.0468 2088 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:17:12.0471 2088 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:17:12.0481 2088 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:17:12.0513 2088 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:17:12.0548 2088 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:17:12.0567 2088 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:17:12.0569 2088 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:17:12.0571 2088 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:17:12.0573 2088 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:17:12.0577 2088 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:17:12.0581 2088 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:17:12.0584 2088 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:17:12.0615 2088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
11:17:12.0618 2088 \Device\Harddisk0\DR0 - ok
11:17:12.0619 2088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

[Elise]

Your AV only detected this when it was quarantined by TDSSkiller most likely.

COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[mandre87]

First off, thank you for all your help so far! I did not get a prompt for the recovery console, but the combofix gets stuck at "Completed Stage_4". I've downloaded/redownloaded/reran it three times. I turned off pretty much everything that my Norton 360 antivirus does.

Suggestions?

[mandre87]

I got it to work! I'm still getting random problems from the virus: My startup is back to normal, but my wireless adapter is disabled on every startup. I have to turn it off/on again for it to start working. Also, SCVhost.exe still comes up as the most memory using process on my computer.

Here is the log:

ComboFix 12-03-10.02 - Mark 03/10/2012 20:05:43.4.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4007.2286 [GMT -8:00]
Running from: c:\users\Mark\Desktop\ComboFix2.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-11 04:12 . 2012-03-11 04:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-11 04:12 . 2012-03-11 04:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 19:17 . 2012-03-10 19:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-10 00:06 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B380895-31F5-4D69-B19F-B63041378905}\mpengine.dll
2012-03-09 16:27 . 2012-03-09 16:27 -------- d-----w- c:\users\Mark\AppData\Local\ElevatedDiagnostics
2012-03-08 08:10 . 2012-03-08 08:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\3433.tmp
2012-03-08 08:10 . 2012-03-08 08:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\3413.tmp
2012-03-02 06:59 . 2012-03-08 23:37 -------- d-----w- C:\Riot Games
2012-02-15 18:30 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 18:30 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 18:30 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 18:30 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 18:30 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 18:30 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 18:30 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 18:30 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 04:01 . 2011-05-27 13:42 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-02-23 17:18 . 2011-12-19 18:57 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-17 02:34 . 2011-12-17 02:33 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 296088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 51445112]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 135664]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvia64.sys [2012-03-07 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-14 2009704]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-09 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 18:58]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 18:58]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1025305619-3755157546-3709387571-1002Core.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 16:45]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1025305619-3755157546-3709387571-1002UA.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 16:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856]
"AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Mouse Suite 98 Daemon"="c:\program files\Rocketfish 2.4GHz Ergo Laser Mouse Driver\ICO.EXE" [2009-04-23 118272]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-22 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-22 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-22 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\796abxhh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-10 20:14:03
ComboFix-quarantined-files.txt 2012-03-11 04:14
.
Pre-Run: 15,468,834,816 bytes free
Post-Run: 16,440,680,448 bytes free
.
- - End Of File - - 3D614FF9F3289CF9A09AC25A2B1A7414

[Elise]

Can you please rerun TDSSkiller and let me know if it still detects something?

[mandre87]

Nothing was detected, here is the log:

00:08:17.0026 1372 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
00:08:18.0335 1372 ============================================================
00:08:18.0335 1372 Current date / time: 2012/03/11 00:08:18.0335
00:08:18.0335 1372 SystemInfo:
00:08:18.0335 1372
00:08:18.0335 1372 OS Version: 6.1.7601 ServicePack: 1.0
00:08:18.0335 1372 Product type: Workstation
00:08:18.0336 1372 ComputerName: MARK-PC
00:08:18.0336 1372 UserName: Mark
00:08:18.0336 1372 Windows directory: C:\Windows
00:08:18.0336 1372 System windows directory: C:\Windows
00:08:18.0336 1372 Running under WOW64
00:08:18.0336 1372 Processor architecture: Intel x64
00:08:18.0336 1372 Number of processors: 8
00:08:18.0336 1372 Page size: 0x1000
00:08:18.0336 1372 Boot type: Normal boot
00:08:18.0336 1372 ============================================================
00:08:19.0040 1372 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:08:19.0046 1372 \Device\Harddisk0\DR0:
00:08:19.0046 1372 MBR used
00:08:19.0046 1372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0xE8E0909
00:08:19.0065 1372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x113DB000, BlocksNum 0x28FAA800
00:08:19.0145 1372 Initialize success
00:08:19.0145 1372 ============================================================
00:08:21.0176 2916 ============================================================
00:08:21.0176 2916 Scan started
00:08:21.0176 2916 Mode: Manual;
00:08:21.0176 2916 ============================================================
00:08:23.0666 2916 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:08:23.0671 2916 1394ohci - ok
00:08:23.0726 2916 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:08:23.0759 2916 ACPI - ok
00:08:23.0803 2916 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:08:23.0821 2916 AcpiPmi - ok
00:08:23.0924 2916 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:08:23.0944 2916 adp94xx - ok
00:08:23.0993 2916 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:08:23.0999 2916 adpahci - ok
00:08:24.0041 2916 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:08:24.0046 2916 adpu320 - ok
00:08:24.0132 2916 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:08:24.0140 2916 AFD - ok
00:08:24.0186 2916 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:08:24.0203 2916 agp440 - ok
00:08:24.0259 2916 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:08:24.0271 2916 aliide - ok
00:08:24.0313 2916 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:08:24.0316 2916 amdide - ok
00:08:24.0363 2916 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:08:24.0379 2916 AmdK8 - ok
00:08:24.0418 2916 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:08:24.0421 2916 AmdPPM - ok
00:08:24.0469 2916 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:08:24.0472 2916 amdsata - ok
00:08:24.0506 2916 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:08:24.0511 2916 amdsbs - ok
00:08:24.0544 2916 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:08:24.0546 2916 amdxata - ok
00:08:24.0615 2916 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
00:08:24.0625 2916 AmUStor - ok
00:08:24.0688 2916 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:08:24.0706 2916 AppID - ok
00:08:24.0807 2916 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:08:24.0810 2916 arc - ok
00:08:24.0842 2916 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:08:24.0846 2916 arcsas - ok
00:08:24.0908 2916 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
00:08:24.0927 2916 ASMMAP64 - ok
00:08:24.0971 2916 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:08:24.0973 2916 AsyncMac - ok
00:08:25.0036 2916 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:08:25.0054 2916 atapi - ok
00:08:25.0104 2916 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
00:08:25.0108 2916 AthBTPort - ok
00:08:25.0205 2916 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
00:08:25.0263 2916 athr - ok
00:08:25.0343 2916 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
00:08:25.0368 2916 ATKWMIACPIIO - ok
00:08:25.0457 2916 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:08:25.0490 2916 b06bdrv - ok
00:08:25.0533 2916 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:08:25.0538 2916 b57nd60a - ok
00:08:25.0579 2916 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:08:25.0591 2916 Beep - ok
00:08:25.0768 2916 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys
00:08:25.0793 2916 BHDrvx64 - ok
00:08:25.0846 2916 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:08:25.0849 2916 blbdrive - ok
00:08:25.0930 2916 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:08:25.0945 2916 bowser - ok
00:08:25.0986 2916 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:08:25.0988 2916 BrFiltLo - ok
00:08:26.0021 2916 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:08:26.0023 2916 BrFiltUp - ok
00:08:26.0081 2916 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:08:26.0084 2916 BridgeMP - ok
00:08:26.0137 2916 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:08:26.0143 2916 Brserid - ok
00:08:26.0178 2916 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:08:26.0181 2916 BrSerWdm - ok
00:08:26.0202 2916 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:08:26.0204 2916 BrUsbMdm - ok
00:08:26.0227 2916 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:08:26.0229 2916 BrUsbSer - ok
00:08:26.0280 2916 BTATH_A2DP (227c8f308de4af4808e587465ceab838) C:\Windows\system32\drivers\btath_a2dp.sys
00:08:26.0285 2916 BTATH_A2DP - ok
00:08:26.0333 2916 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
00:08:26.0350 2916 BTATH_BUS - ok
00:08:26.0394 2916 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
00:08:26.0399 2916 BTATH_HCRP - ok
00:08:26.0443 2916 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
00:08:26.0446 2916 BTATH_LWFLT - ok
00:08:26.0478 2916 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
00:08:26.0483 2916 BTATH_RCP - ok
00:08:26.0529 2916 BtFilter (0f4c980b9612abdb25bcabf0c660c058) C:\Windows\system32\DRIVERS\btfilter.sys
00:08:26.0535 2916 BtFilter - ok
00:08:26.0586 2916 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
00:08:26.0603 2916 BthEnum - ok
00:08:26.0759 2916 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:08:26.0761 2916 BTHMODEM - ok
00:08:26.0778 2916 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:08:26.0782 2916 BthPan - ok
00:08:26.0813 2916 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
00:08:26.0822 2916 BTHPORT - ok
00:08:26.0859 2916 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
00:08:26.0862 2916 BTHUSB - ok
00:08:26.0882 2916 catchme - ok
00:08:26.0908 2916 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:08:26.0911 2916 cdfs - ok
00:08:26.0959 2916 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:08:26.0973 2916 cdrom - ok
00:08:27.0011 2916 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:08:27.0014 2916 circlass - ok
00:08:27.0051 2916 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:08:27.0057 2916 CLFS - ok
00:08:27.0141 2916 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:08:27.0143 2916 CmBatt - ok
00:08:27.0171 2916 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:08:27.0174 2916 cmdide - ok
00:08:27.0222 2916 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:08:27.0229 2916 CNG - ok
00:08:27.0257 2916 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:08:27.0260 2916 Compbatt - ok
00:08:27.0310 2916 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:08:27.0313 2916 CompositeBus - ok
00:08:27.0331 2916 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:08:27.0349 2916 crcdisk - ok
00:08:27.0416 2916 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:08:27.0424 2916 CSC - ok
00:08:27.0503 2916 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
00:08:27.0505 2916 CVirtA - ok
00:08:27.0562 2916 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
00:08:27.0585 2916 CVPNDRVA - ok
00:08:27.0664 2916 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:08:27.0667 2916 DfsC - ok
00:08:27.0707 2916 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:08:27.0710 2916 discache - ok
00:08:27.0757 2916 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:08:27.0761 2916 Disk - ok
00:08:27.0801 2916 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
00:08:27.0821 2916 DNE - ok
00:08:27.0888 2916 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
00:08:27.0904 2916 Dot4 - ok
00:08:27.0941 2916 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:08:27.0943 2916 Dot4Print - ok
00:08:27.0979 2916 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
00:08:27.0982 2916 dot4usb - ok
00:08:28.0022 2916 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:08:28.0024 2916 drmkaud - ok
00:08:28.0087 2916 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:08:28.0099 2916 dtsoftbus01 - ok
00:08:28.0150 2916 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:08:28.0192 2916 DXGKrnl - ok
00:08:28.0274 2916 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:08:28.0358 2916 ebdrv - ok
00:08:28.0444 2916 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:08:28.0451 2916 eeCtrl - ok
00:08:28.0520 2916 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:08:28.0528 2916 elxstor - ok
00:08:28.0565 2916 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:08:28.0584 2916 EraserUtilRebootDrv - ok
00:08:28.0630 2916 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:08:28.0632 2916 ErrDev - ok
00:08:28.0688 2916 ETD (05b0dcda418e297a1b4cd8d7b8ade403) C:\Windows\system32\DRIVERS\ETD.sys
00:08:28.0706 2916 ETD - ok
00:08:28.0764 2916 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:08:28.0775 2916 exfat - ok
00:08:28.0802 2916 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:08:28.0806 2916 fastfat - ok
00:08:28.0845 2916 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:08:28.0848 2916 fdc - ok
00:08:28.0885 2916 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:08:28.0888 2916 FileInfo - ok
00:08:28.0914 2916 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:08:28.0917 2916 Filetrace - ok
00:08:28.0946 2916 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:08:28.0957 2916 flpydisk - ok
00:08:29.0020 2916 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:08:29.0027 2916 FltMgr - ok
00:08:29.0092 2916 FLxHCIc (d0adbcf2a5316d23ef67dfaa02d5d544) C:\Windows\system32\DRIVERS\FLxHCIc.sys
00:08:29.0106 2916 FLxHCIc - ok
00:08:29.0141 2916 FLxHCIh (f9b6db9727ad2f14ecf84e43eb5279f7) C:\Windows\system32\DRIVERS\FLxHCIh.sys
00:08:29.0157 2916 FLxHCIh - ok
00:08:29.0228 2916 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:08:29.0231 2916 FsDepends - ok
00:08:29.0253 2916 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:08:29.0268 2916 Fs_Rec - ok
00:08:29.0336 2916 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:08:29.0341 2916 fvevol - ok
00:08:29.0384 2916 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:08:29.0387 2916 gagp30kx - ok
00:08:29.0453 2916 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:08:29.0472 2916 GEARAspiWDM - ok
00:08:29.0520 2916 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:08:29.0523 2916 hcw85cir - ok
00:08:29.0578 2916 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:08:29.0596 2916 HdAudAddService - ok
00:08:29.0646 2916 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:08:29.0649 2916 HDAudBus - ok
00:08:29.0679 2916 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:08:29.0695 2916 HidBatt - ok
00:08:29.0732 2916 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:08:29.0735 2916 HidBth - ok
00:08:29.0775 2916 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:08:29.0778 2916 HidIr - ok
00:08:29.0818 2916 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:08:29.0821 2916 HidUsb - ok
00:08:29.0894 2916 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:08:29.0897 2916 HpSAMD - ok
00:08:29.0973 2916 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:08:29.0993 2916 HTTP - ok
00:08:30.0038 2916 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:08:30.0055 2916 hwpolicy - ok
00:08:30.0108 2916 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:08:30.0111 2916 i8042prt - ok
00:08:30.0165 2916 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
00:08:30.0167 2916 iaStor - ok
00:08:30.0254 2916 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:08:30.0260 2916 iaStorV - ok
00:08:30.0415 2916 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvia64.sys
00:08:30.0422 2916 IDSVia64 - ok
00:08:30.0657 2916 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:08:30.0849 2916 igfx - ok
00:08:30.0910 2916 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:08:30.0913 2916 iirsp - ok
00:08:30.0999 2916 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
00:08:31.0074 2916 IntcAzAudAddService - ok
00:08:31.0142 2916 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:08:31.0158 2916 IntcDAud - ok
00:08:31.0203 2916 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:08:31.0206 2916 intelide - ok
00:08:31.0245 2916 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:08:31.0261 2916 intelppm - ok
00:08:31.0336 2916 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:08:31.0339 2916 IpFilterDriver - ok
00:08:31.0374 2916 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:08:31.0377 2916 IPMIDRV - ok
00:08:31.0412 2916 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:08:31.0415 2916 IPNAT - ok
00:08:31.0466 2916 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:08:31.0468 2916 IRENUM - ok
00:08:31.0499 2916 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:08:31.0501 2916 isapnp - ok
00:08:31.0536 2916 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:08:31.0542 2916 iScsiPrt - ok
00:08:31.0570 2916 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:08:31.0573 2916 kbdclass - ok
00:08:31.0602 2916 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:08:31.0613 2916 kbdhid - ok
00:08:31.0672 2916 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
00:08:31.0691 2916 kbfiltr - ok
00:08:31.0752 2916 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:08:31.0766 2916 KSecDD - ok
00:08:31.0824 2916 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:08:31.0828 2916 KSecPkg - ok
00:08:31.0869 2916 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:08:31.0871 2916 ksthunk - ok
00:08:31.0923 2916 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:08:31.0926 2916 lltdio - ok
00:08:31.0988 2916 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:08:31.0992 2916 LSI_FC - ok
00:08:32.0033 2916 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:08:32.0036 2916 LSI_SAS - ok
00:08:32.0062 2916 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:08:32.0077 2916 LSI_SAS2 - ok
00:08:32.0110 2916 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:08:32.0113 2916 LSI_SCSI - ok
00:08:32.0146 2916 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:08:32.0150 2916 luafv - ok
00:08:32.0178 2916 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:08:32.0180 2916 megasas - ok
00:08:32.0219 2916 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:08:32.0224 2916 MegaSR - ok
00:08:32.0259 2916 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
00:08:32.0262 2916 MEIx64 - ok
00:08:32.0284 2916 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:08:32.0286 2916 Modem - ok
00:08:32.0313 2916 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:08:32.0315 2916 monitor - ok
00:08:32.0352 2916 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:08:32.0355 2916 mouclass - ok
00:08:32.0386 2916 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:08:32.0389 2916 mouhid - ok
00:08:32.0430 2916 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:08:32.0433 2916 mountmgr - ok
00:08:32.0471 2916 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:08:32.0476 2916 mpio - ok
00:08:32.0503 2916 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:08:32.0517 2916 mpsdrv - ok
00:08:32.0574 2916 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:08:32.0578 2916 MRxDAV - ok
00:08:32.0629 2916 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:08:32.0646 2916 mrxsmb - ok
00:08:32.0688 2916 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:08:32.0694 2916 mrxsmb10 - ok
00:08:32.0723 2916 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:08:32.0727 2916 mrxsmb20 - ok
00:08:32.0767 2916 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:08:32.0769 2916 msahci - ok
00:08:32.0805 2916 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:08:32.0809 2916 msdsm - ok
00:08:32.0858 2916 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:08:32.0860 2916 Msfs - ok
00:08:32.0893 2916 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:08:32.0896 2916 mshidkmdf - ok
00:08:32.0939 2916 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:08:32.0942 2916 msisadrv - ok
00:08:32.0979 2916 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:08:32.0981 2916 MSKSSRV - ok
00:08:33.0035 2916 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:08:33.0037 2916 MSPCLOCK - ok
00:08:33.0067 2916 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:08:33.0069 2916 MSPQM - ok
00:08:33.0122 2916 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:08:33.0128 2916 MsRPC - ok
00:08:33.0155 2916 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:08:33.0158 2916 mssmbios - ok
00:08:33.0184 2916 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:08:33.0202 2916 MSTEE - ok
00:08:33.0233 2916 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:08:33.0234 2916 MTConfig - ok
00:08:33.0269 2916 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:08:33.0272 2916 Mup - ok
00:08:33.0335 2916 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:08:33.0349 2916 NativeWifiP - ok
00:08:33.0542 2916 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\ENG64.SYS
00:08:33.0546 2916 NAVENG - ok
00:08:33.0606 2916 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\EX64.SYS
00:08:33.0658 2916 NAVEX15 - ok
00:08:33.0780 2916 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:08:33.0800 2916 NDIS - ok
00:08:33.0841 2916 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:08:33.0843 2916 NdisCap - ok
00:08:33.0883 2916 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:08:33.0885 2916 NdisTapi - ok
00:08:33.0924 2916 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:08:33.0943 2916 Ndisuio - ok
00:08:33.0997 2916 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:08:34.0002 2916 NdisWan - ok
00:08:34.0046 2916 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:08:34.0049 2916 NDProxy - ok
00:08:34.0099 2916 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:08:34.0102 2916 NetBIOS - ok
00:08:34.0154 2916 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:08:34.0168 2916 NetBT - ok
00:08:34.0223 2916 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:08:34.0245 2916 nfrd960 - ok
00:08:34.0307 2916 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:08:34.0309 2916 Npfs - ok
00:08:34.0339 2916 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:08:34.0341 2916 nsiproxy - ok
00:08:34.0399 2916 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:08:34.0450 2916 Ntfs - ok
00:08:34.0477 2916 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:08:34.0479 2916 Null - ok
00:08:34.0745 2916 nvlddmkm (7328528daf9b8a486e16595a35043db0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:08:34.0980 2916 nvlddmkm - ok
00:08:35.0028 2916 nvpciflt (8ae5a124f3b65c3ec531d251a3e9c87f) C:\Windows\system32\DRIVERS\nvpciflt.sys
00:08:35.0046 2916 nvpciflt - ok
00:08:35.0110 2916 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:08:35.0115 2916 nvraid - ok
00:08:35.0159 2916 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:08:35.0164 2916 nvstor - ok
00:08:35.0277 2916 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:08:35.0280 2916 nv_agp - ok
00:08:35.0317 2916 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:08:35.0320 2916 ohci1394 - ok
00:08:35.0366 2916 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:08:35.0378 2916 Parport - ok
00:08:35.0429 2916 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:08:35.0432 2916 partmgr - ok
00:08:35.0474 2916 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:08:35.0479 2916 pci - ok
00:08:35.0531 2916 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:08:35.0534 2916 pciide - ok
00:08:35.0568 2916 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:08:35.0573 2916 pcmcia - ok
00:08:35.0600 2916 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:08:35.0603 2916 pcw - ok
00:08:35.0644 2916 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:08:35.0653 2916 PEAUTH - ok
00:08:35.0694 2916 pelmouse (7a64358cb01d67dad925d9003f582cbd) C:\Windows\system32\DRIVERS\pelmouse.sys
00:08:35.0697 2916 pelmouse - ok
00:08:35.0722 2916 pelusblf (03980fdaaed3eaf00e4a206f0a632b3d) C:\Windows\system32\DRIVERS\pelusblf.sys
00:08:35.0724 2916 pelusblf - ok
00:08:35.0807 2916 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
00:08:35.0810 2916 Point64 - ok
00:08:35.0878 2916 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:08:35.0912 2916 PptpMiniport - ok
00:08:35.0950 2916 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:08:35.0953 2916 Processor - ok
00:08:36.0008 2916 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:08:36.0011 2916 Psched - ok
00:08:36.0077 2916 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:08:36.0111 2916 ql2300 - ok
00:08:36.0147 2916 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:08:36.0164 2916 ql40xx - ok
00:08:36.0206 2916 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:08:36.0209 2916 QWAVEdrv - ok
00:08:36.0245 2916 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:08:36.0246 2916 RasAcd - ok
00:08:36.0300 2916 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:08:36.0303 2916 RasAgileVpn - ok
00:08:36.0353 2916 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:08:36.0357 2916 Rasl2tp - ok
00:08:36.0386 2916 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:08:36.0389 2916 RasPppoe - ok
00:08:36.0418 2916 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:08:36.0421 2916 RasSstp - ok
00:08:36.0460 2916 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:08:36.0466 2916 rdbss - ok
00:08:36.0488 2916 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:08:36.0491 2916 rdpbus - ok
00:08:36.0524 2916 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:08:36.0534 2916 RDPCDD - ok
00:08:36.0584 2916 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:08:36.0598 2916 RDPDR - ok
00:08:36.0632 2916 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:08:36.0634 2916 RDPENCDD - ok
00:08:36.0660 2916 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:08:36.0663 2916 RDPREFMP - ok
00:08:36.0737 2916 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
00:08:36.0739 2916 RdpVideoMiniport - ok
00:08:36.0786 2916 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:08:36.0790 2916 RDPWD - ok
00:08:36.0829 2916 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:08:36.0834 2916 rdyboost - ok
00:08:36.0878 2916 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:08:36.0882 2916 RFCOMM - ok
00:08:36.0914 2916 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:08:36.0929 2916 rspndr - ok
00:08:36.0986 2916 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:08:37.0008 2916 RTL8167 - ok
00:08:37.0056 2916 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:08:37.0060 2916 sbp2port - ok
00:08:37.0114 2916 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:08:37.0116 2916 scfilter - ok
00:08:37.0177 2916 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:08:37.0180 2916 secdrv - ok
00:08:37.0228 2916 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:08:37.0231 2916 Serenum - ok
00:08:37.0268 2916 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:08:37.0270 2916 Serial - ok
00:08:37.0317 2916 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:08:37.0320 2916 sermouse - ok
00:08:37.0357 2916 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:08:37.0368 2916 sffdisk - ok
00:08:37.0400 2916 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:08:37.0402 2916 sffp_mmc - ok
00:08:37.0431 2916 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:08:37.0434 2916 sffp_sd - ok
00:08:37.0469 2916 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:08:37.0482 2916 sfloppy - ok
00:08:37.0557 2916 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
00:08:37.0560 2916 SiSGbeLH - ok
00:08:37.0590 2916 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:08:37.0591 2916 SiSRaid2 - ok
00:08:37.0626 2916 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:08:37.0629 2916 SiSRaid4 - ok
00:08:37.0668 2916 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:08:37.0671 2916 Smb - ok
00:08:37.0714 2916 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:08:37.0717 2916 spldr - ok
00:08:37.0844 2916 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
00:08:37.0861 2916 SRTSP - ok
00:08:37.0893 2916 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
00:08:37.0895 2916 SRTSPX - ok
00:08:37.0944 2916 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:08:37.0973 2916 srv - ok
00:08:38.0014 2916 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:08:38.0021 2916 srv2 - ok
00:08:38.0067 2916 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:08:38.0071 2916 srvnet - ok
00:08:38.0124 2916 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:08:38.0127 2916 stexstor - ok
00:08:38.0177 2916 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:08:38.0180 2916 swenum - ok
00:08:38.0281 2916 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
00:08:38.0289 2916 SymDS - ok
00:08:38.0326 2916 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
00:08:38.0351 2916 SymEFA - ok
00:08:38.0409 2916 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:08:38.0413 2916 SymEvent - ok
00:08:38.0506 2916 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
00:08:38.0511 2916 SymIRON - ok
00:08:38.0566 2916 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
00:08:38.0573 2916 SymNetS - ok
00:08:38.0603 2916 Synth3dVsc - ok
00:08:38.0699 2916 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:08:38.0757 2916 Tcpip - ok
00:08:38.0814 2916 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:08:38.0823 2916 TCPIP6 - ok
00:08:38.0883 2916 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:08:38.0900 2916 tcpipreg - ok
00:08:38.0961 2916 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:08:38.0974 2916 TDPIPE - ok
00:08:39.0013 2916 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:08:39.0016 2916 TDTCP - ok
00:08:39.0076 2916 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:08:39.0079 2916 tdx - ok
00:08:39.0114 2916 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:08:39.0116 2916 TermDD - ok
00:08:39.0182 2916 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:08:39.0184 2916 tssecsrv - ok
00:08:39.0236 2916 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:08:39.0239 2916 TsUsbFlt - ok
00:08:39.0263 2916 tsusbhub - ok
00:08:39.0319 2916 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:08:39.0322 2916 tunnel - ok
00:08:39.0365 2916 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
00:08:39.0374 2916 TurboB - ok
00:08:39.0415 2916 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:08:39.0418 2916 uagp35 - ok
00:08:39.0480 2916 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:08:39.0486 2916 udfs - ok
00:08:39.0643 2916 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:08:39.0648 2916 uliagpkx - ok
00:08:39.0743 2916 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:08:39.0746 2916 umbus - ok
00:08:39.0787 2916 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:08:39.0789 2916 UmPass - ok
00:08:39.0842 2916 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:08:39.0845 2916 usbccgp - ok
00:08:39.0883 2916 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:08:39.0886 2916 usbcir - ok
00:08:39.0926 2916 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:08:39.0929 2916 usbehci - ok
00:08:39.0971 2916 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:08:39.0977 2916 usbhub - ok
00:08:40.0015 2916 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:08:40.0018 2916 usbohci - ok
00:08:40.0073 2916 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:08:40.0086 2916 usbprint - ok
00:08:40.0134 2916 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:08:40.0137 2916 usbscan - ok
00:08:40.0182 2916 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:08:40.0185 2916 USBSTOR - ok
00:08:40.0226 2916 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:08:40.0239 2916 usbuhci - ok
00:08:40.0296 2916 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
00:08:40.0301 2916 usbvideo - ok
00:08:40.0349 2916 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
00:08:40.0358 2916 usb_rndisx - ok
00:08:40.0407 2916 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:08:40.0410 2916 vdrvroot - ok
00:08:40.0460 2916 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:08:40.0463 2916 vga - ok
00:08:40.0494 2916 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:08:40.0497 2916 VgaSave - ok
00:08:40.0533 2916 VGPU - ok
00:08:40.0576 2916 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:08:40.0581 2916 vhdmp - ok
00:08:40.0629 2916 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:08:40.0632 2916 viaide - ok
00:08:40.0665 2916 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:08:40.0668 2916 volmgr - ok
00:08:40.0727 2916 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:08:40.0743 2916 volmgrx - ok
00:08:40.0791 2916 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:08:40.0796 2916 volsnap - ok
00:08:40.0848 2916 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:08:40.0853 2916 vsmraid - ok
00:08:40.0891 2916 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:08:40.0893 2916 vwifibus - ok
00:08:40.0924 2916 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:08:40.0928 2916 vwififlt - ok
00:08:40.0972 2916 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:08:40.0975 2916 vwifimp - ok
00:08:41.0013 2916 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:08:41.0016 2916 WacomPen - ok
00:08:41.0076 2916 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:08:41.0079 2916 WANARP - ok
00:08:41.0083 2916 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:08:41.0083 2916 Wanarpv6 - ok
00:08:41.0156 2916 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:08:41.0171 2916 Wd - ok
00:08:41.0215 2916 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:08:41.0231 2916 Wdf01000 - ok
00:08:41.0293 2916 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:08:41.0295 2916 WfpLwf - ok
00:08:41.0355 2916 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
00:08:41.0368 2916 WimFltr - ok
00:08:41.0433 2916 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:08:41.0436 2916 WIMMount - ok
00:08:41.0499 2916 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:08:41.0501 2916 WmiAcpi - ok
00:08:41.0585 2916 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:08:41.0588 2916 ws2ifsl - ok
00:08:41.0654 2916 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
00:08:41.0671 2916 WSDPrintDevice - ok
00:08:41.0742 2916 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:08:41.0745 2916 WudfPf - ok
00:08:41.0780 2916 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:08:41.0784 2916 WUDFRd - ok
00:08:41.0821 2916 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:08:41.0889 2916 \Device\Harddisk0\DR0 - ok
00:08:41.0897 2916 Boot (0x1200) (a76b6a2af9815e2e1f641dff1ae32783) \Device\Harddisk0\DR0\Partition0
00:08:41.0899 2916 \Device\Harddisk0\DR0\Partition0 - ok
00:08:41.0915 2916 Boot (0x1200) (7b56c55d99e128770e4ed3809da5f27c) \Device\Harddisk0\DR0\Partition1
00:08:41.0917 2916 \Device\Harddisk0\DR0\Partition1 - ok
00:08:41.0918 2916 ============================================================
00:08:41.0918 2916 Scan finished
00:08:41.0918 2916 ============================================================
00:08:41.0924 3636 Detected object count: 0
00:08:41.0924 3636 Actual detected object count: 0

[Elise]

Is your Norton antivirus working correctly at this point? I see some evidence it might not.

[mandre87]

Thank you again for all the help!!

The security suite shows that everything is "secure". Norton's "quick scan" runs when I try it and only catches tracking cookies. As far as I know it seems to be working. Should SVChost.exe be taking up as much memory as firefox to run? I have many different processes of SVChost.exe running, but one of them is taking up 130,000K memory (from windows task manager).

[Elise]

It depends. SVChost can be used by many different programs. Can you boot in Safe Mode with networking and let me know if you have the same problem there?

[mandre87]

After booting in safe mode with networking the svchost.exe is only taking up 10,000K (vs. the 130,000K when I boot normally).

[Elise]

Can you do a clean boot and see if you can determine which program causes the svchost.exe usage? (you can enable all disabled applications at a time).

[mandre87]

So I disabled all startup items and all non-microsoft services, but after rebooting, svchost.exe was still running at about 110,000K

[Elise]

In that case it is a Windows component causing this. Can you monitor if this is a constant load (the usage doesn't change) or if it occurs in spikes?

[mandre87]

It's pretty constant, staying around 120,000K now for the last 20 minutes or so.

[Elise]

Is this causing actual slowness or does the computer run normally nevertheless?

[mandre87]

The computer is running pretty much normally now, although the browser may be a bit slow. I never noticed the SVChost.exe this much memory before, but in terms of function, the computer is much better after all the help you've given me. Thank you again!

[Elise]

I'm glad to hear that!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  
• Look for "JDK 7u3 (JDK or JRE).
  
• Click the "Download JRE" button at the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
  • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
• Save it to your desktop
  
• Close any programs you may have running - especially your web browser.
  
• Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  
• Reboot your computer once all Java components are removed.
  
• Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on this link to open ESET OnlineScan in a new window.
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the
    icon on your desktop.
• Check "YES, I accept the Terms of Use."
  
• Click the Start button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check "Scan Archives" and "Remove found threats"
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, click List Threats
  
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Click the Back button.
  
• Click the Finish button.