Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

My PC is Continuously downloading 1MB of unknown data/5-10 sec

Started by hpapres, Apr 28 2012 03:07 PM

This topic is locked

5 replies to this topic

#1 hpapres

New Member

Members
3 posts

Posted 28 April 2012 - 03:07 PM

My PC has apparently been infected by some type of trojan that continuously downloads large amounts of data. What it is downloading and where it is going on this computer I am not sure. I have run the Malwarebytes Anti-Malware program several times. The first time it found numerous potential threats. I had it remove all and rebooted. Each time I run the program it finds and removes a Trojant.Agent memory process shown below in the excert from the most recent scan log:

mbam-log-2012-04-28 (08-36-11).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 367617
Time elapsed: 43 minute(s), 4 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4348 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)

I have downloaded and run DDS.exe per instructions and the resulting text files are attached.

Any help would be greatly appreciated.

Thanks

Attached Files

Attach.txt 7.11KB 23 downloads
DDS.txt 25.66KB 9 downloads

#2 Maniac

Forum Deity

Experts
17,454 posts

Gender:Male
Location:Bulgaria, EU

Posted 29 April 2012 - 05:38 AM

Hello hpapres and :welcome:

! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall Ask Toolbar and Ask Toolbar Updater, because is bundled with many third party applications - also see this note.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

TDSSKiller log
Malwarebytes' Anti-Malware log
a new fresh DDS log file

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#3 hpapres

New Member

Members
3 posts

Posted 29 April 2012 - 08:22 PM

I was able to remove the ASK toolbar as you suggested, however, whenever I try to remove the ASK Toolbar Updater I keep getting a popup message stating the following:

"You do not have sufficient access to uninstall Ask Toolbar Updater. Please contact your system administrator."

This doesn't make sense since I an Administrator on this laptop.

The data download issue seems to have stopped for now with the removal of the threat found by TDSSKiller.exe.

Here are log files you requested:

1) TDSSKiller Log

19:24:36.0192 3036 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
19:24:36.0202 3036 ============================================================
19:24:36.0202 3036 Current date / time: 2012/04/29 19:24:36.0202
19:24:36.0202 3036 SystemInfo:
19:24:36.0202 3036
19:24:36.0202 3036 OS Version: 6.1.7601 ServicePack: 1.0
19:24:36.0202 3036 Product type: Workstation
19:24:36.0202 3036 ComputerName: MIGUEL-AAH-HP
19:24:36.0202 3036 UserName: Charles N. Hasek
19:24:36.0202 3036 Windows directory: C:\Windows
19:24:36.0202 3036 System windows directory: C:\Windows
19:24:36.0202 3036 Running under WOW64
19:24:36.0202 3036 Processor architecture: Intel x64
19:24:36.0202 3036 Number of processors: 4
19:24:36.0202 3036 Page size: 0x1000
19:24:36.0202 3036 Boot type: Normal boot
19:24:36.0202 3036 ============================================================
19:24:36.0482 3036 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:24:36.0482 3036 ============================================================
19:24:36.0482 3036 \Device\Harddisk0\DR0:
19:24:36.0482 3036 MBR partitions:
19:24:36.0482 3036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:24:36.0482 3036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48B3E000
19:24:36.0482 3036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48BA2000, BlocksNum 0x1C82000
19:24:36.0482 3036 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
19:24:36.0482 3036 ============================================================
19:24:36.0512 3036 C: <-> \Device\Harddisk0\DR0\Partition1
19:24:36.0592 3036 D: <-> \Device\Harddisk0\DR0\Partition2
19:24:36.0592 3036 ============================================================
19:24:36.0592 3036 Initialize success
19:24:36.0592 3036 ============================================================
19:24:59.0113 4780 ============================================================
19:24:59.0113 4780 Scan started
19:24:59.0113 4780 Mode: Manual; SigCheck; TDLFS;
19:24:59.0113 4780 ============================================================
19:24:59.0573 4780 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:24:59.0673 4780 1394ohci - ok
19:24:59.0723 4780 Accelerometer (7a330a42870eb1fa81f88be514d2d566) C:\Windows\system32\DRIVERS\Accelerometer.sys
19:24:59.0763 4780 Accelerometer - ok
19:24:59.0823 4780 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:24:59.0853 4780 ACPI - ok
19:24:59.0873 4780 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:24:59.0973 4780 AcpiPmi - ok
19:25:00.0063 4780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:25:00.0093 4780 adp94xx - ok
19:25:00.0153 4780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:25:00.0183 4780 adpahci - ok
19:25:00.0233 4780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:25:00.0253 4780 adpu320 - ok
19:25:00.0283 4780 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:25:00.0473 4780 AeLookupSvc - ok
19:25:00.0573 4780 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
19:25:00.0673 4780 AESTFilters - ok
19:25:00.0773 4780 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:25:00.0873 4780 AFD - ok
19:25:00.0913 4780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:25:00.0933 4780 agp440 - ok
19:25:00.0983 4780 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:25:01.0053 4780 ALG - ok
19:25:01.0093 4780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:25:01.0123 4780 aliide - ok
19:25:01.0133 4780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:25:01.0143 4780 amdide - ok
19:25:01.0193 4780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:25:01.0233 4780 AmdK8 - ok
19:25:01.0253 4780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:25:01.0313 4780 AmdPPM - ok
19:25:01.0363 4780 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:25:01.0393 4780 amdsata - ok
19:25:01.0433 4780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:25:01.0453 4780 amdsbs - ok
19:25:01.0503 4780 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:25:01.0513 4780 amdxata - ok
19:25:01.0553 4780 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:25:01.0613 4780 AppID - ok
19:25:01.0643 4780 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:25:01.0713 4780 AppIDSvc - ok
19:25:01.0793 4780 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:25:01.0863 4780 Appinfo - ok
19:25:01.0963 4780 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:25:01.0983 4780 Apple Mobile Device - ok
19:25:02.0023 4780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:25:02.0043 4780 arc - ok
19:25:02.0073 4780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:25:02.0093 4780 arcsas - ok
19:25:02.0133 4780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:25:02.0273 4780 AsyncMac - ok
19:25:02.0303 4780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:25:02.0323 4780 atapi - ok
19:25:02.0403 4780 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:25:02.0463 4780 AudioEndpointBuilder - ok
19:25:02.0473 4780 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:25:02.0513 4780 AudioSrv - ok
19:25:02.0563 4780 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:25:02.0693 4780 AxInstSV - ok
19:25:02.0763 4780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:25:02.0853 4780 b06bdrv - ok
19:25:02.0923 4780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:25:02.0983 4780 b57nd60a - ok
19:25:03.0143 4780 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:25:03.0193 4780 BCM43XX - ok
19:25:03.0243 4780 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:25:03.0333 4780 BDESVC - ok
19:25:03.0393 4780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:25:03.0473 4780 Beep - ok
19:25:03.0573 4780 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:25:03.0653 4780 BFE - ok
19:25:03.0953 4780 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
19:25:03.0993 4780 BHDrvx64 - ok
19:25:04.0173 4780 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:25:04.0243 4780 BITS - ok
19:25:04.0313 4780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:25:04.0358 4780 blbdrive - ok
19:25:04.0477 4780 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
19:25:04.0495 4780 Bonjour Service - ok
19:25:04.0525 4780 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:25:04.0599 4780 bowser - ok
19:25:04.0630 4780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:25:04.0662 4780 BrFiltLo - ok
19:25:04.0696 4780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:25:04.0712 4780 BrFiltUp - ok
19:25:04.0746 4780 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:25:04.0860 4780 Browser - ok
19:25:04.0930 4780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:25:05.0020 4780 Brserid - ok
19:25:05.0050 4780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:25:05.0100 4780 BrSerWdm - ok
19:25:05.0130 4780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:25:05.0180 4780 BrUsbMdm - ok
19:25:05.0210 4780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:25:05.0260 4780 BrUsbSer - ok
19:25:05.0300 4780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:25:05.0360 4780 BTHMODEM - ok
19:25:05.0420 4780 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:25:05.0510 4780 bthserv - ok
19:25:05.0610 4780 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys
19:25:05.0640 4780 ccSet_N360 - ok
19:25:05.0670 4780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:25:05.0740 4780 cdfs - ok
19:25:05.0810 4780 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:25:05.0870 4780 cdrom - ok
19:25:05.0920 4780 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:25:06.0010 4780 CertPropSvc - ok
19:25:06.0060 4780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:25:06.0121 4780 circlass - ok
19:25:06.0191 4780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:25:06.0221 4780 CLFS - ok
19:25:06.0281 4780 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:25:06.0311 4780 clr_optimization_v2.0.50727_32 - ok
19:25:06.0381 4780 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:25:06.0401 4780 clr_optimization_v2.0.50727_64 - ok
19:25:06.0491 4780 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:25:06.0511 4780 clr_optimization_v4.0.30319_32 - ok
19:25:06.0551 4780 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:25:06.0561 4780 clr_optimization_v4.0.30319_64 - ok
19:25:06.0601 4780 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
19:25:06.0631 4780 clwvd - ok
19:25:06.0661 4780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:25:06.0711 4780 CmBatt - ok
19:25:06.0741 4780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:25:06.0771 4780 cmdide - ok
19:25:06.0881 4780 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:25:06.0921 4780 CNG - ok
19:25:06.0951 4780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:25:06.0981 4780 Compbatt - ok
19:25:07.0001 4780 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:25:07.0041 4780 CompositeBus - ok
19:25:07.0061 4780 COMSysApp - ok
19:25:07.0091 4780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:25:07.0101 4780 crcdisk - ok
19:25:07.0151 4780 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:25:07.0211 4780 CryptSvc - ok
19:25:07.0381 4780 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:25:07.0411 4780 cvhsvc - ok
19:25:07.0501 4780 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:25:07.0571 4780 DcomLaunch - ok
19:25:07.0641 4780 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:25:07.0721 4780 defragsvc - ok
19:25:07.0821 4780 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:25:07.0901 4780 DfsC - ok
19:25:07.0971 4780 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:25:08.0051 4780 Dhcp - ok
19:25:08.0101 4780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:25:08.0181 4780 discache - ok
19:25:08.0241 4780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:25:08.0261 4780 Disk - ok
19:25:08.0301 4780 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:25:08.0391 4780 Dnscache - ok
19:25:08.0441 4780 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:25:08.0521 4780 dot3svc - ok
19:25:08.0551 4780 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:25:08.0611 4780 DPS - ok
19:25:08.0661 4780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:25:08.0721 4780 drmkaud - ok
19:25:08.0831 4780 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:25:08.0861 4780 DXGKrnl - ok
19:25:08.0911 4780 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:25:09.0001 4780 EapHost - ok
19:25:09.0261 4780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:25:09.0311 4780 ebdrv - ok
19:25:09.0421 4780 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:25:09.0451 4780 eeCtrl - ok
19:25:09.0561 4780 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:25:09.0651 4780 EFS - ok
19:25:09.0751 4780 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:25:09.0891 4780 ehRecvr - ok
19:25:09.0911 4780 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:25:09.0931 4780 ehSched - ok
19:25:10.0021 4780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:25:10.0051 4780 elxstor - ok
19:25:10.0171 4780 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:25:10.0201 4780 EraserUtilRebootDrv - ok
19:25:10.0221 4780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:25:10.0261 4780 ErrDev - ok
19:25:10.0331 4780 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:25:10.0411 4780 EventSystem - ok
19:25:10.0621 4780 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:25:10.0671 4780 EvtEng - ok
19:25:10.0821 4780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:25:10.0891 4780 exfat - ok
19:25:10.0901 4780 ezSharedSvc - ok
19:25:10.0941 4780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:25:11.0001 4780 fastfat - ok
19:25:11.0101 4780 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:25:11.0201 4780 Fax - ok
19:25:11.0231 4780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:25:11.0261 4780 fdc - ok
19:25:11.0301 4780 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:25:11.0371 4780 fdPHost - ok
19:25:11.0381 4780 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:25:11.0411 4780 FDResPub - ok
19:25:11.0451 4780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:25:11.0461 4780 FileInfo - ok
19:25:11.0471 4780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:25:11.0531 4780 Filetrace - ok
19:25:11.0561 4780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:25:11.0581 4780 flpydisk - ok
19:25:11.0631 4780 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:25:11.0661 4780 FltMgr - ok
19:25:11.0761 4780 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:25:11.0861 4780 FontCache - ok
19:25:11.0931 4780 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:25:11.0951 4780 FontCache3.0.0.0 - ok
19:25:12.0071 4780 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
19:25:12.0101 4780 FPLService - ok
19:25:12.0211 4780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:25:12.0241 4780 FsDepends - ok
19:25:12.0271 4780 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:25:12.0281 4780 Fs_Rec - ok
19:25:12.0341 4780 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:25:12.0371 4780 fvevol - ok
19:25:12.0431 4780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:25:12.0451 4780 gagp30kx - ok
19:25:12.0541 4780 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:25:12.0551 4780 GamesAppService - ok
19:25:12.0601 4780 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:25:12.0631 4780 GEARAspiWDM - ok
19:25:12.0721 4780 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:25:12.0771 4780 gpsvc - ok
19:25:12.0801 4780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:25:12.0901 4780 hcw85cir - ok
19:25:12.0951 4780 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:25:13.0001 4780 HdAudAddService - ok
19:25:13.0061 4780 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:25:13.0131 4780 HDAudBus - ok
19:25:13.0171 4780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:25:13.0221 4780 HidBatt - ok
19:25:13.0281 4780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:25:13.0331 4780 HidBth - ok
19:25:13.0381 4780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:25:13.0401 4780 HidIr - ok
19:25:13.0421 4780 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:25:13.0521 4780 hidserv - ok
19:25:13.0571 4780 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:25:13.0601 4780 HidUsb - ok
19:25:13.0641 4780 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:25:13.0721 4780 hkmsvc - ok
19:25:13.0791 4780 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:25:13.0901 4780 HomeGroupListener - ok
19:25:13.0941 4780 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:25:13.0991 4780 HomeGroupProvider - ok
19:25:14.0091 4780 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
19:25:14.0111 4780 HP Health Check Service - ok
19:25:14.0221 4780 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:25:14.0251 4780 HPClientSvc - ok
19:25:14.0381 4780 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
19:25:14.0421 4780 hpCMSrv - ok
19:25:14.0481 4780 HPDrvMntSvc.exe (18062df0dceb4ed88e03a8b161935722) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:25:14.0501 4780 HPDrvMntSvc.exe - ok
19:25:14.0621 4780 hpdskflt (a4be23c451adeb252cd17a0532cae220) C:\Windows\system32\DRIVERS\hpdskflt.sys
19:25:14.0641 4780 hpdskflt - ok
19:25:14.0741 4780 hpqwmiex (7b1637e5e0476ce22e8d76ac1203205e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
19:25:14.0771 4780 hpqwmiex - ok
19:25:14.0811 4780 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:25:14.0821 4780 HpSAMD - ok
19:25:14.0841 4780 hpsrv (a88a45e82bc54bffb49c63973010226a) C:\Windows\system32\Hpservice.exe
19:25:14.0851 4780 hpsrv - ok
19:25:14.0921 4780 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
19:25:14.0941 4780 HPWMISVC - ok
19:25:15.0031 4780 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:25:15.0101 4780 HTTP - ok
19:25:15.0131 4780 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:25:15.0141 4780 hwpolicy - ok
19:25:15.0181 4780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:25:15.0211 4780 i8042prt - ok
19:25:15.0281 4780 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
19:25:15.0301 4780 iaStor - ok
19:25:15.0421 4780 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:25:15.0451 4780 IAStorDataMgrSvc - ok
19:25:15.0521 4780 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:25:15.0551 4780 iaStorV - ok
19:25:15.0681 4780 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:25:15.0711 4780 idsvc - ok
19:25:15.0941 4780 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120427.001\IDSvia64.sys
19:25:15.0971 4780 IDSVia64 - ok
19:25:17.0011 4780 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:25:17.0221 4780 igfx - ok
19:25:17.0361 4780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:25:17.0381 4780 iirsp - ok
19:25:17.0471 4780 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:25:17.0561 4780 IKEEXT - ok
19:25:17.0621 4780 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:25:17.0691 4780 IntcDAud - ok
19:25:17.0721 4780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:25:17.0731 4780 intelide - ok
19:25:17.0761 4780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:25:17.0801 4780 intelppm - ok
19:25:17.0851 4780 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:25:17.0931 4780 IPBusEnum - ok
19:25:17.0961 4780 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:25:18.0001 4780 IpFilterDriver - ok
19:25:18.0081 4780 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:25:18.0161 4780 iphlpsvc - ok
19:25:18.0191 4780 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:25:18.0221 4780 IPMIDRV - ok
19:25:18.0261 4780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:25:18.0311 4780 IPNAT - ok
19:25:18.0451 4780 iPod Service (b7cb0b121962cd89f98c0dd89331b0c0) C:\Program Files\iPod\bin\iPodService.exe
19:25:18.0481 4780 iPod Service - ok
19:25:18.0511 4780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:25:18.0521 4780 IRENUM - ok
19:25:18.0551 4780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:25:18.0561 4780 isapnp - ok
19:25:18.0601 4780 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:25:18.0631 4780 iScsiPrt - ok
19:25:18.0671 4780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:25:18.0691 4780 kbdclass - ok
19:25:18.0701 4780 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:25:18.0731 4780 kbdhid - ok
19:25:18.0791 4780 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:25:18.0811 4780 KeyIso - ok
19:25:18.0831 4780 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:25:18.0851 4780 KSecDD - ok
19:25:18.0871 4780 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:25:18.0881 4780 KSecPkg - ok
19:25:18.0931 4780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:25:19.0021 4780 ksthunk - ok
19:25:19.0091 4780 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:25:19.0161 4780 KtmRm - ok
19:25:19.0241 4780 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:25:19.0311 4780 LanmanServer - ok
19:25:19.0371 4780 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:25:19.0451 4780 LanmanWorkstation - ok
19:25:19.0491 4780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:25:19.0551 4780 lltdio - ok
19:25:19.0611 4780 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:25:19.0681 4780 lltdsvc - ok
19:25:19.0721 4780 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:25:19.0751 4780 lmhosts - ok
19:25:19.0881 4780 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:25:19.0921 4780 LMS - ok
19:25:19.0951 4780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:25:19.0971 4780 LSI_FC - ok
19:25:20.0001 4780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:25:20.0031 4780 LSI_SAS - ok
19:25:20.0061 4780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:25:20.0091 4780 LSI_SAS2 - ok
19:25:20.0131 4780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:25:20.0161 4780 LSI_SCSI - ok
19:25:20.0191 4780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:25:20.0261 4780 luafv - ok
19:25:20.0311 4780 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:25:20.0341 4780 Mcx2Svc - ok
19:25:20.0361 4780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:25:20.0371 4780 megasas - ok
19:25:20.0441 4780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:25:20.0471 4780 MegaSR - ok
19:25:20.0501 4780 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:25:20.0511 4780 MEIx64 - ok
19:25:20.0611 4780 Microsoft SharePoint Workspace Audit Service - ok
19:25:20.0651 4780 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:25:20.0731 4780 MMCSS - ok
19:25:20.0761 4780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:25:20.0841 4780 Modem - ok
19:25:20.0881 4780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:25:20.0941 4780 monitor - ok
19:25:20.0981 4780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:25:21.0001 4780 mouclass - ok
19:25:21.0041 4780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:25:21.0081 4780 mouhid - ok
19:25:21.0131 4780 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:25:21.0151 4780 mountmgr - ok
19:25:21.0181 4780 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:25:21.0191 4780 mpio - ok
19:25:21.0221 4780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:25:21.0261 4780 mpsdrv - ok
19:25:21.0341 4780 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:25:21.0411 4780 MpsSvc - ok
19:25:21.0451 4780 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:25:21.0481 4780 MRxDAV - ok
19:25:21.0521 4780 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:25:21.0601 4780 mrxsmb - ok
19:25:21.0651 4780 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:25:21.0691 4780 mrxsmb10 - ok
19:25:21.0701 4780 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:25:21.0711 4780 mrxsmb20 - ok
19:25:21.0741 4780 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:25:21.0751 4780 msahci - ok
19:25:21.0791 4780 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:25:21.0801 4780 msdsm - ok
19:25:21.0831 4780 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:25:21.0861 4780 MSDTC - ok
19:25:21.0901 4780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:25:21.0931 4780 Msfs - ok
19:25:21.0991 4780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:25:22.0071 4780 mshidkmdf - ok
19:25:22.0101 4780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:25:22.0111 4780 msisadrv - ok
19:25:22.0161 4780 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:25:22.0201 4780 MSiSCSI - ok
19:25:22.0201 4780 msiserver - ok
19:25:22.0231 4780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:25:22.0301 4780 MSKSSRV - ok
19:25:22.0321 4780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:25:22.0411 4780 MSPCLOCK - ok
19:25:22.0441 4780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:25:22.0491 4780 MSPQM - ok
19:25:22.0551 4780 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:25:22.0581 4780 MsRPC - ok
19:25:22.0601 4780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:25:22.0611 4780 mssmbios - ok
19:25:22.0661 4780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:25:22.0741 4780 MSTEE - ok
19:25:22.0761 4780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:25:22.0771 4780 MTConfig - ok
19:25:22.0791 4780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:25:22.0801 4780 Mup - ok
19:25:22.0931 4780 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:25:22.0951 4780 MyWiFiDHCPDNS - ok
19:25:23.0101 4780 N360 (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
19:25:23.0131 4780 N360 - ok
19:25:23.0191 4780 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:25:23.0261 4780 napagent - ok
19:25:23.0331 4780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:25:23.0391 4780 NativeWifiP - ok
19:25:23.0541 4780 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120420.002\ENG64.SYS
19:25:23.0571 4780 NAVENG - ok
19:25:23.0751 4780 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120420.002\EX64.SYS
19:25:23.0801 4780 NAVEX15 - ok
19:25:24.0011 4780 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
19:25:24.0041 4780 NDIS - ok
19:25:24.0081 4780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:25:24.0171 4780 NdisCap - ok
19:25:24.0221 4780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:25:24.0271 4780 NdisTapi - ok
19:25:24.0291 4780 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:25:24.0341 4780 Ndisuio - ok
19:25:24.0381 4780 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:25:24.0441 4780 NdisWan - ok
19:25:24.0471 4780 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:25:24.0511 4780 NDProxy - ok
19:25:24.0541 4780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:25:24.0621 4780 NetBIOS - ok
19:25:24.0661 4780 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:25:24.0721 4780 NetBT - ok
19:25:24.0761 4780 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:25:24.0771 4780 Netlogon - ok
19:25:24.0821 4780 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:25:24.0891 4780 Netman - ok
19:25:24.0951 4780 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:25:25.0061 4780 netprofm - ok
19:25:25.0171 4780 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:25:25.0191 4780 NetTcpPortSharing - ok
19:25:25.0771 4780 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
19:25:25.0911 4780 NETwNs64 - ok
19:25:26.0081 4780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:25:26.0111 4780 nfrd960 - ok
19:25:26.0161 4780 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:25:26.0231 4780 NlaSvc - ok
19:25:26.0251 4780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:25:26.0291 4780 Npfs - ok
19:25:26.0321 4780 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:25:26.0401 4780 nsi - ok
19:25:26.0431 4780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:25:26.0511 4780 nsiproxy - ok
19:25:26.0691 4780 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:25:26.0731 4780 Ntfs - ok
19:25:26.0861 4780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:25:26.0921 4780 Null - ok
19:25:26.0961 4780 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:25:27.0021 4780 nusb3hub - ok
19:25:27.0071 4780 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:25:27.0141 4780 nusb3xhc - ok
19:25:27.0211 4780 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
19:25:27.0261 4780 NVENETFD - ok
19:25:27.0321 4780 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:25:27.0341 4780 nvraid - ok
19:25:27.0371 4780 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:25:27.0381 4780 nvstor - ok
19:25:27.0431 4780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:25:27.0451 4780 nv_agp - ok
19:25:27.0481 4780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:25:27.0501 4780 ohci1394 - ok
19:25:27.0591 4780 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:25:27.0611 4780 ose - ok
19:25:28.0111 4780 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:25:28.0201 4780 osppsvc - ok
19:25:28.0361 4780 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:25:28.0451 4780 p2pimsvc - ok
19:25:28.0521 4780 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:25:28.0541 4780 p2psvc - ok
19:25:28.0601 4780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:25:28.0631 4780 Parport - ok
19:25:28.0661 4780 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:25:28.0671 4780 partmgr - ok
19:25:28.0721 4780 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:25:28.0771 4780 PcaSvc - ok
19:25:28.0811 4780 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:25:28.0821 4780 pci - ok
19:25:28.0841 4780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:25:28.0851 4780 pciide - ok
19:25:28.0891 4780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:25:28.0911 4780 pcmcia - ok
19:25:28.0941 4780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:25:28.0951 4780 pcw - ok
19:25:29.0011 4780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:25:29.0071 4780 PEAUTH - ok
19:25:29.0181 4780 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:25:29.0231 4780 PerfHost - ok
19:25:29.0381 4780 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:25:29.0451 4780 pla - ok
19:25:29.0541 4780 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:25:29.0631 4780 PlugPlay - ok
19:25:29.0651 4780 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:25:29.0691 4780 PNRPAutoReg - ok
19:25:29.0751 4780 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:25:29.0771 4780 PNRPsvc - ok
19:25:29.0841 4780 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:25:29.0921 4780 PolicyAgent - ok
19:25:29.0971 4780 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:25:30.0061 4780 Power - ok
19:25:30.0151 4780 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:25:30.0231 4780 PptpMiniport - ok
19:25:30.0251 4780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:25:30.0281 4780 Processor - ok
19:25:30.0321 4780 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:25:30.0401 4780 ProfSvc - ok
19:25:30.0441 4780 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:25:30.0471 4780 ProtectedStorage - ok
19:25:30.0511 4780 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:25:30.0581 4780 Psched - ok
19:25:30.0621 4780 PTDUBus (bccea08c45bea866ffd2af32d23611b5) C:\Windows\system32\DRIVERS\PTDUBus.sys
19:25:30.0631 4780 PTDUBus - ok
19:25:30.0681 4780 PTDUMdm (f94a0753921e97cebb9002682097149a) C:\Windows\system32\DRIVERS\PTDUMdm.sys
19:25:30.0691 4780 PTDUMdm - ok
19:25:30.0711 4780 PTDUVsp (ac70cdae9e26d26ef6f41c3c23087aae) C:\Windows\system32\DRIVERS\PTDUVsp.sys
19:25:30.0731 4780 PTDUVsp - ok
19:25:30.0751 4780 PTDUWFLT (1d2bd34a8e5c9efd75085af598a7d9b4) C:\Windows\system32\DRIVERS\PTDUWFLT.sys
19:25:30.0761 4780 PTDUWFLT - ok
19:25:30.0781 4780 PTDUWWAN (3d47d2ae93fdf671c3c997b2fac4e13f) C:\Windows\system32\DRIVERS\PTDUWWAN.sys
19:25:30.0801 4780 PTDUWWAN - ok
19:25:30.0931 4780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:25:30.0971 4780 ql2300 - ok
19:25:31.0121 4780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:25:31.0141 4780 ql40xx - ok
19:25:31.0181 4780 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:25:31.0201 4780 QWAVE - ok
19:25:31.0231 4780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:25:31.0261 4780 QWAVEdrv - ok
19:25:31.0291 4780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:25:31.0321 4780 RasAcd - ok
19:25:31.0361 4780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:25:31.0431 4780 RasAgileVpn - ok
19:25:31.0471 4780 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:25:31.0561 4780 RasAuto - ok
19:25:31.0591 4780 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:25:31.0631 4780 Rasl2tp - ok
19:25:31.0691 4780 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:25:31.0761 4780 RasMan - ok
19:25:31.0801 4780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:25:31.0881 4780 RasPppoe - ok
19:25:31.0931 4780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:25:32.0011 4780 RasSstp - ok
19:25:32.0051 4780 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:25:32.0121 4780 rdbss - ok
19:25:32.0191 4780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:25:32.0221 4780 rdpbus - ok
19:25:32.0241 4780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:25:32.0301 4780 RDPCDD - ok
19:25:32.0321 4780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:25:32.0401 4780 RDPENCDD - ok
19:25:32.0431 4780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:25:32.0461 4780 RDPREFMP - ok
19:25:32.0511 4780 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:25:32.0571 4780 RDPWD - ok
19:25:32.0621 4780 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:25:32.0651 4780 rdyboost - ok
19:25:32.0801 4780 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:25:32.0831 4780 RegSrvc - ok
19:25:32.0871 4780 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:25:32.0931 4780 RemoteAccess - ok
19:25:32.0991 4780 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:25:33.0071 4780 RemoteRegistry - ok
19:25:33.0181 4780 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
19:25:33.0211 4780 RoxioNow Service - ok
19:25:33.0231 4780 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:25:33.0291 4780 RpcEptMapper - ok
19:25:33.0321 4780 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:25:33.0351 4780 RpcLocator - ok
19:25:33.0421 4780 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:25:33.0471 4780 RpcSs - ok
19:25:33.0591 4780 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
19:25:33.0631 4780 RSPCIESTOR - ok
19:25:33.0671 4780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:25:33.0721 4780 rspndr - ok
19:25:33.0771 4780 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:25:33.0791 4780 RTL8167 - ok
19:25:33.0821 4780 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:25:33.0831 4780 SamSs - ok
19:25:33.0871 4780 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:25:33.0881 4780 sbp2port - ok
19:25:33.0931 4780 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:25:33.0981 4780 SCardSvr - ok
19:25:34.0021 4780 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:25:34.0101 4780 scfilter - ok
19:25:34.0221 4780 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:25:34.0291 4780 Schedule - ok
19:25:34.0321 4780 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:25:34.0381 4780 SCPolicySvc - ok
19:25:34.0441 4780 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
19:25:34.0491 4780 sdbus - ok
19:25:34.0551 4780 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:25:34.0641 4780 SDRSVC - ok
19:25:34.0671 4780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:25:34.0731 4780 secdrv - ok
19:25:34.0771 4780 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:25:34.0821 4780 seclogon - ok
19:25:34.0841 4780 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:25:34.0921 4780 SENS - ok
19:25:34.0971 4780 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:25:35.0071 4780 SensrSvc - ok
19:25:35.0101 4780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:25:35.0141 4780 Serenum - ok
19:25:35.0201 4780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:25:35.0241 4780 Serial - ok
19:25:35.0281 4780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:25:35.0331 4780 sermouse - ok
19:25:35.0391 4780 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:25:35.0471 4780 SessionEnv - ok
19:25:35.0501 4780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:25:35.0521 4780 sffdisk - ok
19:25:35.0531 4780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:25:35.0561 4780 sffp_mmc - ok
19:25:35.0591 4780 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:25:35.0641 4780 sffp_sd - ok
19:25:35.0671 4780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:25:35.0711 4780 sfloppy - ok
19:25:35.0821 4780 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:25:35.0861 4780 Sftfs - ok
19:25:35.0971 4780 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:25:36.0001 4780 sftlist - ok
19:25:36.0041 4780 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:25:36.0051 4780 Sftplay - ok
19:25:36.0071 4780 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:25:36.0081 4780 Sftredir - ok
19:25:36.0091 4780 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:25:36.0101 4780 Sftvol - ok
19:25:36.0131 4780 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:25:36.0141 4780 sftvsa - ok
19:25:36.0191 4780 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:25:36.0231 4780 SharedAccess - ok
19:25:36.0291 4780 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:25:36.0361 4780 ShellHWDetection - ok
19:25:36.0411 4780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:25:36.0421 4780 SiSRaid2 - ok
19:25:36.0451 4780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:25:36.0461 4780 SiSRaid4 - ok
19:25:36.0491 4780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:25:36.0551 4780 Smb - ok
19:25:36.0651 4780 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
19:25:36.0671 4780 SMSIVZAM5X64 - ok
19:25:36.0721 4780 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:25:36.0761 4780 SNMPTRAP - ok
19:25:36.0801 4780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:25:36.0811 4780 spldr - ok
19:25:36.0881 4780 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:25:36.0921 4780 Spooler - ok
19:25:37.0201 4780 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:25:37.0291 4780 sppsvc - ok
19:25:37.0421 4780 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:25:37.0481 4780 sppuinotify - ok
19:25:37.0651 4780 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\N360x64\0601020.00A\SRTSP64.SYS
19:25:37.0681 4780 SRTSP - ok
19:25:37.0701 4780 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\N360x64\0601020.00A\SRTSPX64.SYS
19:25:37.0711 4780 SRTSPX - ok
19:25:37.0771 4780 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:25:37.0861 4780 srv - ok
19:25:37.0931 4780 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:25:37.0981 4780 srv2 - ok
19:25:38.0081 4780 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:25:38.0111 4780 SrvHsfHDA - ok
19:25:38.0221 4780 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:25:38.0271 4780 SrvHsfV92 - ok
19:25:38.0471 4780 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:25:38.0531 4780 SrvHsfWinac - ok
19:25:38.0581 4780 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:25:38.0611 4780 srvnet - ok
19:25:38.0651 4780 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:25:38.0701 4780 SSDPSRV - ok
19:25:38.0731 4780 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:25:38.0771 4780 SstpSvc - ok
19:25:38.0891 4780 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe
19:25:38.0911 4780 STacSV - ok
19:25:38.0941 4780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:25:38.0951 4780 stexstor - ok
19:25:39.0071 4780 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys
19:25:39.0111 4780 STHDA - ok
19:25:39.0211 4780 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:25:39.0251 4780 stisvc - ok
19:25:39.0271 4780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:25:39.0281 4780 swenum - ok
19:25:39.0351 4780 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:25:39.0431 4780 swprv - ok
19:25:39.0561 4780 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS
19:25:39.0591 4780 SymDS - ok
19:25:39.0711 4780 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS
19:25:39.0751 4780 SymEFA - ok
19:25:39.0821 4780 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:25:39.0841 4780 SymEvent - ok
19:25:39.0881 4780 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS
19:25:39.0901 4780 SymIRON - ok
19:25:39.0951 4780 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS
19:25:39.0971 4780 SymNetS - ok
19:25:40.0131 4780 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
19:25:40.0171 4780 SynTP - ok
19:25:40.0431 4780 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:25:40.0491 4780 SysMain - ok
19:25:40.0611 4780 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:25:40.0681 4780 TabletInputService - ok
19:25:40.0721 4780 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:25:40.0781 4780 TapiSrv - ok
19:25:40.0821 4780 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:25:40.0861 4780 TBS - ok
19:25:41.0091 4780 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:25:41.0131 4780 Tcpip - ok
19:25:41.0441 4780 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:25:41.0491 4780 TCPIP6 - ok
19:25:41.0621 4780 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:25:41.0711 4780 tcpipreg - ok
19:25:41.0741 4780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:25:41.0751 4780 TDPIPE - ok
19:25:41.0781 4780 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:25:41.0821 4780 TDTCP - ok
19:25:41.0861 4780 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:25:41.0911 4780 tdx - ok
19:25:41.0961 4780 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:25:41.0971 4780 TermDD - ok
19:25:42.0051 4780 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:25:42.0111 4780 TermService - ok
19:25:42.0151 4780 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:25:42.0191 4780 Themes - ok
19:25:42.0221 4780 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:25:42.0261 4780 THREADORDER - ok
19:25:42.0291 4780 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:25:42.0341 4780 TrkWks - ok
19:25:42.0401 4780 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:25:42.0461 4780 TrustedInstaller - ok
19:25:42.0501 4780 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:25:42.0551 4780 tssecsrv - ok
19:25:42.0591 4780 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:25:42.0611 4780 TsUsbFlt - ok
19:25:42.0641 4780 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:25:42.0681 4780 TsUsbGD - ok
19:25:42.0731 4780 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:25:42.0811 4780 tunnel - ok
19:25:42.0841 4780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:25:42.0851 4780 uagp35 - ok
19:25:42.0911 4780 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:25:42.0991 4780 udfs - ok
19:25:43.0021 4780 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:25:43.0041 4780 UI0Detect - ok
19:25:43.0101 4780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:25:43.0151 4780 uliagpkx - ok
19:25:43.0211 4780 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:25:43.0261 4780 umbus - ok
19:25:43.0291 4780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:25:43.0341 4780 UmPass - ok
19:25:43.0651 4780 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:25:43.0711 4780 UNS - ok
19:25:43.0851 4780 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:25:43.0941 4780 upnphost - ok
19:25:44.0011 4780 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:25:44.0101 4780 USBAAPL64 - ok
19:25:44.0141 4780 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:25:44.0191 4780 usbccgp - ok
19:25:44.0241 4780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:25:44.0271 4780 usbcir - ok
19:25:44.0291 4780 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:25:44.0331 4780 usbehci - ok
19:25:44.0401 4780 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:25:44.0451 4780 usbhub - ok
19:25:44.0481 4780 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:25:44.0511 4780 usbohci - ok
19:25:44.0561 4780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:25:44.0621 4780 usbprint - ok
19:25:44.0671 4780 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:25:44.0701 4780 USBSTOR - ok
19:25:44.0721 4780 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:25:44.0761 4780 usbuhci - ok
19:25:44.0821 4780 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:25:44.0851 4780 usbvideo - ok
19:25:44.0881 4780 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:25:44.0941 4780 UxSms - ok
19:25:44.0981 4780 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:25:44.0991 4780 VaultSvc - ok
19:25:45.0011 4780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:25:45.0031 4780 vdrvroot - ok
19:25:45.0101 4780 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:25:45.0171 4780 vds - ok
19:25:45.0211 4780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:25:45.0241 4780 vga - ok
19:25:45.0261 4780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:25:45.0311 4780 VgaSave - ok
19:25:45.0371 4780 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:25:45.0391 4780 vhdmp - ok
19:25:45.0421 4780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:25:45.0431 4780 viaide - ok
19:25:45.0461 4780 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:25:45.0481 4780 volmgr - ok
19:25:45.0541 4780 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:25:45.0551 4780 volmgrx - ok
19:25:45.0611 4780 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:25:45.0641 4780 volsnap - ok
19:25:45.0681 4780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:25:45.0701 4780 vsmraid - ok
19:25:45.0851 4780 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:25:45.0921 4780 VSS - ok
19:25:46.0061 4780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:25:46.0121 4780 vwifibus - ok
19:25:46.0161 4780 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:25:46.0221 4780 vwififlt - ok
19:25:46.0251 4780 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:25:46.0261 4780 vwifimp - ok
19:25:46.0331 4780 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:25:46.0381 4780 W32Time - ok
19:25:46.0411 4780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:25:46.0441 4780 WacomPen - ok
19:25:46.0491 4780 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:25:46.0561 4780 WANARP - ok
19:25:46.0561 4780 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:25:46.0591 4780 Wanarpv6 - ok
19:25:46.0731 4780 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:25:46.0761 4780 WatAdminSvc - ok
19:25:46.0911 4780 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:25:46.0981 4780 wbengine - ok
19:25:47.0111 4780 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:25:47.0161 4780 WbioSrvc - ok
19:25:47.0201 4780 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:25:47.0251 4780 wcncsvc - ok
19:25:47.0271 4780 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:25:47.0301 4780 WcsPlugInService - ok
19:25:47.0351 4780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:25:47.0381 4780 Wd - ok
19:25:47.0461 4780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:25:47.0491 4780 Wdf01000 - ok
19:25:47.0521 4780 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:25:47.0581 4780 WdiServiceHost - ok
19:25:47.0581 4780 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:25:47.0601 4780 WdiSystemHost - ok
19:25:47.0641 4780 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys
19:25:47.0651 4780 wdkmd - ok
19:25:47.0701 4780 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:25:47.0761 4780 WebClient - ok
19:25:47.0811 4780 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:25:47.0891 4780 Wecsvc - ok
19:25:47.0931 4780 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:25:47.0971 4780 wercplsupport - ok
19:25:48.0011 4780 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:25:48.0071 4780 WerSvc - ok
19:25:48.0131 4780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:25:48.0181 4780 WfpLwf - ok
19:25:48.0221 4780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:25:48.0231 4780 WIMMount - ok
19:25:48.0251 4780 WinDefend - ok
19:25:48.0251 4780 WinHttpAutoProxySvc - ok
19:25:48.0321 4780 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:25:48.0381 4780 Winmgmt - ok
19:25:48.0601 4780 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:25:48.0661 4780 WinRM - ok
19:25:48.0821 4780 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
19:25:48.0851 4780 WinUsb - ok
19:25:48.0961 4780 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:25:49.0041 4780 Wlansvc - ok
19:25:49.0131 4780 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:25:49.0151 4780 wlcrasvc - ok
19:25:49.0391 4780 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:25:49.0441 4780 wlidsvc - ok
19:25:49.0571 4780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:25:49.0621 4780 WmiAcpi - ok
19:25:49.0711 4780 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:25:49.0761 4780 wmiApSrv - ok
19:25:49.0821 4780 WMPNetworkSvc - ok
19:25:49.0851 4780 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:25:49.0891 4780 WPCSvc - ok
19:25:49.0911 4780 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:25:49.0931 4780 WPDBusEnum - ok
19:25:49.0961 4780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:25:49.0991 4780 ws2ifsl - ok
19:25:50.0031 4780 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
19:25:50.0101 4780 wscsvc - ok
19:25:50.0101 4780 WSearch - ok
19:25:50.0311 4780 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:25:50.0391 4780 wuauserv - ok
19:25:50.0541 4780 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:25:50.0621 4780 WudfPf - ok
19:25:50.0661 4780 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:25:50.0741 4780 WUDFRd - ok
19:25:50.0771 4780 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:25:50.0821 4780 wudfsvc - ok
19:25:50.0851 4780 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:25:50.0871 4780 WwanSvc - ok
19:25:50.0911 4780 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
19:25:50.0951 4780 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
19:25:50.0951 4780 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
19:25:51.0011 4780 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:25:51.0011 4780 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:25:51.0011 4780 Boot (0x1200) (97a4e1af68b0c5d7529196783c90014d) \Device\Harddisk0\DR0\Partition0
19:25:51.0011 4780 \Device\Harddisk0\DR0\Partition0 - ok
19:25:51.0041 4780 Boot (0x1200) (29fda0f0e3e6bc6f612a74751a98f6fc) \Device\Harddisk0\DR0\Partition1
19:25:51.0041 4780 \Device\Harddisk0\DR0\Partition1 - ok
19:25:51.0071 4780 Boot (0x1200) (38d7bef16ff0d74c1e9e9171afc46987) \Device\Harddisk0\DR0\Partition2
19:25:51.0071 4780 \Device\Harddisk0\DR0\Partition2 - ok
19:25:51.0151 4780 Boot (0x1200) (4637e7dd8f91bf8eff6158739d96b9f0) \Device\Harddisk0\DR0\Partition3
19:25:51.0151 4780 \Device\Harddisk0\DR0\Partition3 - ok
19:25:51.0151 4780 ============================================================
19:25:51.0151 4780 Scan finished
19:25:51.0151 4780 ============================================================
19:25:51.0171 5908 Detected object count: 2
19:25:51.0171 5908 Actual detected object count: 2
19:26:22.0371 5908 \Device\Harddisk0\DR0\# - copied to quarantine
19:26:22.0371 5908 \Device\Harddisk0\DR0 - copied to quarantine
19:26:22.0441 5908 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
19:26:22.0451 5908 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
19:26:22.0461 5908 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:26:22.0471 5908 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:26:22.0501 5908 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
19:26:22.0511 5908 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
19:26:22.0521 5908 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
19:26:22.0521 5908 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
19:26:22.0521 5908 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
19:26:22.0531 5908 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
19:26:22.0531 5908 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
19:26:22.0531 5908 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
19:26:22.0571 5908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:26:22.0621 5908 \Device\Harddisk0\DR0 - ok
19:26:23.0111 5908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:26:23.0111 5908 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:26:23.0111 5908 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:26:25.0270 3840 Deinitialize success

#4 hpapres

New Member

Members
3 posts

Posted 29 April 2012 - 08:26 PM

My first post was telling me that it was too long so I had to post the 2nd and 3rd log files in this second post.

THANKS FOR ALL OF YOUR HELP so far MANIAC! It is greatly appreciated.

2) Malwarebytes' Anti-Malware log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.30.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Charles N. Hasek :: MIGUEL-AAH-HP [administrator]
4/29/2012 7:31:01 PM
mbam-log-2012-04-29 (19-31-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 216412
Time elapsed: 3 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)

3) Fresh DDS log file

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Charles N. Hasek at 19:44:37 on 2012-04-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4698 [GMT -5:00]
.
AV: Norton 360 *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5} : DhcpNameServer = 8.8.8.8 8.4.4.4
TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5}\16474777966696 : DhcpNameServer = 184.49.34.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5}\3557E63756470245F65727370223831383 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5}\45451402D4162796E616 : DhcpNameServer = 192.168.1.7
TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5}\54E676C616E646E45647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5}\C4353544F57455543545 : DhcpNameServer = 10.10.1.10 150.199.1.1
TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5}\D656564796E6760227F6F6D60277966696 : DhcpNameServer = 4.2.2.2 4.2.2.3 150.199.1.29
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\coIEPlg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-20 1160824]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120427.001\IDSviA64.sys [2012-4-28 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0601020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-14 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-6-21 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\ccsvchst.exe [2012-4-12 138232]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-12 138360]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\system32\DRIVERS\PTDUBus.sys --> C:\Windows\system32\DRIVERS\PTDUBus.sys [?]
R3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\system32\DRIVERS\PTDUMdm.sys --> C:\Windows\system32\DRIVERS\PTDUMdm.sys [?]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\system32\DRIVERS\PTDUVsp.sys --> C:\Windows\system32\DRIVERS\PTDUVsp.sys [?]
R3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\system32\DRIVERS\PTDUWFLT.sys --> C:\Windows\system32\DRIVERS\PTDUWFLT.sys [?]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\system32\DRIVERS\PTDUWWAN.sys --> C:\Windows\system32\DRIVERS\PTDUWWAN.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-14 13336]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-14 2656280]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-30 00:24:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-17 02:11:29 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\Apple
2012-04-16 17:48:21 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Roaming\Malwarebytes
2012-04-16 17:47:50 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-16 17:47:49 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-16 17:47:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-14 02:35:54 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Roaming\Smith Micro
2012-04-13 00:13:47 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-04-12 22:39:43 738936 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtsp64.sys
2012-04-12 22:39:43 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symds64.sys
2012-04-12 22:39:43 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symnets.sys
2012-04-12 22:39:43 37496 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtspx64.sys
2012-04-12 22:39:43 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\ironx64.sys
2012-04-12 22:39:43 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\ccsetx64.sys
2012-04-12 22:39:43 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symefa64.sys
2012-04-12 22:39:40 -------- d-----w- C:\Windows\System32\drivers\N360x64\0601020.00A
2012-04-12 22:24:53 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-04-12 22:24:53 -------- d-----w- C:\Program Files\Symantec
2012-04-12 22:24:05 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-04-12 21:20:12 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\LogMeIn Rescue Applet
2012-04-12 20:59:50 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\Hewlett-Packard
2012-04-11 04:26:31 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\CyberLink
2012-04-11 04:07:27 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-11 04:07:23 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C92D2B71-5323-42B2-BA11-43E17388C1B0}\mpengine.dll
2012-04-11 03:59:59 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\Hewlett-Packard_Company
2012-04-11 03:58:03 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\Hewlett-Packard_Developme
2012-04-11 03:53:00 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\CrashDumps
2012-04-11 03:34:48 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\Symantec
2012-04-11 03:25:48 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 03:25:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 03:25:48 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 03:25:48 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 03:25:48 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 03:25:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 03:25:48 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-04 02:59:42 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Roaming\Verizon Wireless
2012-04-04 02:58:54 -------- d-----w- C:\ProgramData\WEngineLite
2012-04-04 02:58:54 -------- d-----w- C:\ProgramData\Verizon Wireless
2012-04-04 02:58:54 -------- d-----w- C:\Program Files (x86)\Verizon Wireless
2012-04-04 02:57:07 70672 ----a-w- C:\Windows\System32\drivers\PTDUBus.sys
2012-04-04 02:57:07 173456 ----a-w- C:\Windows\System32\drivers\PTDUVsp.sys
2012-04-04 02:57:07 173456 ----a-w- C:\Windows\System32\drivers\PTDUMdm.sys
2012-04-04 02:57:07 141840 ----a-w- C:\Windows\System32\drivers\PTDUWWAN.sys
2012-04-04 02:57:07 12688 ----a-w- C:\Windows\System32\drivers\PTDUWFLT.sys
2012-04-04 02:57:07 111704 ----a-w- C:\Windows\SysWow64\PTDUWmcp64.dll
2012-04-04 02:57:07 111704 ----a-w- C:\Windows\System32\PTDUWmcp64.dll
2012-04-04 02:57:07 100952 ----a-w- C:\Windows\SysWow64\PTDUWmcp.dll
2012-04-04 02:57:07 100952 ----a-w- C:\Windows\System32\PTDUWmcp.dll
2012-04-04 02:57:07 -------- d-----w- C:\Program Files\PANTECH
.
==================== Find3M ====================
.
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 17:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 19:46:24.07 ===============

#5 Maniac

Forum Deity

Experts
17,454 posts

Gender:Male
Location:Bulgaria, EU

Posted 30 April 2012 - 04:09 AM

Good!

Step 1

Please re-run TDSSKiller and following the same instructions choose Delete option for this one:

19:26:23.0111 5908 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:26:23.0111 5908 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#6 Maurice Naggar

Eradicator de logiciels malveillants

Moderators
13,616 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Posted 08 May 2012 - 10:19 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Maurice Naggar
Consumer Support Specialist