mandre87

svchost.exe trojan.agent

SVCHOST.exe  

  1. 1. Have you had problems with SVChost.exe?

    • Follow this thread
      0
    • Repost your own.
      0

Please sign in or register to vote in this poll.

25 posts in this topic

I have an ASUS laptop running windows 7 ultimate. I noticed my browser (I only use FireFox) slowing significantly, and when I closed my laptop lid to "sleep" it until I used it next, everytime I would turn it back on it would state that windows had shutdown inappropriately/unsafely, and gave me the screen prompting "start windows normally", try "startup repair", etc. I ran norton antivirus and the virus was not caught. I have no previous system restore points to go back to unfortunately.

Malwarebytes was the only thing that caught the trojan. I tried clicking the remove option, and was prompted that I needed to restart my computer to completely delete the trojan. I followed the instructions. On reboot I reran Malwarebytes, but the trojan was still present. I repeated this 2 more times with no luck, the trojan will not stay removed. Here is a picture of my scan results:

What do I do?

Here are the posting requirements:

1) Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 5/27/2011 6:42:18 AM

System Uptime: 3/8/2012 6:22:53 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | N53SV

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 116 GiB total, 14.816 GiB free.

D: is FIXED (NTFS) - 328 GiB total, 327.185 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 4500 G510n-z

Device ID: ROOT\MULTIFUNCTION\0011

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\MULTIFUNCTION\0011

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050 J610 series

Device ID: ROOT\MULTIFUNCTION\0031

Manufacturer: HP

Name: Deskjet 3050 J610 series

PNP Device ID: ROOT\MULTIFUNCTION\0031

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0012

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0012

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart 5510 series

Device ID: ROOT\MULTIFUNCTION\0032

Manufacturer: HP

Name: Photosmart 5510 series

PNP Device ID: ROOT\MULTIFUNCTION\0032

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0013

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0013

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0033

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0033

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A910

Device ID: ROOT\MULTIFUNCTION\0014

Manufacturer: HP

Name: Officejet Pro 8500 A910

PNP Device ID: ROOT\MULTIFUNCTION\0014

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter for 64-bit Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter for 64-bit Windows

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8000 A809

Device ID: ROOT\MULTIFUNCTION\0015

Manufacturer: HP

Name: Officejet Pro 8000 A809

PNP Device ID: ROOT\MULTIFUNCTION\0015

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050 J610 series

Device ID: ROOT\MULTIFUNCTION\0016

Manufacturer: HP

Name: Deskjet 3050 J610 series

PNP Device ID: ROOT\MULTIFUNCTION\0016

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Premium C309g-m

Device ID: ROOT\MULTIFUNCTION\0017

Manufacturer: HP

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\MULTIFUNCTION\0017

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0018

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0018

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 6500 E710n-z

Device ID: ROOT\MULTIFUNCTION\0019

Manufacturer: HP

Name: Officejet 6500 E710n-z

PNP Device ID: ROOT\MULTIFUNCTION\0019

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet Professional P1102w

Device ID: ROOT\MULTIFUNCTION\0020

Manufacturer: Hewlett-Packard

Name: HP LaserJet Professional P1102w

PNP Device ID: ROOT\MULTIFUNCTION\0020

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Envy 100 D410 series

Device ID: ROOT\MULTIFUNCTION\0021

Manufacturer: HP

Name: Envy 100 D410 series

PNP Device ID: ROOT\MULTIFUNCTION\0021

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050 J610 series

Device ID: ROOT\MULTIFUNCTION\0002

Manufacturer: HP

Name: Deskjet 3050 J610 series

PNP Device ID: ROOT\MULTIFUNCTION\0002

Service:

.

Class GUID:

Description: Officejet 6500 E710n-z

Device ID: ROOT\MULTIFUNCTION\0022

Manufacturer:

Name: Officejet 6500 E710n-z

PNP Device ID: ROOT\MULTIFUNCTION\0022

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet Professional P1102w

Device ID: ROOT\MULTIFUNCTION\0003

Manufacturer: Hewlett-Packard

Name: HP LaserJet Professional P1102w

PNP Device ID: ROOT\MULTIFUNCTION\0003

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0023

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0023

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050 J610 series

Device ID: ROOT\MULTIFUNCTION\0004

Manufacturer: HP

Name: Deskjet 3050 J610 series

PNP Device ID: ROOT\MULTIFUNCTION\0004

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Prem C310 series

Device ID: ROOT\MULTIFUNCTION\0024

Manufacturer: HP

Name: Photosmart Prem C310 series

PNP Device ID: ROOT\MULTIFUNCTION\0024

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Plus B210 series

Device ID: ROOT\MULTIFUNCTION\0005

Manufacturer: HP

Name: Photosmart Plus B210 series

PNP Device ID: ROOT\MULTIFUNCTION\0005

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050A J611 series

Device ID: ROOT\MULTIFUNCTION\0025

Manufacturer: HP

Name: Deskjet 3050A J611 series

PNP Device ID: ROOT\MULTIFUNCTION\0025

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0006

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0006

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050 J610 series

Device ID: ROOT\MULTIFUNCTION\0026

Manufacturer: HP

Name: Deskjet 3050 J610 series

PNP Device ID: ROOT\MULTIFUNCTION\0026

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050 J610 series

Device ID: ROOT\MULTIFUNCTION\0007

Manufacturer: HP

Name: Deskjet 3050 J610 series

PNP Device ID: ROOT\MULTIFUNCTION\0007

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050 J610 series

Device ID: ROOT\MULTIFUNCTION\0027

Manufacturer: HP

Name: Deskjet 3050 J610 series

PNP Device ID: ROOT\MULTIFUNCTION\0027

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050 J610 series

Device ID: ROOT\MULTIFUNCTION\0008

Manufacturer: HP

Name: Deskjet 3050 J610 series

PNP Device ID: ROOT\MULTIFUNCTION\0008

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050 J610 series

Device ID: ROOT\MULTIFUNCTION\0028

Manufacturer: HP

Name: Deskjet 3050 J610 series

PNP Device ID: ROOT\MULTIFUNCTION\0028

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050 J610 series

Device ID: ROOT\MULTIFUNCTION\0009

Manufacturer: HP

Name: Deskjet 3050 J610 series

PNP Device ID: ROOT\MULTIFUNCTION\0009

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet 3050 J610 series

Device ID: ROOT\MULTIFUNCTION\0029

Manufacturer: HP

Name: Deskjet 3050 J610 series

PNP Device ID: ROOT\MULTIFUNCTION\0029

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP LaserJet Professional P1102w

Device ID: ROOT\MULTIFUNCTION\0010

Manufacturer: Hewlett-Packard

Name: HP LaserJet Professional P1102w

PNP Device ID: ROOT\MULTIFUNCTION\0010

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Premium C309g-m

Device ID: ROOT\MULTIFUNCTION\0030

Manufacturer: HP

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\MULTIFUNCTION\0030

Service:

.

==== System Restore Points ===================

.

RP120: 3/8/2012 4:43:44 PM - Trojan Infected =(

.

==== Installed Programs ======================

.

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader X (10.1.2)

Adobe Shockwave Player 11.5

Alcor Micro USB Card Reader

Apple Application Support

Apple Software Update

ASUS AI Recovery

ASUS FancyStart

ASUS LifeFrame3

ASUS Splendid Video Enhancement Technology

ASUS Video Magic

ASUS Virtual Camera

ASUS_Screensaver

Atheros WLAN and Bluetooth Client Installation Program

ATK Package

BitTorrent

BufferChm

D3DX10

DAEMON Tools Lite

Destinations

DeviceDiscovery

DocMgr

DocProc

Dropbox

ExpressGate Cloud

Fax

Galeria de Fotografias do Windows Live

Galerie de photos Windows Live

Galería fotográfica de Windows Live

Google Chrome

Google Update Helper

GPBaseService2

High-Definition Video Playback 10

HP Update

HPProductAssistant

HPSSupply

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Java Auto Updater

Java™ 6 Update 26

League of Legends

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 10.0.2 (x86 en-US)

MSVCRT

MSXML 4.0 SP3 Parser (KB973685)

Nero 10 Menu TemplatePack Basic

Nero 10 Movie ThemePack Basic

Nero BackItUp 10

Nero BackItUp 10 Help (CHM)

Nero Burning ROM 10

Nero BurningROM 10 Help (CHM)

Nero BurnRights 10

Nero BurnRights 10 Help (CHM)

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero CoverDesigner 10

Nero CoverDesigner 10 Help (CHM)

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Dolby Files 10

Nero Express 10

Nero Express 10 Help (CHM)

Nero InfoTool 10

Nero InfoTool 10 Help (CHM)

Nero MediaHub 10

Nero MediaHub 10 Help (CHM)

Nero Multimedia Suite 10

Nero Recode 10

Nero Recode 10 Help (CHM)

Nero RescueAgent 10

Nero RescueAgent 10 Help (CHM)

Nero SoundTrax 10

Nero SoundTrax 10 Help (CHM)

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

Nero Vision 10

Nero Vision 10 Help (CHM)

Nero WaveEditor 10

Nero WaveEditor 10 Help (CHM)

Netscape Navigator (9.0.0.6)

Norton Security Suite

Notepad++

PDF Settings CS5

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

RealUpgrade 1.1

SafeConnect

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Skype™ 5.3

SmartWebPrinting

SolutionCenter

SonicMaster

Status

System Requirements Lab

Toolbox

TrayApp

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

VLC media player 1.1.9

WebReg

Windows Live

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinFlash

Wireless Console 3

.

==== Event Viewer Messages From Past Week ========

.

3/8/2012 6:24:27 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

3/8/2012 6:23:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

3/8/2012 6:23:25 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/8/2012 5:38:27 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

3/8/2012 5:38:27 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.

3/8/2012 5:38:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/8/2012 5:38:26 PM, Error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).

3/8/2012 5:37:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

3/8/2012 5:37:16 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/8/2012 5:36:02 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..

3/8/2012 5:36:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/8/2012 4:39:33 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

3/8/2012 1:19:03 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 0, function 0. Please contact your system vendor for technical assistance.

3/8/2012 1:09:19 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/7/2012 2:41:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RON-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{358434BC-67C6-4BBE-BC51-C316E9B5F9A5}. The master browser is stopping or an election is being forced.

3/4/2012 1:04:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

3/3/2012 8:08:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Atheros Bt&Wlan Coex Agent service.

3/2/2012 5:10:49 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

.

==== End Of File ===========================

2) DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Mark at 18:29:12 on 2012-03-08

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4007.1448 [GMT -8:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Windows\system32\RunFDS.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe

C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\taskhost.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\SafeConnect\scManager.sys

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe

C:\Program Files\Rocketfish 2.4GHz Ergo Laser Mouse Driver\ICO.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\SafeConnect\scClient.exe

C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files\Rocketfish 2.4GHz Ergo Laser Mouse Driver\Pelmiced.exe

C:\Windows\AsScrPro.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\rstrui.exe

C:\Windows\system32\wbengine.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\vds.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://asus.msn.com

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [AdobeBridge]

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{338131A1-356A-4E24-A5F4-B75ADF52BFC8} : DhcpNameServer = 192.168.42.129

TCP: Interfaces\{358434BC-67C6-4BBE-BC51-C316E9B5F9A5} : DhcpNameServer = 75.75.75.75 75.75.76.76

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO-X64: Google Dictionary Compression sdch - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\796abxhh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-3-2 1157240]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120307.002\IDSviA64.sys [2012-3-7 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [2011-4-12 151552]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe [2010-11-25 52896]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-12 2009704]

R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-12 2656280]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-15 138360]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-12 135664]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]

.

=============== Created Last 30 ================

.

2012-03-09 02:24:15 20480 ----a-w- C:\Windows\svchost.exe

2012-03-08 08:10:45 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3433.tmp

2012-03-08 08:10:45 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\3413.tmp

2012-03-06 16:22:55 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4557DA22-4D41-4A39-8DD0-FFA7AA5798BC}\mpengine.dll

2012-03-02 06:59:06 -------- d-----w- C:\Riot Games

2012-02-15 18:30:37 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-15 18:30:37 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-15 18:30:35 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-15 18:30:35 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-15 18:30:34 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-15 18:30:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-15 18:30:30 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-15 18:30:30 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-08 03:06:43 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys

2012-02-08 03:06:43 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys

2012-02-08 03:06:43 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys

2012-02-08 03:06:43 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys

2012-02-08 03:06:43 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symnets.sys

2012-02-08 03:06:43 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys

2012-02-08 03:06:25 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502000.00D

.

==================== Find3M ====================

.

2012-03-09 02:23:35 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-17 02:34:17 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 18:31:38.08 ===============

Thank you!

DDS.txt

Attach.txt

Share this post


Link to post
Share on other sites

Also, I keep getting redirected when I use google.

I forgot to include it before, but here is my latest Malwarebytes quick scan log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.09.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mark :: MARK-PC [administrator]

3/9/2012 2:23:03 PM

mbam-log-2012-03-09 (14-23-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205243

Time elapsed: 52 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 5728 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Share this post


Link to post
Share on other sites

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Share this post


Link to post
Share on other sites

While my antivirus, Norton security suite, never detected the virus before, it popped up after I ran the TDSSKiller saying it had found and was now blocking tsk0000 (trojan.gen), tsk0001 (trojan horse), task0003 (Backdoor.Pihar), tsk0005 (Backdoor.Pihar), task0009 (Trojan horse), & tsk0010.dta (Trojan horse).

Here are the results of the TDSS scan:

11:15:58.0718 1636 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39

11:16:00.0719 1636 ============================================================

11:16:00.0719 1636 Current date / time: 2012/03/10 11:16:00.0719

11:16:00.0719 1636 SystemInfo:

11:16:00.0719 1636

11:16:00.0720 1636 OS Version: 6.1.7601 ServicePack: 1.0

11:16:00.0720 1636 Product type: Workstation

11:16:00.0720 1636 ComputerName: MARK-PC

11:16:00.0720 1636 UserName: Mark

11:16:00.0720 1636 Windows directory: C:\Windows

11:16:00.0720 1636 System windows directory: C:\Windows

11:16:00.0720 1636 Running under WOW64

11:16:00.0720 1636 Processor architecture: Intel x64

11:16:00.0720 1636 Number of processors: 8

11:16:00.0720 1636 Page size: 0x1000

11:16:00.0720 1636 Boot type: Normal boot

11:16:00.0720 1636 ============================================================

11:16:01.0722 1636 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:16:01.0728 1636 \Device\Harddisk0\DR0:

11:16:01.0728 1636 MBR used

11:16:01.0728 1636 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0xE8E0909

11:16:01.0741 1636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x113DB000, BlocksNum 0x28FAA800

11:16:01.0829 1636 Initialize success

11:16:01.0829 1636 ============================================================

11:16:25.0945 2264 ============================================================

11:16:25.0945 2264 Scan started

11:16:25.0945 2264 Mode: Manual;

11:16:25.0945 2264 ============================================================

11:16:26.0433 2264 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:16:26.0446 2264 1394ohci - ok

11:16:26.0502 2264 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:16:26.0508 2264 ACPI - ok

11:16:26.0546 2264 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:16:26.0548 2264 AcpiPmi - ok

11:16:26.0625 2264 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

11:16:26.0649 2264 adp94xx - ok

11:16:26.0694 2264 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

11:16:26.0701 2264 adpahci - ok

11:16:26.0743 2264 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

11:16:26.0748 2264 adpu320 - ok

11:16:26.0833 2264 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:16:26.0852 2264 AFD - ok

11:16:26.0904 2264 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:16:26.0908 2264 agp440 - ok

11:16:26.0960 2264 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:16:26.0963 2264 aliide - ok

11:16:26.0998 2264 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:16:27.0001 2264 amdide - ok

11:16:27.0031 2264 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

11:16:27.0035 2264 AmdK8 - ok

11:16:27.0070 2264 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

11:16:27.0073 2264 AmdPPM - ok

11:16:27.0121 2264 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:16:27.0124 2264 amdsata - ok

11:16:27.0158 2264 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

11:16:27.0163 2264 amdsbs - ok

11:16:27.0196 2264 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:16:27.0199 2264 amdxata - ok

11:16:27.0267 2264 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS

11:16:27.0270 2264 AmUStor - ok

11:16:27.0331 2264 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:16:27.0350 2264 AppID - ok

11:16:27.0443 2264 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

11:16:27.0447 2264 arc - ok

11:16:27.0469 2264 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

11:16:27.0471 2264 arcsas - ok

11:16:27.0543 2264 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

11:16:27.0545 2264 ASMMAP64 - ok

11:16:27.0582 2264 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:16:27.0584 2264 AsyncMac - ok

11:16:27.0639 2264 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:16:27.0642 2264 atapi - ok

11:16:27.0707 2264 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys

11:16:27.0718 2264 AthBTPort - ok

11:16:27.0815 2264 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys

11:16:27.0898 2264 athr - ok

11:16:27.0987 2264 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

11:16:27.0990 2264 ATKWMIACPIIO - ok

11:16:28.0217 2264 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

11:16:37.0500 2264 b06bdrv - ok

11:16:37.0583 2264 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:16:37.0603 2264 b57nd60a - ok

11:16:37.0662 2264 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:16:37.0664 2264 Beep - ok

11:16:37.0842 2264 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys

11:16:37.0884 2264 BHDrvx64 - ok

11:16:37.0946 2264 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:16:37.0949 2264 blbdrive - ok

11:16:38.0030 2264 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:16:38.0033 2264 bowser - ok

11:16:38.0069 2264 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

11:16:38.0071 2264 BrFiltLo - ok

11:16:38.0104 2264 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

11:16:38.0107 2264 BrFiltUp - ok

11:16:38.0162 2264 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:16:38.0168 2264 Brserid - ok

11:16:38.0204 2264 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:16:38.0206 2264 BrSerWdm - ok

11:16:38.0228 2264 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:16:38.0230 2264 BrUsbMdm - ok

11:16:38.0253 2264 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:16:38.0254 2264 BrUsbSer - ok

11:16:38.0305 2264 BTATH_A2DP (227c8f308de4af4808e587465ceab838) C:\Windows\system32\drivers\btath_a2dp.sys

11:16:38.0310 2264 BTATH_A2DP - ok

11:16:38.0358 2264 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys

11:16:38.0361 2264 BTATH_BUS - ok

11:16:38.0403 2264 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys

11:16:38.0419 2264 BTATH_HCRP - ok

11:16:38.0468 2264 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys

11:16:38.0471 2264 BTATH_LWFLT - ok

11:16:38.0504 2264 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys

11:16:38.0508 2264 BTATH_RCP - ok

11:16:38.0563 2264 BtFilter (0f4c980b9612abdb25bcabf0c660c058) C:\Windows\system32\DRIVERS\btfilter.sys

11:16:38.0568 2264 BtFilter - ok

11:16:38.0620 2264 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

11:16:38.0623 2264 BthEnum - ok

11:16:38.0677 2264 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

11:16:38.0680 2264 BTHMODEM - ok

11:16:38.0713 2264 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

11:16:38.0716 2264 BthPan - ok

11:16:38.0773 2264 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

11:16:38.0791 2264 BTHPORT - ok

11:16:38.0852 2264 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

11:16:38.0855 2264 BTHUSB - ok

11:16:38.0892 2264 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:16:38.0896 2264 cdfs - ok

11:16:38.0960 2264 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

11:16:38.0974 2264 cdrom - ok

11:16:39.0021 2264 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

11:16:39.0023 2264 circlass - ok

11:16:39.0068 2264 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:16:39.0074 2264 CLFS - ok

11:16:39.0125 2264 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

11:16:39.0127 2264 CmBatt - ok

11:16:39.0156 2264 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:16:39.0158 2264 cmdide - ok

11:16:39.0200 2264 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

11:16:39.0236 2264 CNG - ok

11:16:39.0291 2264 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

11:16:39.0293 2264 Compbatt - ok

11:16:39.0344 2264 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

11:16:39.0347 2264 CompositeBus - ok

11:16:39.0365 2264 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

11:16:39.0383 2264 crcdisk - ok

11:16:39.0425 2264 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

11:16:39.0433 2264 CSC - ok

11:16:39.0495 2264 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

11:16:39.0498 2264 CVirtA - ok

11:16:39.0546 2264 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

11:16:39.0569 2264 CVPNDRVA - ok

11:16:39.0630 2264 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:16:39.0634 2264 DfsC - ok

11:16:39.0674 2264 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:16:39.0676 2264 discache - ok

11:16:39.0708 2264 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

11:16:39.0710 2264 Disk - ok

11:16:39.0744 2264 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

11:16:39.0747 2264 DNE - ok

11:16:39.0813 2264 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

11:16:39.0830 2264 Dot4 - ok

11:16:39.0866 2264 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

11:16:39.0870 2264 Dot4Print - ok

11:16:39.0888 2264 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

11:16:39.0891 2264 dot4usb - ok

11:16:39.0931 2264 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:16:39.0946 2264 drmkaud - ok

11:16:39.0988 2264 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

11:16:39.0993 2264 dtsoftbus01 - ok

11:16:40.0034 2264 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:16:40.0076 2264 DXGKrnl - ok

11:16:40.0142 2264 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

11:16:40.0236 2264 ebdrv - ok

11:16:40.0328 2264 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

11:16:40.0336 2264 eeCtrl - ok

11:16:40.0412 2264 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

11:16:40.0421 2264 elxstor - ok

11:16:40.0458 2264 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

11:16:40.0462 2264 EraserUtilRebootDrv - ok

11:16:40.0498 2264 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:16:40.0501 2264 ErrDev - ok

11:16:40.0556 2264 ETD (05b0dcda418e297a1b4cd8d7b8ade403) C:\Windows\system32\DRIVERS\ETD.sys

11:16:40.0574 2264 ETD - ok

11:16:40.0640 2264 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:16:40.0644 2264 exfat - ok

11:16:40.0678 2264 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:16:40.0682 2264 fastfat - ok

11:16:40.0730 2264 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

11:16:40.0732 2264 fdc - ok

11:16:40.0769 2264 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:16:40.0773 2264 FileInfo - ok

11:16:40.0799 2264 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:16:40.0801 2264 Filetrace - ok

11:16:40.0831 2264 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

11:16:40.0833 2264 flpydisk - ok

11:16:40.0888 2264 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:16:40.0894 2264 FltMgr - ok

11:16:40.0960 2264 FLxHCIc (d0adbcf2a5316d23ef67dfaa02d5d544) C:\Windows\system32\DRIVERS\FLxHCIc.sys

11:16:40.0965 2264 FLxHCIc - ok

11:16:40.0993 2264 FLxHCIh (f9b6db9727ad2f14ecf84e43eb5279f7) C:\Windows\system32\DRIVERS\FLxHCIh.sys

11:16:41.0009 2264 FLxHCIh - ok

11:16:41.0079 2264 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:16:41.0082 2264 FsDepends - ok

11:16:41.0104 2264 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

11:16:41.0106 2264 Fs_Rec - ok

11:16:41.0171 2264 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:16:41.0175 2264 fvevol - ok

11:16:41.0219 2264 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

11:16:41.0222 2264 gagp30kx - ok

11:16:41.0288 2264 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:16:41.0296 2264 GEARAspiWDM - ok

11:16:41.0339 2264 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:16:41.0341 2264 hcw85cir - ok

11:16:41.0396 2264 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

11:16:41.0403 2264 HdAudAddService - ok

11:16:41.0464 2264 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

11:16:41.0467 2264 HDAudBus - ok

11:16:41.0498 2264 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

11:16:41.0513 2264 HidBatt - ok

11:16:41.0550 2264 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

11:16:41.0553 2264 HidBth - ok

11:16:41.0594 2264 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

11:16:41.0597 2264 HidIr - ok

11:16:41.0653 2264 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:16:41.0656 2264 HidUsb - ok

11:16:41.0729 2264 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:16:41.0732 2264 HpSAMD - ok

11:16:41.0808 2264 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:16:41.0828 2264 HTTP - ok

11:16:41.0873 2264 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:16:41.0876 2264 hwpolicy - ok

11:16:41.0951 2264 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

11:16:41.0954 2264 i8042prt - ok

11:16:42.0025 2264 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys

11:16:42.0027 2264 iaStor - ok

11:16:42.0088 2264 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:16:42.0096 2264 iaStorV - ok

11:16:42.0234 2264 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvia64.sys

11:16:42.0242 2264 IDSVia64 - ok

11:16:42.0500 2264 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys

11:16:42.0724 2264 igfx - ok

11:16:42.0778 2264 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

11:16:42.0781 2264 iirsp - ok

11:16:42.0874 2264 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys

11:16:42.0950 2264 IntcAzAudAddService - ok

11:16:43.0019 2264 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

11:16:43.0035 2264 IntcDAud - ok

11:16:43.0080 2264 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:16:43.0083 2264 intelide - ok

11:16:43.0137 2264 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:16:43.0141 2264 intelppm - ok

11:16:43.0212 2264 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:16:43.0215 2264 IpFilterDriver - ok

11:16:43.0266 2264 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:16:43.0269 2264 IPMIDRV - ok

11:16:43.0321 2264 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:16:43.0324 2264 IPNAT - ok

11:16:43.0400 2264 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:16:43.0402 2264 IRENUM - ok

11:16:43.0449 2264 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:16:43.0451 2264 isapnp - ok

11:16:43.0487 2264 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:16:43.0492 2264 iScsiPrt - ok

11:16:43.0537 2264 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

11:16:43.0540 2264 kbdclass - ok

11:16:43.0585 2264 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

11:16:43.0596 2264 kbdhid - ok

11:16:43.0647 2264 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys

11:16:43.0666 2264 kbfiltr - ok

11:16:43.0727 2264 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

11:16:43.0731 2264 KSecDD - ok

11:16:43.0774 2264 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

11:16:43.0779 2264 KSecPkg - ok

11:16:43.0819 2264 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:16:43.0821 2264 ksthunk - ok

11:16:43.0890 2264 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:16:43.0892 2264 lltdio - ok

11:16:43.0980 2264 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

11:16:43.0984 2264 LSI_FC - ok

11:16:44.0024 2264 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

11:16:44.0027 2264 LSI_SAS - ok

11:16:44.0054 2264 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

11:16:44.0069 2264 LSI_SAS2 - ok

11:16:44.0102 2264 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

11:16:44.0104 2264 LSI_SCSI - ok

11:16:44.0146 2264 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:16:44.0150 2264 luafv - ok

11:16:44.0194 2264 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

11:16:44.0197 2264 megasas - ok

11:16:44.0252 2264 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

11:16:44.0257 2264 MegaSR - ok

11:16:44.0300 2264 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

11:16:44.0302 2264 MEIx64 - ok

11:16:44.0326 2264 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:16:44.0327 2264 Modem - ok

11:16:44.0370 2264 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:16:44.0372 2264 monitor - ok

11:16:44.0434 2264 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:16:44.0437 2264 mouclass - ok

11:16:44.0477 2264 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:16:44.0479 2264 mouhid - ok

11:16:44.0546 2264 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:16:44.0550 2264 mountmgr - ok

11:16:44.0595 2264 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:16:44.0600 2264 mpio - ok

11:16:44.0643 2264 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:16:44.0657 2264 mpsdrv - ok

11:16:44.0730 2264 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:16:44.0735 2264 MRxDAV - ok

11:16:44.0786 2264 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:16:44.0802 2264 mrxsmb - ok

11:16:44.0878 2264 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:16:44.0883 2264 mrxsmb10 - ok

11:16:44.0929 2264 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:16:44.0954 2264 mrxsmb20 - ok

11:16:45.0006 2264 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:16:45.0009 2264 msahci - ok

11:16:45.0036 2264 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:16:45.0040 2264 msdsm - ok

11:16:45.0097 2264 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:16:45.0099 2264 Msfs - ok

11:16:45.0132 2264 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:16:45.0135 2264 mshidkmdf - ok

11:16:45.0253 2264 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:16:45.0256 2264 msisadrv - ok

11:16:45.0309 2264 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:16:45.0311 2264 MSKSSRV - ok

11:16:45.0348 2264 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:16:45.0351 2264 MSPCLOCK - ok

11:16:45.0380 2264 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:16:45.0382 2264 MSPQM - ok

11:16:45.0435 2264 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:16:45.0441 2264 MsRPC - ok

11:16:45.0485 2264 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

11:16:45.0487 2264 mssmbios - ok

11:16:45.0547 2264 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:16:45.0565 2264 MSTEE - ok

11:16:45.0639 2264 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

11:16:45.0641 2264 MTConfig - ok

11:16:45.0673 2264 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:16:45.0676 2264 Mup - ok

11:16:45.0764 2264 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:16:45.0789 2264 NativeWifiP - ok

11:16:46.0021 2264 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\ENG64.SYS

11:16:46.0024 2264 NAVENG - ok

11:16:46.0208 2264 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\EX64.SYS

11:16:46.0259 2264 NAVEX15 - ok

11:16:46.0373 2264 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

11:16:46.0399 2264 NDIS - ok

11:16:46.0451 2264 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:16:46.0454 2264 NdisCap - ok

11:16:46.0501 2264 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:16:46.0504 2264 NdisTapi - ok

11:16:46.0551 2264 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:16:46.0554 2264 Ndisuio - ok

11:16:46.0624 2264 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:16:46.0629 2264 NdisWan - ok

11:16:46.0698 2264 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:16:46.0701 2264 NDProxy - ok

11:16:46.0800 2264 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:16:46.0803 2264 NetBIOS - ok

11:16:46.0856 2264 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:16:46.0861 2264 NetBT - ok

11:16:46.0967 2264 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

11:16:46.0980 2264 nfrd960 - ok

11:16:47.0166 2264 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:16:47.0168 2264 Npfs - ok

11:16:47.0198 2264 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:16:47.0200 2264 nsiproxy - ok

11:16:47.0258 2264 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:16:47.0292 2264 Ntfs - ok

11:16:47.0369 2264 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:16:47.0371 2264 Null - ok

11:16:47.0809 2264 nvlddmkm (7328528daf9b8a486e16595a35043db0) C:\Windows\system32\DRIVERS\nvlddmkm.sys

11:16:48.0093 2264 nvlddmkm - ok

11:16:48.0183 2264 nvpciflt (8ae5a124f3b65c3ec531d251a3e9c87f) C:\Windows\system32\DRIVERS\nvpciflt.sys

11:16:48.0186 2264 nvpciflt - ok

11:16:48.0242 2264 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:16:48.0259 2264 nvraid - ok

11:16:48.0299 2264 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:16:48.0302 2264 nvstor - ok

11:16:48.0359 2264 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:16:48.0362 2264 nv_agp - ok

11:16:48.0398 2264 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:16:48.0402 2264 ohci1394 - ok

11:16:48.0440 2264 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:16:48.0451 2264 Parport - ok

11:16:48.0502 2264 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

11:16:48.0505 2264 partmgr - ok

11:16:48.0556 2264 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:16:48.0560 2264 pci - ok

11:16:48.0605 2264 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:16:48.0608 2264 pciide - ok

11:16:48.0641 2264 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

11:16:48.0645 2264 pcmcia - ok

11:16:48.0674 2264 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:16:48.0676 2264 pcw - ok

11:16:48.0718 2264 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:16:48.0726 2264 PEAUTH - ok

11:16:48.0768 2264 pelmouse (7a64358cb01d67dad925d9003f582cbd) C:\Windows\system32\DRIVERS\pelmouse.sys

11:16:48.0770 2264 pelmouse - ok

11:16:48.0795 2264 pelusblf (03980fdaaed3eaf00e4a206f0a632b3d) C:\Windows\system32\DRIVERS\pelusblf.sys

11:16:48.0797 2264 pelusblf - ok

11:16:48.0864 2264 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys

11:16:48.0867 2264 Point64 - ok

11:16:48.0935 2264 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:16:48.0938 2264 PptpMiniport - ok

11:16:48.0974 2264 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

11:16:48.0978 2264 Processor - ok

11:16:49.0040 2264 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:16:49.0043 2264 Psched - ok

11:16:49.0109 2264 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

11:16:49.0143 2264 ql2300 - ok

11:16:49.0179 2264 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

11:16:49.0196 2264 ql40xx - ok

11:16:49.0239 2264 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:16:49.0241 2264 QWAVEdrv - ok

11:16:49.0260 2264 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:16:49.0261 2264 RasAcd - ok

11:16:49.0308 2264 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:16:49.0310 2264 RasAgileVpn - ok

11:16:49.0361 2264 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:16:49.0364 2264 Rasl2tp - ok

11:16:49.0394 2264 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:16:49.0396 2264 RasPppoe - ok

11:16:49.0425 2264 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:16:49.0428 2264 RasSstp - ok

11:16:49.0467 2264 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:16:49.0472 2264 rdbss - ok

11:16:49.0496 2264 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:16:49.0498 2264 rdpbus - ok

11:16:49.0539 2264 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:16:49.0541 2264 RDPCDD - ok

11:16:49.0593 2264 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

11:16:49.0596 2264 RDPDR - ok

11:16:49.0672 2264 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:16:49.0679 2264 RDPENCDD - ok

11:16:49.0838 2264 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:16:49.0839 2264 RDPREFMP - ok

11:16:49.0984 2264 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

11:16:49.0986 2264 RdpVideoMiniport - ok

11:16:50.0032 2264 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

11:16:50.0036 2264 RDPWD - ok

11:16:50.0109 2264 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:16:50.0113 2264 rdyboost - ok

11:16:50.0166 2264 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

11:16:50.0170 2264 RFCOMM - ok

11:16:50.0202 2264 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:16:50.0214 2264 rspndr - ok

11:16:50.0282 2264 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:16:50.0304 2264 RTL8167 - ok

11:16:50.0352 2264 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:16:50.0356 2264 sbp2port - ok

11:16:50.0410 2264 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:16:50.0412 2264 scfilter - ok

11:16:50.0465 2264 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:16:50.0467 2264 secdrv - ok

11:16:50.0516 2264 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:16:50.0519 2264 Serenum - ok

11:16:50.0556 2264 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:16:50.0559 2264 Serial - ok

11:16:50.0605 2264 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

11:16:50.0608 2264 sermouse - ok

11:16:50.0645 2264 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:16:50.0656 2264 sffdisk - ok

11:16:50.0688 2264 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:16:50.0690 2264 sffp_mmc - ok

11:16:50.0719 2264 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:16:50.0722 2264 sffp_sd - ok

11:16:50.0766 2264 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

11:16:50.0769 2264 sfloppy - ok

11:16:50.0804 2264 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys

11:16:50.0807 2264 SiSGbeLH - ok

11:16:50.0828 2264 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

11:16:50.0830 2264 SiSRaid2 - ok

11:16:50.0865 2264 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

11:16:50.0868 2264 SiSRaid4 - ok

11:16:50.0915 2264 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:16:50.0917 2264 Smb - ok

11:16:50.0961 2264 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:16:50.0963 2264 spldr - ok

11:16:51.0058 2264 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS

11:16:51.0075 2264 SRTSP - ok

11:16:51.0115 2264 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS

11:16:51.0128 2264 SRTSPX - ok

11:16:51.0174 2264 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:16:51.0203 2264 srv - ok

11:16:51.0244 2264 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:16:51.0250 2264 srv2 - ok

11:16:51.0288 2264 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:16:51.0305 2264 srvnet - ok

11:16:51.0363 2264 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

11:16:51.0366 2264 stexstor - ok

11:16:51.0415 2264 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

11:16:51.0429 2264 swenum - ok

11:16:51.0535 2264 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS

11:16:51.0569 2264 SymDS - ok

11:16:51.0614 2264 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS

11:16:51.0655 2264 SymEFA - ok

11:16:51.0721 2264 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

11:16:51.0725 2264 SymEvent - ok

11:16:51.0794 2264 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS

11:16:51.0799 2264 SymIRON - ok

11:16:51.0846 2264 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS

11:16:51.0852 2264 SymNetS - ok

11:16:51.0882 2264 Synth3dVsc - ok

11:16:51.0970 2264 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

11:16:52.0028 2264 Tcpip - ok

11:16:52.0118 2264 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

11:16:52.0127 2264 TCPIP6 - ok

11:16:52.0171 2264 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:16:52.0174 2264 tcpipreg - ok

11:16:52.0208 2264 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:16:52.0221 2264 TDPIPE - ok

11:16:52.0414 2264 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

11:16:52.0417 2264 TDTCP - ok

11:16:52.0471 2264 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:16:52.0474 2264 tdx - ok

11:16:52.0517 2264 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

11:16:52.0520 2264 TermDD - ok

11:16:52.0585 2264 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:16:52.0588 2264 tssecsrv - ok

11:16:52.0640 2264 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:16:52.0643 2264 TsUsbFlt - ok

11:16:52.0666 2264 tsusbhub - ok

11:16:52.0722 2264 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:16:52.0725 2264 tunnel - ok

11:16:52.0768 2264 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys

11:16:52.0775 2264 TurboB - ok

11:16:52.0819 2264 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

11:16:52.0823 2264 uagp35 - ok

11:16:52.0875 2264 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:16:52.0881 2264 udfs - ok

11:16:52.0931 2264 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:16:52.0934 2264 uliagpkx - ok

11:16:52.0965 2264 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

11:16:52.0967 2264 umbus - ok

11:16:53.0000 2264 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

11:16:53.0003 2264 UmPass - ok

11:16:53.0048 2264 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:16:53.0051 2264 usbccgp - ok

11:16:53.0080 2264 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:16:53.0083 2264 usbcir - ok

11:16:53.0132 2264 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

11:16:53.0134 2264 usbehci - ok

11:16:53.0185 2264 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:16:53.0191 2264 usbhub - ok

11:16:53.0229 2264 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:16:53.0231 2264 usbohci - ok

11:16:53.0278 2264 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:16:53.0292 2264 usbprint - ok

11:16:53.0340 2264 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

11:16:53.0355 2264 usbscan - ok

11:16:53.0404 2264 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:16:53.0407 2264 USBSTOR - ok

11:16:53.0440 2264 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

11:16:53.0443 2264 usbuhci - ok

11:16:53.0493 2264 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

11:16:53.0496 2264 usbvideo - ok

11:16:53.0530 2264 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys

11:16:53.0555 2264 usb_rndisx - ok

11:16:53.0604 2264 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:16:53.0607 2264 vdrvroot - ok

11:16:53.0649 2264 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:16:53.0652 2264 vga - ok

11:16:53.0683 2264 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:16:53.0685 2264 VgaSave - ok

11:16:53.0714 2264 VGPU - ok

11:16:53.0748 2264 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:16:53.0753 2264 vhdmp - ok

11:16:53.0793 2264 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:16:53.0796 2264 viaide - ok

11:16:53.0837 2264 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:16:53.0841 2264 volmgr - ok

11:16:53.0899 2264 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:16:53.0905 2264 volmgrx - ok

11:16:53.0933 2264 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:16:53.0938 2264 volsnap - ok

11:16:53.0987 2264 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

11:16:53.0991 2264 vsmraid - ok

11:16:54.0038 2264 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:16:54.0041 2264 vwifibus - ok

11:16:54.0072 2264 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:16:54.0074 2264 vwififlt - ok

11:16:54.0120 2264 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

11:16:54.0123 2264 vwifimp - ok

11:16:54.0161 2264 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

11:16:54.0163 2264 WacomPen - ok

11:16:54.0232 2264 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:16:54.0235 2264 WANARP - ok

11:16:54.0239 2264 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:16:54.0240 2264 Wanarpv6 - ok

11:16:54.0287 2264 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

11:16:54.0303 2264 Wd - ok

11:16:54.0346 2264 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:16:54.0363 2264 Wdf01000 - ok

11:16:54.0399 2264 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:16:54.0401 2264 WfpLwf - ok

11:16:54.0469 2264 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

11:16:54.0473 2264 WimFltr - ok

11:16:54.0507 2264 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:16:54.0509 2264 WIMMount - ok

11:16:54.0589 2264 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:16:54.0590 2264 WmiAcpi - ok

11:16:54.0626 2264 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:16:54.0628 2264 ws2ifsl - ok

11:16:54.0686 2264 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

11:16:54.0703 2264 WSDPrintDevice - ok

11:16:54.0758 2264 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:16:54.0760 2264 WudfPf - ok

11:16:54.0795 2264 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:16:54.0800 2264 WUDFRd - ok

11:16:54.0829 2264 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

11:16:54.0861 2264 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

11:16:54.0861 2264 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

11:16:54.0904 2264 Boot (0x1200) (a76b6a2af9815e2e1f641dff1ae32783) \Device\Harddisk0\DR0\Partition0

11:16:54.0906 2264 \Device\Harddisk0\DR0\Partition0 - ok

11:16:54.0923 2264 Boot (0x1200) (7b56c55d99e128770e4ed3809da5f27c) \Device\Harddisk0\DR0\Partition1

11:16:54.0925 2264 \Device\Harddisk0\DR0\Partition1 - ok

11:16:54.0925 2264 ============================================================

11:16:54.0925 2264 Scan finished

11:16:54.0925 2264 ============================================================

11:16:54.0927 2088 Detected object count: 1

11:16:54.0927 2088 Actual detected object count: 1

11:17:12.0379 2088 \Device\Harddisk0\DR0\# - copied to quarantine

11:17:12.0379 2088 \Device\Harddisk0\DR0 - copied to quarantine

11:17:12.0468 2088 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

11:17:12.0471 2088 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

11:17:12.0481 2088 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

11:17:12.0513 2088 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

11:17:12.0548 2088 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

11:17:12.0567 2088 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

11:17:12.0569 2088 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

11:17:12.0571 2088 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

11:17:12.0573 2088 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

11:17:12.0577 2088 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

11:17:12.0581 2088 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

11:17:12.0584 2088 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

11:17:12.0615 2088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

11:17:12.0618 2088 \Device\Harddisk0\DR0 - ok

11:17:12.0619 2088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

Share this post


Link to post
Share on other sites

Your AV only detected this when it was quarantined by TDSSkiller most likely. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Share this post


Link to post
Share on other sites

First off, thank you for all your help so far! I did not get a prompt for the recovery console, but the combofix gets stuck at "Completed Stage_4". I've downloaded/redownloaded/reran it three times. I turned off pretty much everything that my Norton 360 antivirus does.

Suggestions?

Share this post


Link to post
Share on other sites

I got it to work! I'm still getting random problems from the virus: My startup is back to normal, but my wireless adapter is disabled on every startup. I have to turn it off/on again for it to start working. Also, SCVhost.exe still comes up as the most memory using process on my computer.

Here is the log:

ComboFix 12-03-10.02 - Mark 03/10/2012 20:05:43.4.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4007.2286 [GMT -8:00]

Running from: c:\users\Mark\Desktop\ComboFix2.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))

.

.

2012-03-11 04:12 . 2012-03-11 04:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-11 04:12 . 2012-03-11 04:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-10 19:17 . 2012-03-10 19:17 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-10 00:06 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B380895-31F5-4D69-B19F-B63041378905}\mpengine.dll

2012-03-09 16:27 . 2012-03-09 16:27 -------- d-----w- c:\users\Mark\AppData\Local\ElevatedDiagnostics

2012-03-08 08:10 . 2012-03-08 08:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\3433.tmp

2012-03-08 08:10 . 2012-03-08 08:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\3413.tmp

2012-03-02 06:59 . 2012-03-08 23:37 -------- d-----w- C:\Riot Games

2012-02-15 18:30 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 18:30 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-15 18:30 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 18:30 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-15 18:30 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 18:30 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-15 18:30 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 18:30 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-11 04:01 . 2011-05-27 13:42 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-02-23 17:18 . 2011-12-19 18:57 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-12-17 02:34 . 2011-12-17 02:33 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 296088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 51445112]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 135664]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]

R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R4 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]

R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvia64.sys [2012-03-07 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-14 2009704]

S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-09 138360]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 18:58]

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-12 18:58]

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1025305619-3755157546-3709387571-1002Core.job

- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 16:45]

.

2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1025305619-3755157546-3709387571-1002UA.job

- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 16:45]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Mark\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856]

"AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"Mouse Suite 98 Daemon"="c:\program files\Rocketfish 2.4GHz Ergo Laser Mouse Driver\ICO.EXE" [2009-04-23 118272]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-22 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-22 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-22 416024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\796abxhh.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Toolbar-Locked - (no file)

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-10 20:14:03

ComboFix-quarantined-files.txt 2012-03-11 04:14

.

Pre-Run: 15,468,834,816 bytes free

Post-Run: 16,440,680,448 bytes free

.

- - End Of File - - 3D614FF9F3289CF9A09AC25A2B1A7414

Share this post


Link to post
Share on other sites

Can you please rerun TDSSkiller and let me know if it still detects something?

Share this post


Link to post
Share on other sites

Nothing was detected, here is the log:

00:08:17.0026 1372 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39

00:08:18.0335 1372 ============================================================

00:08:18.0335 1372 Current date / time: 2012/03/11 00:08:18.0335

00:08:18.0335 1372 SystemInfo:

00:08:18.0335 1372

00:08:18.0335 1372 OS Version: 6.1.7601 ServicePack: 1.0

00:08:18.0335 1372 Product type: Workstation

00:08:18.0336 1372 ComputerName: MARK-PC

00:08:18.0336 1372 UserName: Mark

00:08:18.0336 1372 Windows directory: C:\Windows

00:08:18.0336 1372 System windows directory: C:\Windows

00:08:18.0336 1372 Running under WOW64

00:08:18.0336 1372 Processor architecture: Intel x64

00:08:18.0336 1372 Number of processors: 8

00:08:18.0336 1372 Page size: 0x1000

00:08:18.0336 1372 Boot type: Normal boot

00:08:18.0336 1372 ============================================================

00:08:19.0040 1372 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

00:08:19.0046 1372 \Device\Harddisk0\DR0:

00:08:19.0046 1372 MBR used

00:08:19.0046 1372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0xE8E0909

00:08:19.0065 1372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x113DB000, BlocksNum 0x28FAA800

00:08:19.0145 1372 Initialize success

00:08:19.0145 1372 ============================================================

00:08:21.0176 2916 ============================================================

00:08:21.0176 2916 Scan started

00:08:21.0176 2916 Mode: Manual;

00:08:21.0176 2916 ============================================================

00:08:23.0666 2916 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

00:08:23.0671 2916 1394ohci - ok

00:08:23.0726 2916 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

00:08:23.0759 2916 ACPI - ok

00:08:23.0803 2916 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

00:08:23.0821 2916 AcpiPmi - ok

00:08:23.0924 2916 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

00:08:23.0944 2916 adp94xx - ok

00:08:23.0993 2916 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

00:08:23.0999 2916 adpahci - ok

00:08:24.0041 2916 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

00:08:24.0046 2916 adpu320 - ok

00:08:24.0132 2916 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

00:08:24.0140 2916 AFD - ok

00:08:24.0186 2916 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

00:08:24.0203 2916 agp440 - ok

00:08:24.0259 2916 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

00:08:24.0271 2916 aliide - ok

00:08:24.0313 2916 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

00:08:24.0316 2916 amdide - ok

00:08:24.0363 2916 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

00:08:24.0379 2916 AmdK8 - ok

00:08:24.0418 2916 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

00:08:24.0421 2916 AmdPPM - ok

00:08:24.0469 2916 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

00:08:24.0472 2916 amdsata - ok

00:08:24.0506 2916 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

00:08:24.0511 2916 amdsbs - ok

00:08:24.0544 2916 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

00:08:24.0546 2916 amdxata - ok

00:08:24.0615 2916 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS

00:08:24.0625 2916 AmUStor - ok

00:08:24.0688 2916 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

00:08:24.0706 2916 AppID - ok

00:08:24.0807 2916 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

00:08:24.0810 2916 arc - ok

00:08:24.0842 2916 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

00:08:24.0846 2916 arcsas - ok

00:08:24.0908 2916 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

00:08:24.0927 2916 ASMMAP64 - ok

00:08:24.0971 2916 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

00:08:24.0973 2916 AsyncMac - ok

00:08:25.0036 2916 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

00:08:25.0054 2916 atapi - ok

00:08:25.0104 2916 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys

00:08:25.0108 2916 AthBTPort - ok

00:08:25.0205 2916 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys

00:08:25.0263 2916 athr - ok

00:08:25.0343 2916 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

00:08:25.0368 2916 ATKWMIACPIIO - ok

00:08:25.0457 2916 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

00:08:25.0490 2916 b06bdrv - ok

00:08:25.0533 2916 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

00:08:25.0538 2916 b57nd60a - ok

00:08:25.0579 2916 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

00:08:25.0591 2916 Beep - ok

00:08:25.0768 2916 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys

00:08:25.0793 2916 BHDrvx64 - ok

00:08:25.0846 2916 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

00:08:25.0849 2916 blbdrive - ok

00:08:25.0930 2916 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

00:08:25.0945 2916 bowser - ok

00:08:25.0986 2916 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

00:08:25.0988 2916 BrFiltLo - ok

00:08:26.0021 2916 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

00:08:26.0023 2916 BrFiltUp - ok

00:08:26.0081 2916 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

00:08:26.0084 2916 BridgeMP - ok

00:08:26.0137 2916 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

00:08:26.0143 2916 Brserid - ok

00:08:26.0178 2916 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

00:08:26.0181 2916 BrSerWdm - ok

00:08:26.0202 2916 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:08:26.0204 2916 BrUsbMdm - ok

00:08:26.0227 2916 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

00:08:26.0229 2916 BrUsbSer - ok

00:08:26.0280 2916 BTATH_A2DP (227c8f308de4af4808e587465ceab838) C:\Windows\system32\drivers\btath_a2dp.sys

00:08:26.0285 2916 BTATH_A2DP - ok

00:08:26.0333 2916 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys

00:08:26.0350 2916 BTATH_BUS - ok

00:08:26.0394 2916 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys

00:08:26.0399 2916 BTATH_HCRP - ok

00:08:26.0443 2916 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys

00:08:26.0446 2916 BTATH_LWFLT - ok

00:08:26.0478 2916 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys

00:08:26.0483 2916 BTATH_RCP - ok

00:08:26.0529 2916 BtFilter (0f4c980b9612abdb25bcabf0c660c058) C:\Windows\system32\DRIVERS\btfilter.sys

00:08:26.0535 2916 BtFilter - ok

00:08:26.0586 2916 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

00:08:26.0603 2916 BthEnum - ok

00:08:26.0759 2916 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

00:08:26.0761 2916 BTHMODEM - ok

00:08:26.0778 2916 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

00:08:26.0782 2916 BthPan - ok

00:08:26.0813 2916 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

00:08:26.0822 2916 BTHPORT - ok

00:08:26.0859 2916 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

00:08:26.0862 2916 BTHUSB - ok

00:08:26.0882 2916 catchme - ok

00:08:26.0908 2916 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

00:08:26.0911 2916 cdfs - ok

00:08:26.0959 2916 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

00:08:26.0973 2916 cdrom - ok

00:08:27.0011 2916 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

00:08:27.0014 2916 circlass - ok

00:08:27.0051 2916 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

00:08:27.0057 2916 CLFS - ok

00:08:27.0141 2916 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

00:08:27.0143 2916 CmBatt - ok

00:08:27.0171 2916 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

00:08:27.0174 2916 cmdide - ok

00:08:27.0222 2916 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

00:08:27.0229 2916 CNG - ok

00:08:27.0257 2916 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

00:08:27.0260 2916 Compbatt - ok

00:08:27.0310 2916 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

00:08:27.0313 2916 CompositeBus - ok

00:08:27.0331 2916 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

00:08:27.0349 2916 crcdisk - ok

00:08:27.0416 2916 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

00:08:27.0424 2916 CSC - ok

00:08:27.0503 2916 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

00:08:27.0505 2916 CVirtA - ok

00:08:27.0562 2916 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

00:08:27.0585 2916 CVPNDRVA - ok

00:08:27.0664 2916 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

00:08:27.0667 2916 DfsC - ok

00:08:27.0707 2916 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

00:08:27.0710 2916 discache - ok

00:08:27.0757 2916 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

00:08:27.0761 2916 Disk - ok

00:08:27.0801 2916 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

00:08:27.0821 2916 DNE - ok

00:08:27.0888 2916 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

00:08:27.0904 2916 Dot4 - ok

00:08:27.0941 2916 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

00:08:27.0943 2916 Dot4Print - ok

00:08:27.0979 2916 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

00:08:27.0982 2916 dot4usb - ok

00:08:28.0022 2916 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

00:08:28.0024 2916 drmkaud - ok

00:08:28.0087 2916 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

00:08:28.0099 2916 dtsoftbus01 - ok

00:08:28.0150 2916 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

00:08:28.0192 2916 DXGKrnl - ok

00:08:28.0274 2916 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

00:08:28.0358 2916 ebdrv - ok

00:08:28.0444 2916 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

00:08:28.0451 2916 eeCtrl - ok

00:08:28.0520 2916 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

00:08:28.0528 2916 elxstor - ok

00:08:28.0565 2916 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

00:08:28.0584 2916 EraserUtilRebootDrv - ok

00:08:28.0630 2916 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

00:08:28.0632 2916 ErrDev - ok

00:08:28.0688 2916 ETD (05b0dcda418e297a1b4cd8d7b8ade403) C:\Windows\system32\DRIVERS\ETD.sys

00:08:28.0706 2916 ETD - ok

00:08:28.0764 2916 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

00:08:28.0775 2916 exfat - ok

00:08:28.0802 2916 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

00:08:28.0806 2916 fastfat - ok

00:08:28.0845 2916 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

00:08:28.0848 2916 fdc - ok

00:08:28.0885 2916 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

00:08:28.0888 2916 FileInfo - ok

00:08:28.0914 2916 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

00:08:28.0917 2916 Filetrace - ok

00:08:28.0946 2916 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

00:08:28.0957 2916 flpydisk - ok

00:08:29.0020 2916 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

00:08:29.0027 2916 FltMgr - ok

00:08:29.0092 2916 FLxHCIc (d0adbcf2a5316d23ef67dfaa02d5d544) C:\Windows\system32\DRIVERS\FLxHCIc.sys

00:08:29.0106 2916 FLxHCIc - ok

00:08:29.0141 2916 FLxHCIh (f9b6db9727ad2f14ecf84e43eb5279f7) C:\Windows\system32\DRIVERS\FLxHCIh.sys

00:08:29.0157 2916 FLxHCIh - ok

00:08:29.0228 2916 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

00:08:29.0231 2916 FsDepends - ok

00:08:29.0253 2916 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

00:08:29.0268 2916 Fs_Rec - ok

00:08:29.0336 2916 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

00:08:29.0341 2916 fvevol - ok

00:08:29.0384 2916 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

00:08:29.0387 2916 gagp30kx - ok

00:08:29.0453 2916 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

00:08:29.0472 2916 GEARAspiWDM - ok

00:08:29.0520 2916 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

00:08:29.0523 2916 hcw85cir - ok

00:08:29.0578 2916 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

00:08:29.0596 2916 HdAudAddService - ok

00:08:29.0646 2916 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

00:08:29.0649 2916 HDAudBus - ok

00:08:29.0679 2916 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

00:08:29.0695 2916 HidBatt - ok

00:08:29.0732 2916 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

00:08:29.0735 2916 HidBth - ok

00:08:29.0775 2916 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

00:08:29.0778 2916 HidIr - ok

00:08:29.0818 2916 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

00:08:29.0821 2916 HidUsb - ok

00:08:29.0894 2916 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

00:08:29.0897 2916 HpSAMD - ok

00:08:29.0973 2916 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

00:08:29.0993 2916 HTTP - ok

00:08:30.0038 2916 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

00:08:30.0055 2916 hwpolicy - ok

00:08:30.0108 2916 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

00:08:30.0111 2916 i8042prt - ok

00:08:30.0165 2916 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys

00:08:30.0167 2916 iaStor - ok

00:08:30.0254 2916 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

00:08:30.0260 2916 iaStorV - ok

00:08:30.0415 2916 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvia64.sys

00:08:30.0422 2916 IDSVia64 - ok

00:08:30.0657 2916 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys

00:08:30.0849 2916 igfx - ok

00:08:30.0910 2916 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

00:08:30.0913 2916 iirsp - ok

00:08:30.0999 2916 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys

00:08:31.0074 2916 IntcAzAudAddService - ok

00:08:31.0142 2916 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

00:08:31.0158 2916 IntcDAud - ok

00:08:31.0203 2916 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

00:08:31.0206 2916 intelide - ok

00:08:31.0245 2916 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

00:08:31.0261 2916 intelppm - ok

00:08:31.0336 2916 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:08:31.0339 2916 IpFilterDriver - ok

00:08:31.0374 2916 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

00:08:31.0377 2916 IPMIDRV - ok

00:08:31.0412 2916 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

00:08:31.0415 2916 IPNAT - ok

00:08:31.0466 2916 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

00:08:31.0468 2916 IRENUM - ok

00:08:31.0499 2916 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

00:08:31.0501 2916 isapnp - ok

00:08:31.0536 2916 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

00:08:31.0542 2916 iScsiPrt - ok

00:08:31.0570 2916 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

00:08:31.0573 2916 kbdclass - ok

00:08:31.0602 2916 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

00:08:31.0613 2916 kbdhid - ok

00:08:31.0672 2916 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys

00:08:31.0691 2916 kbfiltr - ok

00:08:31.0752 2916 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

00:08:31.0766 2916 KSecDD - ok

00:08:31.0824 2916 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

00:08:31.0828 2916 KSecPkg - ok

00:08:31.0869 2916 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

00:08:31.0871 2916 ksthunk - ok

00:08:31.0923 2916 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

00:08:31.0926 2916 lltdio - ok

00:08:31.0988 2916 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

00:08:31.0992 2916 LSI_FC - ok

00:08:32.0033 2916 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

00:08:32.0036 2916 LSI_SAS - ok

00:08:32.0062 2916 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

00:08:32.0077 2916 LSI_SAS2 - ok

00:08:32.0110 2916 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

00:08:32.0113 2916 LSI_SCSI - ok

00:08:32.0146 2916 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

00:08:32.0150 2916 luafv - ok

00:08:32.0178 2916 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

00:08:32.0180 2916 megasas - ok

00:08:32.0219 2916 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

00:08:32.0224 2916 MegaSR - ok

00:08:32.0259 2916 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

00:08:32.0262 2916 MEIx64 - ok

00:08:32.0284 2916 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

00:08:32.0286 2916 Modem - ok

00:08:32.0313 2916 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

00:08:32.0315 2916 monitor - ok

00:08:32.0352 2916 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

00:08:32.0355 2916 mouclass - ok

00:08:32.0386 2916 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

00:08:32.0389 2916 mouhid - ok

00:08:32.0430 2916 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

00:08:32.0433 2916 mountmgr - ok

00:08:32.0471 2916 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

00:08:32.0476 2916 mpio - ok

00:08:32.0503 2916 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

00:08:32.0517 2916 mpsdrv - ok

00:08:32.0574 2916 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

00:08:32.0578 2916 MRxDAV - ok

00:08:32.0629 2916 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:08:32.0646 2916 mrxsmb - ok

00:08:32.0688 2916 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:08:32.0694 2916 mrxsmb10 - ok

00:08:32.0723 2916 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:08:32.0727 2916 mrxsmb20 - ok

00:08:32.0767 2916 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

00:08:32.0769 2916 msahci - ok

00:08:32.0805 2916 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

00:08:32.0809 2916 msdsm - ok

00:08:32.0858 2916 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

00:08:32.0860 2916 Msfs - ok

00:08:32.0893 2916 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

00:08:32.0896 2916 mshidkmdf - ok

00:08:32.0939 2916 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

00:08:32.0942 2916 msisadrv - ok

00:08:32.0979 2916 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

00:08:32.0981 2916 MSKSSRV - ok

00:08:33.0035 2916 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

00:08:33.0037 2916 MSPCLOCK - ok

00:08:33.0067 2916 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

00:08:33.0069 2916 MSPQM - ok

00:08:33.0122 2916 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

00:08:33.0128 2916 MsRPC - ok

00:08:33.0155 2916 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

00:08:33.0158 2916 mssmbios - ok

00:08:33.0184 2916 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

00:08:33.0202 2916 MSTEE - ok

00:08:33.0233 2916 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

00:08:33.0234 2916 MTConfig - ok

00:08:33.0269 2916 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

00:08:33.0272 2916 Mup - ok

00:08:33.0335 2916 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

00:08:33.0349 2916 NativeWifiP - ok

00:08:33.0542 2916 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\ENG64.SYS

00:08:33.0546 2916 NAVENG - ok

00:08:33.0606 2916 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\EX64.SYS

00:08:33.0658 2916 NAVEX15 - ok

00:08:33.0780 2916 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

00:08:33.0800 2916 NDIS - ok

00:08:33.0841 2916 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

00:08:33.0843 2916 NdisCap - ok

00:08:33.0883 2916 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

00:08:33.0885 2916 NdisTapi - ok

00:08:33.0924 2916 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

00:08:33.0943 2916 Ndisuio - ok

00:08:33.0997 2916 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

00:08:34.0002 2916 NdisWan - ok

00:08:34.0046 2916 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

00:08:34.0049 2916 NDProxy - ok

00:08:34.0099 2916 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

00:08:34.0102 2916 NetBIOS - ok

00:08:34.0154 2916 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

00:08:34.0168 2916 NetBT - ok

00:08:34.0223 2916 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

00:08:34.0245 2916 nfrd960 - ok

00:08:34.0307 2916 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

00:08:34.0309 2916 Npfs - ok

00:08:34.0339 2916 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

00:08:34.0341 2916 nsiproxy - ok

00:08:34.0399 2916 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

00:08:34.0450 2916 Ntfs - ok

00:08:34.0477 2916 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

00:08:34.0479 2916 Null - ok

00:08:34.0745 2916 nvlddmkm (7328528daf9b8a486e16595a35043db0) C:\Windows\system32\DRIVERS\nvlddmkm.sys

00:08:34.0980 2916 nvlddmkm - ok

00:08:35.0028 2916 nvpciflt (8ae5a124f3b65c3ec531d251a3e9c87f) C:\Windows\system32\DRIVERS\nvpciflt.sys

00:08:35.0046 2916 nvpciflt - ok

00:08:35.0110 2916 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

00:08:35.0115 2916 nvraid - ok

00:08:35.0159 2916 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

00:08:35.0164 2916 nvstor - ok

00:08:35.0277 2916 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

00:08:35.0280 2916 nv_agp - ok

00:08:35.0317 2916 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

00:08:35.0320 2916 ohci1394 - ok

00:08:35.0366 2916 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

00:08:35.0378 2916 Parport - ok

00:08:35.0429 2916 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

00:08:35.0432 2916 partmgr - ok

00:08:35.0474 2916 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

00:08:35.0479 2916 pci - ok

00:08:35.0531 2916 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

00:08:35.0534 2916 pciide - ok

00:08:35.0568 2916 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

00:08:35.0573 2916 pcmcia - ok

00:08:35.0600 2916 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

00:08:35.0603 2916 pcw - ok

00:08:35.0644 2916 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

00:08:35.0653 2916 PEAUTH - ok

00:08:35.0694 2916 pelmouse (7a64358cb01d67dad925d9003f582cbd) C:\Windows\system32\DRIVERS\pelmouse.sys

00:08:35.0697 2916 pelmouse - ok

00:08:35.0722 2916 pelusblf (03980fdaaed3eaf00e4a206f0a632b3d) C:\Windows\system32\DRIVERS\pelusblf.sys

00:08:35.0724 2916 pelusblf - ok

00:08:35.0807 2916 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys

00:08:35.0810 2916 Point64 - ok

00:08:35.0878 2916 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

00:08:35.0912 2916 PptpMiniport - ok

00:08:35.0950 2916 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

00:08:35.0953 2916 Processor - ok

00:08:36.0008 2916 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

00:08:36.0011 2916 Psched - ok

00:08:36.0077 2916 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

00:08:36.0111 2916 ql2300 - ok

00:08:36.0147 2916 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

00:08:36.0164 2916 ql40xx - ok

00:08:36.0206 2916 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

00:08:36.0209 2916 QWAVEdrv - ok

00:08:36.0245 2916 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

00:08:36.0246 2916 RasAcd - ok

00:08:36.0300 2916 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:08:36.0303 2916 RasAgileVpn - ok

00:08:36.0353 2916 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:08:36.0357 2916 Rasl2tp - ok

00:08:36.0386 2916 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

00:08:36.0389 2916 RasPppoe - ok

00:08:36.0418 2916 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

00:08:36.0421 2916 RasSstp - ok

00:08:36.0460 2916 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

00:08:36.0466 2916 rdbss - ok

00:08:36.0488 2916 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

00:08:36.0491 2916 rdpbus - ok

00:08:36.0524 2916 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:08:36.0534 2916 RDPCDD - ok

00:08:36.0584 2916 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

00:08:36.0598 2916 RDPDR - ok

00:08:36.0632 2916 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

00:08:36.0634 2916 RDPENCDD - ok

00:08:36.0660 2916 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

00:08:36.0663 2916 RDPREFMP - ok

00:08:36.0737 2916 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

00:08:36.0739 2916 RdpVideoMiniport - ok

00:08:36.0786 2916 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

00:08:36.0790 2916 RDPWD - ok

00:08:36.0829 2916 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

00:08:36.0834 2916 rdyboost - ok

00:08:36.0878 2916 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

00:08:36.0882 2916 RFCOMM - ok

00:08:36.0914 2916 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

00:08:36.0929 2916 rspndr - ok

00:08:36.0986 2916 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys

00:08:37.0008 2916 RTL8167 - ok

00:08:37.0056 2916 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

00:08:37.0060 2916 sbp2port - ok

00:08:37.0114 2916 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

00:08:37.0116 2916 scfilter - ok

00:08:37.0177 2916 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

00:08:37.0180 2916 secdrv - ok

00:08:37.0228 2916 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

00:08:37.0231 2916 Serenum - ok

00:08:37.0268 2916 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

00:08:37.0270 2916 Serial - ok

00:08:37.0317 2916 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

00:08:37.0320 2916 sermouse - ok

00:08:37.0357 2916 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

00:08:37.0368 2916 sffdisk - ok

00:08:37.0400 2916 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

00:08:37.0402 2916 sffp_mmc - ok

00:08:37.0431 2916 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

00:08:37.0434 2916 sffp_sd - ok

00:08:37.0469 2916 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

00:08:37.0482 2916 sfloppy - ok

00:08:37.0557 2916 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys

00:08:37.0560 2916 SiSGbeLH - ok

00:08:37.0590 2916 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

00:08:37.0591 2916 SiSRaid2 - ok

00:08:37.0626 2916 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

00:08:37.0629 2916 SiSRaid4 - ok

00:08:37.0668 2916 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

00:08:37.0671 2916 Smb - ok

00:08:37.0714 2916 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

00:08:37.0717 2916 spldr - ok

00:08:37.0844 2916 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS

00:08:37.0861 2916 SRTSP - ok

00:08:37.0893 2916 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS

00:08:37.0895 2916 SRTSPX - ok

00:08:37.0944 2916 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

00:08:37.0973 2916 srv - ok

00:08:38.0014 2916 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

00:08:38.0021 2916 srv2 - ok

00:08:38.0067 2916 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

00:08:38.0071 2916 srvnet - ok

00:08:38.0124 2916 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

00:08:38.0127 2916 stexstor - ok

00:08:38.0177 2916 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

00:08:38.0180 2916 swenum - ok

00:08:38.0281 2916 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS

00:08:38.0289 2916 SymDS - ok

00:08:38.0326 2916 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS

00:08:38.0351 2916 SymEFA - ok

00:08:38.0409 2916 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

00:08:38.0413 2916 SymEvent - ok

00:08:38.0506 2916 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS

00:08:38.0511 2916 SymIRON - ok

00:08:38.0566 2916 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS

00:08:38.0573 2916 SymNetS - ok

00:08:38.0603 2916 Synth3dVsc - ok

00:08:38.0699 2916 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

00:08:38.0757 2916 Tcpip - ok

00:08:38.0814 2916 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

00:08:38.0823 2916 TCPIP6 - ok

00:08:38.0883 2916 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

00:08:38.0900 2916 tcpipreg - ok

00:08:38.0961 2916 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

00:08:38.0974 2916 TDPIPE - ok

00:08:39.0013 2916 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

00:08:39.0016 2916 TDTCP - ok

00:08:39.0076 2916 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

00:08:39.0079 2916 tdx - ok

00:08:39.0114 2916 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

00:08:39.0116 2916 TermDD - ok

00:08:39.0182 2916 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:08:39.0184 2916 tssecsrv - ok

00:08:39.0236 2916 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

00:08:39.0239 2916 TsUsbFlt - ok

00:08:39.0263 2916 tsusbhub - ok

00:08:39.0319 2916 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

00:08:39.0322 2916 tunnel - ok

00:08:39.0365 2916 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys

00:08:39.0374 2916 TurboB - ok

00:08:39.0415 2916 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

00:08:39.0418 2916 uagp35 - ok

00:08:39.0480 2916 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

00:08:39.0486 2916 udfs - ok

00:08:39.0643 2916 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

00:08:39.0648 2916 uliagpkx - ok

00:08:39.0743 2916 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

00:08:39.0746 2916 umbus - ok

00:08:39.0787 2916 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

00:08:39.0789 2916 UmPass - ok

00:08:39.0842 2916 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

00:08:39.0845 2916 usbccgp - ok

00:08:39.0883 2916 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

00:08:39.0886 2916 usbcir - ok

00:08:39.0926 2916 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

00:08:39.0929 2916 usbehci - ok

00:08:39.0971 2916 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

00:08:39.0977 2916 usbhub - ok

00:08:40.0015 2916 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

00:08:40.0018 2916 usbohci - ok

00:08:40.0073 2916 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

00:08:40.0086 2916 usbprint - ok

00:08:40.0134 2916 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

00:08:40.0137 2916 usbscan - ok

00:08:40.0182 2916 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:08:40.0185 2916 USBSTOR - ok

00:08:40.0226 2916 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

00:08:40.0239 2916 usbuhci - ok

00:08:40.0296 2916 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

00:08:40.0301 2916 usbvideo - ok

00:08:40.0349 2916 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys

00:08:40.0358 2916 usb_rndisx - ok

00:08:40.0407 2916 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

00:08:40.0410 2916 vdrvroot - ok

00:08:40.0460 2916 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

00:08:40.0463 2916 vga - ok

00:08:40.0494 2916 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

00:08:40.0497 2916 VgaSave - ok

00:08:40.0533 2916 VGPU - ok

00:08:40.0576 2916 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

00:08:40.0581 2916 vhdmp - ok

00:08:40.0629 2916 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

00:08:40.0632 2916 viaide - ok

00:08:40.0665 2916 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

00:08:40.0668 2916 volmgr - ok

00:08:40.0727 2916 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

00:08:40.0743 2916 volmgrx - ok

00:08:40.0791 2916 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

00:08:40.0796 2916 volsnap - ok

00:08:40.0848 2916 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

00:08:40.0853 2916 vsmraid - ok

00:08:40.0891 2916 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

00:08:40.0893 2916 vwifibus - ok

00:08:40.0924 2916 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

00:08:40.0928 2916 vwififlt - ok

00:08:40.0972 2916 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

00:08:40.0975 2916 vwifimp - ok

00:08:41.0013 2916 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

00:08:41.0016 2916 WacomPen - ok

00:08:41.0076 2916 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:08:41.0079 2916 WANARP - ok

00:08:41.0083 2916 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:08:41.0083 2916 Wanarpv6 - ok

00:08:41.0156 2916 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

00:08:41.0171 2916 Wd - ok

00:08:41.0215 2916 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

00:08:41.0231 2916 Wdf01000 - ok

00:08:41.0293 2916 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

00:08:41.0295 2916 WfpLwf - ok

00:08:41.0355 2916 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

00:08:41.0368 2916 WimFltr - ok

00:08:41.0433 2916 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

00:08:41.0436 2916 WIMMount - ok

00:08:41.0499 2916 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

00:08:41.0501 2916 WmiAcpi - ok

00:08:41.0585 2916 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

00:08:41.0588 2916 ws2ifsl - ok

00:08:41.0654 2916 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

00:08:41.0671 2916 WSDPrintDevice - ok

00:08:41.0742 2916 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

00:08:41.0745 2916 WudfPf - ok

00:08:41.0780 2916 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:08:41.0784 2916 WUDFRd - ok

00:08:41.0821 2916 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

00:08:41.0889 2916 \Device\Harddisk0\DR0 - ok

00:08:41.0897 2916 Boot (0x1200) (a76b6a2af9815e2e1f641dff1ae32783) \Device\Harddisk0\DR0\Partition0

00:08:41.0899 2916 \Device\Harddisk0\DR0\Partition0 - ok

00:08:41.0915 2916 Boot (0x1200) (7b56c55d99e128770e4ed3809da5f27c) \Device\Harddisk0\DR0\Partition1

00:08:41.0917 2916 \Device\Harddisk0\DR0\Partition1 - ok

00:08:41.0918 2916 ============================================================

00:08:41.0918 2916 Scan finished

00:08:41.0918 2916 ============================================================

00:08:41.0924 3636 Detected object count: 0

00:08:41.0924 3636 Actual detected object count: 0

Share this post


Link to post
Share on other sites

Is your Norton antivirus working correctly at this point? I see some evidence it might not.

Share this post


Link to post
Share on other sites

Thank you again for all the help!!

The security suite shows that everything is "secure". Norton's "quick scan" runs when I try it and only catches tracking cookies. As far as I know it seems to be working. Should SVChost.exe be taking up as much memory as firefox to run? I have many different processes of SVChost.exe running, but one of them is taking up 130,000K memory (from windows task manager).

Share this post


Link to post
Share on other sites

It depends. SVChost can be used by many different programs. Can you boot in Safe Mode with networking and let me know if you have the same problem there?

Share this post


Link to post
Share on other sites

After booting in safe mode with networking the svchost.exe is only taking up 10,000K (vs. the 130,000K when I boot normally).

Share this post


Link to post
Share on other sites

Can you do a clean boot and see if you can determine which program causes the svchost.exe usage? (you can enable all disabled applications at a time).

Share this post


Link to post
Share on other sites

So I disabled all startup items and all non-microsoft services, but after rebooting, svchost.exe was still running at about 110,000K

Share this post


Link to post
Share on other sites

In that case it is a Windows component causing this. Can you monitor if this is a constant load (the usage doesn't change) or if it occurs in spikes?

Share this post


Link to post
Share on other sites

It's pretty constant, staying around 120,000K now for the last 20 minutes or so.

Share this post


Link to post
Share on other sites

Is this causing actual slowness or does the computer run normally nevertheless?

Share this post


Link to post
Share on other sites

The computer is running pretty much normally now, although the browser may be a bit slow. I never noticed the SVChost.exe this much memory before, but in terms of function, the computer is much better after all the help you've given me. Thank you again!

Share this post


Link to post
Share on other sites

I'm glad to hear that! :)

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Share this post


Link to post
Share on other sites

Done on the Java install, here is the log:

C:\ProgramData\Microsoft\Windows\DRM\3413.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\ProgramData\Microsoft\Windows\DRM\3433.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\10.03.2012_11.16.00\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AYH trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\10.03.2012_11.16.00\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KB trojan cleaned by deleting - quarantined

Share this post


Link to post
Share on other sites

Hi again,

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Share this post


Link to post
Share on other sites

You are most welcome! :)

I will request this topic to be closed.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.