ctruong333

Please Help!: svchost.exe trojan.agent

10 posts in this topic

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Christopher at 0:30:14 on 2012-04-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2460 [GMT -6:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\SearchIndexer.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://pinterest.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

uRun: [spotify] "C:\Users\Christopher\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [<NO NAME>]

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{4FED689D-5C51-40CF-8D2E-975D769E3A13} : DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{4FED689D-5C51-40CF-8D2E-975D769E3A13}\D4A49413 : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [(Default)]

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [2011-11-1 1155704]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111104.030\IDSviA64.sys [2011-11-5 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-2-28 354304]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-5-13 514232]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-20 1751656]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-9 654408]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-8 136824]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe" --> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [?]

S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe --> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 253600]

S3 hpCMSrv;HP Connection Manager 4.0 Service;"C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [?]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-14 04:08:31 20480 ----a-w- C:\Windows\svchost.exe

2012-04-14 02:49:13 108544 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\18BF.tmp.dat

2012-04-14 01:13:18 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6EE35358-54FE-4E77-84A4-1EC9F6EE832E}\mpengine.dll

2012-04-13 02:47:38 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-04-11 18:25:15 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-11 18:25:14 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-11 18:25:14 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-11 18:25:09 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-11 18:25:09 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-11 18:25:09 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-11 18:25:09 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-09 05:04:38 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-09 04:51:59 -------- d-----w- C:\Users\Christopher\AppData\Roaming\Malwarebytes

2012-04-09 04:51:50 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-09 04:51:50 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-09 04:51:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-04 00:38:05 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symefa64.sys

2012-04-04 00:38:05 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\srtsp64.sys

2012-04-04 00:38:05 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symds64.sys

2012-04-04 00:38:05 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\srtspx64.sys

2012-04-04 00:38:05 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\symnets.sys

2012-04-04 00:38:05 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207010.003\ironx64.sys

2012-04-04 00:37:56 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207010.003

.

==================== Find3M ====================

.

2012-04-09 05:04:38 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

============= FINISH: 0:31:16.10 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/7/2011 12:06:34 AM

System Uptime: 4/13/2012 11:56:57 PM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 1664

Processor: AMD Phenom II P960 Quad-Core Processor | Socket S1G4 | 792/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 452 GiB total, 406.764 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.512 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP60: 2/29/2012 6:48:29 AM - Windows Update

RP61: 3/7/2012 7:00:21 PM - Installed Compatibility Pack for the 2007 Office system

RP63: 3/9/2012 6:21:10 AM - Windows Update

RP64: 3/14/2012 3:00:16 AM - Windows Update

RP65: 3/21/2012 7:40:20 PM - Scheduled Checkpoint

RP66: 4/2/2012 7:40:00 AM - Scheduled Checkpoint

RP67: 4/7/2012 2:03:32 PM - Windows Update

RP68: 4/8/2012 4:32:41 AM - Windows Update

RP69: 4/11/2012 12:23:46 PM - Windows Update

RP70: 4/11/2012 12:55:49 PM - Windows Update

RP71: 4/12/2012 6:20:02 AM - Windows Update

RP72: 4/12/2012 12:26:25 PM - Windows Update

RP73: 4/13/2012 6:39:34 AM - Windows Update

RP74: 4/13/2012 11:36:23 PM - Windows Update

.

==== Installed Programs ======================

.

Add or Remove Adobe Creative Suite 3 Master Collection

Adobe Acrobat 8 Professional

Adobe Acrobat 8.1.3 Professional

Adobe After Effects CS3 Presets

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Creative Suite 3 Master Collection

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash CS3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 9 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader X MUI

Adobe Setup

Adobe Shockwave Player 11.5

Adobe SING CS3

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Video Profiles

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

AHV content for Acrobat and Flash

Apple Application Support

Apple Software Update

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

CyberLink YouCam

Dropbox

Evernote v. 4.2.2

HP Connection Manager

HP On Screen Display

HP Quick Launch

HP Setup

HP Setup Manager

HP Software Framework

IDT Audio

Java Auto Updater

Java 6 Update 24

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton Internet Security

PDF Settings

PlayReady PC Runtime x86

QuickTime

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

REALTEK Wireless LAN Driver

RoxioNow Player

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Skype Click to Call

Skype™ 5.5

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live Mesh ActiveX Control for Remote Connections

.

==== Event Viewer Messages From Past Week ========

.

4/9/2012 9:12:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

4/9/2012 9:12:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

4/9/2012 9:11:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

4/9/2012 9:11:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

4/9/2012 9:10:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

4/9/2012 9:10:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

4/9/2012 9:09:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

4/9/2012 9:08:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

4/9/2012 9:08:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

4/9/2012 9:07:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

4/9/2012 9:05:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

4/8/2012 4:27:23 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/8/2012 4:27:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/8/2012 4:27:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/8/2012 4:27:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf

4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/8/2012 4:26:58 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/8/2012 4:24:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD FUEL Service service.

4/8/2012 11:57:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

4/13/2012 12:07:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

4/13/2012 11:59:38 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.

4/13/2012 11:57:27 PM, Error: Service Control Manager [7000] - The HPWMISVC service failed to start due to the following error: The system cannot find the file specified.

4/13/2012 11:57:27 PM, Error: Service Control Manager [7000] - The HP Quick Synchronization Service service failed to start due to the following error: The system cannot find the file specified.

4/13/2012 11:38:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/13/2012 11:38:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/13/2012 11:38:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/13/2012 11:38:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/13/2012 11:38:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6

4/13/2012 11:36:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).

4/11/2012 7:49:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Share this post


Link to post
Share on other sites

11:44:34.0079 5140 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

11:44:34.0625 5140 ============================================================

11:44:34.0625 5140 Current date / time: 2012/04/15 11:44:34.0625

11:44:34.0625 5140 SystemInfo:

11:44:34.0625 5140

11:44:34.0625 5140 OS Version: 6.1.7601 ServicePack: 1.0

11:44:34.0625 5140 Product type: Workstation

11:44:34.0626 5140 ComputerName: CHRISTOPHER-NB

11:44:34.0626 5140 UserName: Christopher

11:44:34.0626 5140 Windows directory: C:\Windows

11:44:34.0626 5140 System windows directory: C:\Windows

11:44:34.0626 5140 Running under WOW64

11:44:34.0626 5140 Processor architecture: Intel x64

11:44:34.0626 5140 Number of processors: 4

11:44:34.0626 5140 Page size: 0x1000

11:44:34.0626 5140 Boot type: Normal boot

11:44:34.0626 5140 ============================================================

11:44:35.0700 5140 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:44:35.0707 5140 \Device\Harddisk0\DR0:

11:44:35.0707 5140 MBR used

11:44:35.0707 5140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

11:44:35.0707 5140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x387E9800

11:44:35.0707 5140 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3884D800, BlocksNum 0x1B04800

11:44:35.0707 5140 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830

11:44:35.0811 5140 Initialize success

11:44:35.0811 5140 ============================================================

11:45:02.0341 5088 ============================================================

11:45:02.0341 5088 Scan started

11:45:02.0342 5088 Mode: Manual;

11:45:02.0342 5088 ============================================================

11:45:04.0787 5088 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:45:04.0793 5088 1394ohci - ok

11:45:04.0868 5088 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:45:04.0872 5088 ACPI - ok

11:45:04.0982 5088 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:45:04.0993 5088 AcpiPmi - ok

11:45:05.0360 5088 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

11:45:05.0364 5088 AdobeFlashPlayerUpdateSvc - ok

11:45:05.0475 5088 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

11:45:05.0486 5088 adp94xx - ok

11:45:05.0544 5088 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

11:45:05.0552 5088 adpahci - ok

11:45:05.0647 5088 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

11:45:05.0653 5088 adpu320 - ok

11:45:05.0710 5088 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:45:05.0713 5088 AeLookupSvc - ok

11:45:05.0807 5088 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:45:05.0818 5088 AFD - ok

11:45:05.0922 5088 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:45:05.0925 5088 agp440 - ok

11:45:05.0967 5088 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:45:05.0970 5088 ALG - ok

11:45:06.0116 5088 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:45:06.0119 5088 aliide - ok

11:45:06.0334 5088 AMD External Events Utility (7842f4961f28022a881f85bb7494ac6d) C:\Windows\system32\atiesrxx.exe

11:45:06.0340 5088 AMD External Events Utility - ok

11:45:06.0406 5088 AMD FUEL Service - ok

11:45:06.0468 5088 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

11:45:06.0473 5088 AMD Reservation Manager - ok

11:45:06.0582 5088 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:45:06.0584 5088 amdide - ok

11:45:06.0727 5088 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

11:45:06.0730 5088 amdiox64 - ok

11:45:06.0830 5088 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

11:45:06.0833 5088 AmdK8 - ok

11:45:07.0154 5088 amdkmdag (cf5fc8d37f10c9c374ae6d990c9d2cd7) C:\Windows\system32\DRIVERS\atikmdag.sys

11:45:07.0348 5088 amdkmdag - ok

11:45:07.0477 5088 amdkmdap (2bd89cb34b67edc64e741aa3864d8c1a) C:\Windows\system32\DRIVERS\atikmpag.sys

11:45:07.0483 5088 amdkmdap - ok

11:45:07.0573 5088 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

11:45:07.0575 5088 AmdPPM - ok

11:45:07.0661 5088 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:45:07.0664 5088 amdsata - ok

11:45:07.0766 5088 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

11:45:07.0770 5088 amdsbs - ok

11:45:07.0871 5088 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:45:07.0873 5088 amdxata - ok

11:45:07.0914 5088 amd_sata (6363014d5e4ccd280fb4902ec3c2ccfe) C:\Windows\system32\DRIVERS\amd_sata.sys

11:45:07.0916 5088 amd_sata - ok

11:45:07.0972 5088 amd_xata (51a5aed2a4cceda6addcf3194c9b29eb) C:\Windows\system32\DRIVERS\amd_xata.sys

11:45:07.0974 5088 amd_xata - ok

11:45:08.0017 5088 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:45:08.0020 5088 AppID - ok

11:45:08.0086 5088 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:45:08.0089 5088 AppIDSvc - ok

11:45:08.0114 5088 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

11:45:08.0117 5088 Appinfo - ok

11:45:08.0168 5088 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

11:45:08.0170 5088 arc - ok

11:45:08.0226 5088 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

11:45:08.0230 5088 arcsas - ok

11:45:08.0288 5088 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:45:08.0289 5088 AsyncMac - ok

11:45:08.0362 5088 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:45:08.0366 5088 atapi - ok

11:45:08.0472 5088 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

11:45:08.0474 5088 AtiHdmiService - ok

11:45:08.0619 5088 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys

11:45:08.0620 5088 AtiPcie - ok

11:45:08.0716 5088 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:45:08.0725 5088 AudioEndpointBuilder - ok

11:45:08.0745 5088 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:45:08.0756 5088 AudioSrv - ok

11:45:08.0845 5088 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

11:45:08.0849 5088 AxInstSV - ok

11:45:08.0980 5088 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

11:45:08.0994 5088 b06bdrv - ok

11:45:09.0091 5088 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:45:09.0098 5088 b57nd60a - ok

11:45:09.0228 5088 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

11:45:09.0247 5088 BCM43XX - ok

11:45:09.0278 5088 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:45:09.0281 5088 BDESVC - ok

11:45:09.0357 5088 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:45:09.0358 5088 Beep - ok

11:45:09.0419 5088 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

11:45:09.0430 5088 BFE - ok

11:45:09.0675 5088 BHDrvx64 (cd0ecb395666fc9ae23d7381e9e3370d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111027.001\BHDrvx64.sys

11:45:09.0689 5088 BHDrvx64 - ok

11:45:09.0805 5088 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

11:45:09.0853 5088 BITS - ok

11:45:09.0947 5088 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

11:45:09.0950 5088 blbdrive - ok

11:45:10.0032 5088 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

11:45:10.0038 5088 Bonjour Service - ok

11:45:10.0137 5088 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:45:10.0153 5088 bowser - ok

11:45:10.0284 5088 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

11:45:10.0286 5088 BrFiltLo - ok

11:45:10.0311 5088 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

11:45:10.0314 5088 BrFiltUp - ok

11:45:10.0377 5088 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

11:45:10.0382 5088 Browser - ok

11:45:10.0458 5088 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:45:10.0465 5088 Brserid - ok

11:45:10.0501 5088 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:45:10.0503 5088 BrSerWdm - ok

11:45:10.0588 5088 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:45:10.0590 5088 BrUsbMdm - ok

11:45:10.0613 5088 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:45:10.0615 5088 BrUsbSer - ok

11:45:10.0678 5088 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

11:45:10.0680 5088 BTHMODEM - ok

11:45:10.0810 5088 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:45:10.0813 5088 bthserv - ok

11:45:10.0841 5088 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:45:10.0844 5088 cdfs - ok

11:45:10.0927 5088 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

11:45:10.0938 5088 cdrom - ok

11:45:11.0022 5088 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:45:11.0025 5088 CertPropSvc - ok

11:45:11.0065 5088 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

11:45:11.0066 5088 circlass - ok

11:45:11.0135 5088 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:45:11.0144 5088 CLFS - ok

11:45:11.0217 5088 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:45:11.0221 5088 clr_optimization_v2.0.50727_32 - ok

11:45:11.0304 5088 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:45:11.0308 5088 clr_optimization_v2.0.50727_64 - ok

11:45:11.0439 5088 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:45:11.0442 5088 clr_optimization_v4.0.30319_32 - ok

11:45:11.0487 5088 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:45:11.0492 5088 clr_optimization_v4.0.30319_64 - ok

11:45:11.0583 5088 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

11:45:11.0585 5088 clwvd - ok

11:45:11.0621 5088 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

11:45:11.0624 5088 CmBatt - ok

11:45:11.0699 5088 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:45:11.0702 5088 cmdide - ok

11:45:11.0741 5088 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

11:45:11.0748 5088 CNG - ok

11:45:11.0852 5088 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

11:45:11.0853 5088 Compbatt - ok

11:45:11.0875 5088 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

11:45:11.0877 5088 CompositeBus - ok

11:45:11.0938 5088 COMSysApp - ok

11:45:11.0979 5088 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

11:45:12.0011 5088 crcdisk - ok

11:45:12.0115 5088 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

11:45:12.0121 5088 CryptSvc - ok

11:45:12.0213 5088 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:45:12.0226 5088 DcomLaunch - ok

11:45:12.0293 5088 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:45:12.0300 5088 defragsvc - ok

11:45:12.0395 5088 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:45:12.0398 5088 DfsC - ok

11:45:12.0457 5088 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

11:45:12.0462 5088 Dhcp - ok

11:45:12.0621 5088 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:45:12.0624 5088 discache - ok

11:45:12.0720 5088 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

11:45:12.0723 5088 Disk - ok

11:45:12.0794 5088 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

11:45:12.0799 5088 Dnscache - ok

11:45:12.0831 5088 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

11:45:12.0836 5088 dot3svc - ok

11:45:12.0892 5088 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

11:45:12.0895 5088 DPS - ok

11:45:12.0932 5088 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:45:12.0933 5088 drmkaud - ok

11:45:13.0032 5088 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:45:13.0053 5088 DXGKrnl - ok

11:45:13.0136 5088 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:45:13.0139 5088 EapHost - ok

11:45:13.0265 5088 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

11:45:13.0328 5088 ebdrv - ok

11:45:13.0406 5088 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

11:45:13.0413 5088 eeCtrl - ok

11:45:13.0480 5088 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

11:45:13.0483 5088 EFS - ok

11:45:13.0569 5088 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

11:45:13.0587 5088 ehRecvr - ok

11:45:13.0637 5088 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:45:13.0646 5088 ehSched - ok

11:45:13.0732 5088 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

11:45:13.0741 5088 elxstor - ok

11:45:13.0836 5088 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

11:45:13.0840 5088 EraserUtilRebootDrv - ok

11:45:13.0921 5088 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:45:13.0923 5088 ErrDev - ok

11:45:14.0004 5088 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:45:14.0014 5088 EventSystem - ok

11:45:14.0093 5088 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:45:14.0096 5088 exfat - ok

11:45:14.0181 5088 ezSharedSvc - ok

11:45:14.0230 5088 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:45:14.0234 5088 fastfat - ok

11:45:14.0320 5088 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

11:45:14.0332 5088 Fax - ok

11:45:14.0397 5088 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

11:45:14.0403 5088 fdc - ok

11:45:14.0540 5088 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:45:14.0543 5088 fdPHost - ok

11:45:14.0569 5088 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:45:14.0572 5088 FDResPub - ok

11:45:14.0653 5088 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:45:14.0656 5088 FileInfo - ok

11:45:14.0681 5088 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:45:14.0683 5088 Filetrace - ok

11:45:14.0869 5088 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

11:45:14.0884 5088 FLEXnet Licensing Service - ok

11:45:15.0098 5088 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

11:45:15.0124 5088 flpydisk - ok

11:45:15.0326 5088 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:45:15.0334 5088 FltMgr - ok

11:45:15.0426 5088 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

11:45:15.0450 5088 FontCache - ok

11:45:15.0528 5088 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:45:15.0529 5088 FontCache3.0.0.0 - ok

11:45:15.0605 5088 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:45:15.0607 5088 FsDepends - ok

11:45:15.0694 5088 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

11:45:15.0696 5088 Fs_Rec - ok

11:45:15.0800 5088 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:45:15.0807 5088 fvevol - ok

11:45:15.0898 5088 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

11:45:15.0900 5088 gagp30kx - ok

11:45:15.0950 5088 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

11:45:15.0970 5088 gpsvc - ok

11:45:16.0071 5088 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:45:16.0073 5088 hcw85cir - ok

11:45:16.0178 5088 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

11:45:16.0187 5088 HdAudAddService - ok

11:45:16.0233 5088 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:45:16.0237 5088 HDAudBus - ok

11:45:16.0305 5088 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

11:45:16.0307 5088 HidBatt - ok

11:45:16.0327 5088 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

11:45:16.0337 5088 HidBth - ok

11:45:16.0447 5088 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

11:45:16.0448 5088 HidIr - ok

11:45:16.0486 5088 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

11:45:16.0488 5088 hidserv - ok

11:45:16.0643 5088 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:45:16.0646 5088 HidUsb - ok

11:45:16.0762 5088 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

11:45:16.0768 5088 hkmsvc - ok

11:45:16.0803 5088 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

11:45:16.0812 5088 HomeGroupListener - ok

11:45:16.0843 5088 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

11:45:16.0850 5088 HomeGroupProvider - ok

11:45:16.0904 5088 HP Health Check Service - ok

11:45:16.0986 5088 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

11:45:16.0996 5088 HPClientSvc - ok

11:45:17.0103 5088 hpCMSrv - ok

11:45:17.0117 5088 HPDrvMntSvc.exe - ok

11:45:17.0129 5088 hpqwmiex - ok

11:45:17.0226 5088 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:45:17.0230 5088 HpSAMD - ok

11:45:17.0312 5088 HPWMISVC - ok

11:45:17.0414 5088 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:45:17.0430 5088 HTTP - ok

11:45:17.0443 5088 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:45:17.0444 5088 hwpolicy - ok

11:45:17.0541 5088 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

11:45:17.0544 5088 i8042prt - ok

11:45:17.0597 5088 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:45:17.0604 5088 iaStorV - ok

11:45:17.0734 5088 IconMan_R (2c3cc41fefcb77e2826886e6b7ef93ae) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

11:45:17.0768 5088 IconMan_R - ok

11:45:17.0901 5088 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:45:17.0934 5088 idsvc - ok

11:45:18.0098 5088 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111104.030\IDSvia64.sys

11:45:18.0133 5088 IDSVia64 - ok

11:45:18.0256 5088 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

11:45:18.0273 5088 iirsp - ok

11:45:18.0528 5088 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

11:45:18.0562 5088 IKEEXT - ok

11:45:18.0801 5088 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:45:18.0804 5088 intelide - ok

11:45:19.0038 5088 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

11:45:19.0041 5088 intelppm - ok

11:45:19.0284 5088 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:45:19.0287 5088 IPBusEnum - ok

11:45:19.0448 5088 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:45:19.0451 5088 IpFilterDriver - ok

11:45:19.0541 5088 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

11:45:19.0550 5088 iphlpsvc - ok

11:45:19.0620 5088 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:45:19.0622 5088 IPMIDRV - ok

11:45:19.0652 5088 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:45:19.0654 5088 IPNAT - ok

11:45:19.0736 5088 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:45:19.0738 5088 IRENUM - ok

11:45:19.0771 5088 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:45:19.0773 5088 isapnp - ok

11:45:19.0809 5088 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:45:19.0817 5088 iScsiPrt - ok

11:45:19.0897 5088 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:45:19.0898 5088 kbdclass - ok

11:45:19.0940 5088 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

11:45:19.0941 5088 kbdhid - ok

11:45:20.0113 5088 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:45:20.0116 5088 KeyIso - ok

11:45:20.0330 5088 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

11:45:20.0332 5088 KSecDD - ok

11:45:20.0563 5088 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

11:45:20.0567 5088 KSecPkg - ok

11:45:20.0808 5088 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:45:20.0810 5088 ksthunk - ok

11:45:20.0970 5088 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:45:20.0977 5088 KtmRm - ok

11:45:21.0203 5088 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

11:45:21.0226 5088 LanmanServer - ok

11:45:21.0410 5088 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

11:45:21.0417 5088 LanmanWorkstation - ok

11:45:21.0553 5088 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:45:21.0555 5088 lltdio - ok

11:45:21.0607 5088 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:45:21.0638 5088 lltdsvc - ok

11:45:21.0808 5088 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:45:21.0810 5088 lmhosts - ok

11:45:22.0017 5088 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

11:45:22.0020 5088 LSI_FC - ok

11:45:22.0271 5088 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

11:45:22.0274 5088 LSI_SAS - ok

11:45:22.0524 5088 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

11:45:22.0528 5088 LSI_SAS2 - ok

11:45:22.0737 5088 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

11:45:22.0741 5088 LSI_SCSI - ok

11:45:22.0935 5088 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:45:22.0938 5088 luafv - ok

11:45:23.0091 5088 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

11:45:23.0122 5088 MBAMProtector - ok

11:45:23.0293 5088 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

11:45:23.0300 5088 MBAMService - ok

11:45:23.0476 5088 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

11:45:23.0482 5088 Mcx2Svc - ok

11:45:23.0702 5088 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

11:45:23.0705 5088 megasas - ok

11:45:23.0916 5088 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

11:45:23.0924 5088 MegaSR - ok

11:45:24.0025 5088 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:45:24.0028 5088 MMCSS - ok

11:45:24.0151 5088 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:45:24.0177 5088 Modem - ok

11:45:24.0428 5088 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:45:24.0432 5088 monitor - ok

11:45:24.0622 5088 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:45:24.0645 5088 mouclass - ok

11:45:24.0827 5088 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:45:24.0829 5088 mouhid - ok

11:45:24.0895 5088 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:45:24.0898 5088 mountmgr - ok

11:45:24.0977 5088 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:45:24.0982 5088 mpio - ok

11:45:25.0093 5088 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:45:25.0127 5088 mpsdrv - ok

11:45:25.0220 5088 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

11:45:25.0262 5088 MpsSvc - ok

11:45:25.0375 5088 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:45:25.0379 5088 MRxDAV - ok

11:45:25.0418 5088 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:45:25.0422 5088 mrxsmb - ok

11:45:25.0500 5088 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:45:25.0507 5088 mrxsmb10 - ok

11:45:25.0541 5088 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:45:25.0545 5088 mrxsmb20 - ok

11:45:25.0627 5088 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:45:25.0629 5088 msahci - ok

11:45:25.0674 5088 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:45:25.0678 5088 msdsm - ok

11:45:25.0751 5088 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:45:25.0757 5088 MSDTC - ok

11:45:25.0820 5088 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:45:25.0822 5088 Msfs - ok

11:45:25.0879 5088 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:45:25.0881 5088 mshidkmdf - ok

11:45:25.0916 5088 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:45:25.0918 5088 msisadrv - ok

11:45:26.0012 5088 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:45:26.0017 5088 MSiSCSI - ok

11:45:26.0027 5088 msiserver - ok

11:45:26.0080 5088 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:45:26.0082 5088 MSKSSRV - ok

11:45:26.0154 5088 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:45:26.0156 5088 MSPCLOCK - ok

11:45:26.0215 5088 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:45:26.0218 5088 MSPQM - ok

11:45:26.0297 5088 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:45:26.0306 5088 MsRPC - ok

11:45:26.0350 5088 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

11:45:26.0353 5088 mssmbios - ok

11:45:26.0611 5088 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:45:26.0614 5088 MSTEE - ok

11:45:26.0732 5088 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

11:45:26.0735 5088 MTConfig - ok

11:45:26.0854 5088 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:45:26.0857 5088 Mup - ok

11:45:26.0918 5088 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

11:45:26.0933 5088 napagent - ok

11:45:27.0062 5088 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:45:27.0094 5088 NativeWifiP - ok

11:45:27.0243 5088 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111106.009\ENG64.SYS

11:45:27.0268 5088 NAVENG - ok

11:45:27.0611 5088 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111106.009\EX64.SYS

11:45:27.0638 5088 NAVEX15 - ok

11:45:27.0729 5088 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

11:45:27.0743 5088 NDIS - ok

11:45:27.0834 5088 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:45:27.0835 5088 NdisCap - ok

11:45:27.0900 5088 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:45:27.0902 5088 NdisTapi - ok

11:45:27.0941 5088 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:45:27.0943 5088 Ndisuio - ok

11:45:28.0005 5088 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:45:28.0010 5088 NdisWan - ok

11:45:28.0027 5088 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:45:28.0029 5088 NDProxy - ok

11:45:28.0072 5088 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:45:28.0074 5088 NetBIOS - ok

11:45:28.0136 5088 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:45:28.0141 5088 NetBT - ok

11:45:28.0169 5088 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:45:28.0173 5088 Netlogon - ok

11:45:28.0220 5088 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:45:28.0252 5088 Netman - ok

11:45:28.0370 5088 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:45:28.0382 5088 netprofm - ok

11:45:28.0625 5088 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:45:28.0649 5088 NetTcpPortSharing - ok

11:45:28.0845 5088 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

11:45:28.0848 5088 nfrd960 - ok

11:45:29.0048 5088 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe

11:45:29.0052 5088 NIS - ok

11:45:29.0221 5088 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

11:45:29.0250 5088 NlaSvc - ok

11:45:29.0483 5088 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:45:29.0485 5088 Npfs - ok

11:45:29.0796 5088 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:45:29.0799 5088 nsi - ok

11:45:29.0965 5088 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:45:29.0967 5088 nsiproxy - ok

11:45:30.0233 5088 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:45:30.0280 5088 Ntfs - ok

11:45:30.0402 5088 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:45:30.0418 5088 Null - ok

11:45:30.0656 5088 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

11:45:30.0662 5088 NVENETFD - ok

11:45:30.0825 5088 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:45:30.0848 5088 nvraid - ok

11:45:31.0069 5088 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:45:31.0072 5088 nvstor - ok

11:45:31.0276 5088 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:45:31.0280 5088 nv_agp - ok

11:45:31.0509 5088 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:45:31.0537 5088 ohci1394 - ok

11:45:31.0716 5088 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:45:31.0719 5088 ose - ok

11:45:31.0875 5088 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:45:31.0881 5088 p2pimsvc - ok

11:45:32.0000 5088 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:45:32.0007 5088 p2psvc - ok

11:45:32.0052 5088 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

11:45:32.0054 5088 Parport - ok

11:45:32.0325 5088 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

11:45:32.0328 5088 partmgr - ok

11:45:32.0471 5088 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:45:32.0476 5088 PcaSvc - ok

11:45:32.0573 5088 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:45:32.0578 5088 pci - ok

11:45:32.0739 5088 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:45:32.0741 5088 pciide - ok

11:45:32.0931 5088 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

11:45:32.0935 5088 pcmcia - ok

11:45:33.0014 5088 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:45:33.0016 5088 pcw - ok

11:45:33.0115 5088 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:45:33.0125 5088 PEAUTH - ok

11:45:33.0198 5088 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:45:33.0201 5088 PerfHost - ok

11:45:33.0300 5088 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

11:45:33.0318 5088 pla - ok

11:45:33.0398 5088 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

11:45:33.0408 5088 PlugPlay - ok

11:45:33.0438 5088 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:45:33.0440 5088 PNRPAutoReg - ok

11:45:33.0553 5088 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:45:33.0559 5088 PNRPsvc - ok

11:45:33.0589 5088 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

11:45:33.0597 5088 PolicyAgent - ok

11:45:33.0676 5088 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:45:33.0682 5088 Power - ok

11:45:33.0872 5088 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:45:33.0875 5088 PptpMiniport - ok

11:45:34.0011 5088 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

11:45:34.0013 5088 Processor - ok

11:45:34.0089 5088 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

11:45:34.0093 5088 ProfSvc - ok

11:45:34.0158 5088 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:45:34.0160 5088 ProtectedStorage - ok

11:45:34.0331 5088 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:45:34.0333 5088 Psched - ok

11:45:34.0726 5088 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

11:45:34.0819 5088 ql2300 - ok

11:45:35.0109 5088 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

11:45:35.0112 5088 ql40xx - ok

11:45:35.0228 5088 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:45:35.0235 5088 QWAVE - ok

11:45:35.0307 5088 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:45:35.0336 5088 QWAVEdrv - ok

11:45:35.0543 5088 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:45:35.0545 5088 RasAcd - ok

11:45:35.0679 5088 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:45:35.0681 5088 RasAgileVpn - ok

11:45:35.0767 5088 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:45:35.0773 5088 RasAuto - ok

11:45:35.0878 5088 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:45:35.0881 5088 Rasl2tp - ok

11:45:35.0992 5088 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

11:45:36.0011 5088 RasMan - ok

11:45:36.0195 5088 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:45:36.0199 5088 RasPppoe - ok

11:45:36.0554 5088 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:45:36.0558 5088 RasSstp - ok

11:45:36.0827 5088 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:45:36.0834 5088 rdbss - ok

11:45:36.0942 5088 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

11:45:36.0970 5088 rdpbus - ok

11:45:37.0131 5088 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:45:37.0133 5088 RDPCDD - ok

11:45:37.0370 5088 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:45:37.0372 5088 RDPENCDD - ok

11:45:37.0567 5088 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:45:37.0569 5088 RDPREFMP - ok

11:45:37.0795 5088 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

11:45:37.0799 5088 RDPWD - ok

11:45:37.0990 5088 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:45:37.0993 5088 rdyboost - ok

11:45:38.0147 5088 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:45:38.0150 5088 RemoteAccess - ok

11:45:38.0320 5088 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:45:38.0324 5088 RemoteRegistry - ok

11:45:38.0654 5088 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys

11:45:38.0752 5088 Revoflt - ok

11:45:38.0881 5088 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

11:45:38.0907 5088 RoxioNow Service - ok

11:45:39.0107 5088 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:45:39.0112 5088 RpcEptMapper - ok

11:45:39.0314 5088 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:45:39.0345 5088 RpcLocator - ok

11:45:39.0470 5088 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:45:39.0478 5088 RpcSs - ok

11:45:39.0792 5088 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys

11:45:39.0819 5088 RSPCIESTOR - ok

11:45:40.0170 5088 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:45:40.0173 5088 rspndr - ok

11:45:40.0393 5088 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:45:40.0403 5088 RTL8167 - ok

11:45:40.0822 5088 RTL8192Ce (5fa2f4f658fca7816a5ff6980b95c5f9) C:\Windows\system32\DRIVERS\rtl8192Ce.sys

11:45:40.0839 5088 RTL8192Ce - ok

11:45:40.0980 5088 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:45:40.0982 5088 SamSs - ok

11:45:41.0166 5088 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:45:41.0168 5088 sbp2port - ok

11:45:41.0379 5088 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:45:41.0389 5088 SCardSvr - ok

11:45:41.0646 5088 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:45:41.0649 5088 scfilter - ok

11:45:41.0893 5088 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

11:45:41.0916 5088 Schedule - ok

11:45:42.0234 5088 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:45:42.0237 5088 SCPolicySvc - ok

11:45:42.0364 5088 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

11:45:42.0372 5088 sdbus - ok

11:45:42.0588 5088 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

11:45:42.0596 5088 SDRSVC - ok

11:45:42.0853 5088 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:45:42.0855 5088 secdrv - ok

11:45:43.0182 5088 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

11:45:43.0187 5088 seclogon - ok

11:45:43.0323 5088 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

11:45:43.0329 5088 SENS - ok

11:45:43.0487 5088 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:45:43.0493 5088 SensrSvc - ok

11:45:43.0622 5088 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

11:45:43.0624 5088 Serenum - ok

11:45:43.0695 5088 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

11:45:43.0699 5088 Serial - ok

11:45:43.0743 5088 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

11:45:43.0759 5088 sermouse - ok

11:45:43.0831 5088 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

11:45:43.0835 5088 SessionEnv - ok

11:45:43.0871 5088 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:45:43.0873 5088 sffdisk - ok

11:45:43.0888 5088 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:45:43.0889 5088 sffp_mmc - ok

11:45:43.0947 5088 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:45:43.0948 5088 sffp_sd - ok

11:45:43.0977 5088 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

11:45:43.0978 5088 sfloppy - ok

11:45:44.0012 5088 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

11:45:44.0018 5088 SharedAccess - ok

11:45:44.0081 5088 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

11:45:44.0088 5088 ShellHWDetection - ok

11:45:44.0129 5088 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

11:45:44.0131 5088 SiSRaid2 - ok

11:45:44.0206 5088 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

11:45:44.0208 5088 SiSRaid4 - ok

11:45:44.0262 5088 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:45:44.0265 5088 Smb - ok

11:45:44.0341 5088 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:45:44.0344 5088 SNMPTRAP - ok

11:45:44.0390 5088 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:45:44.0395 5088 spldr - ok

11:45:44.0627 5088 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

11:45:44.0636 5088 Spooler - ok

11:45:44.0778 5088 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

11:45:44.0871 5088 sppsvc - ok

11:45:44.0991 5088 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:45:44.0994 5088 sppuinotify - ok

11:45:45.0129 5088 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS

11:45:45.0140 5088 SRTSP - ok

11:45:45.0316 5088 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS

11:45:45.0317 5088 SRTSPX - ok

11:45:45.0507 5088 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:45:45.0513 5088 srv - ok

11:45:45.0668 5088 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:45:45.0674 5088 srv2 - ok

11:45:45.0769 5088 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

11:45:45.0810 5088 SrvHsfHDA - ok

11:45:46.0043 5088 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

11:45:46.0080 5088 SrvHsfV92 - ok

11:45:46.0293 5088 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

11:45:46.0310 5088 SrvHsfWinac - ok

11:45:46.0437 5088 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:45:46.0442 5088 srvnet - ok

11:45:46.0604 5088 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:45:46.0612 5088 SSDPSRV - ok

11:45:46.0636 5088 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:45:46.0642 5088 SstpSvc - ok

11:45:46.0830 5088 STacSV (293a556e04f815477ae93e07b35065e6) C:\Program Files\IDT\WDM\STacSV64.exe

11:45:46.0834 5088 STacSV - ok

11:45:47.0015 5088 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

11:45:47.0017 5088 stexstor - ok

11:45:47.0144 5088 STHDA (aa3c0336514c239a171f00a6902b59b8) C:\Windows\system32\DRIVERS\stwrt64.sys

11:45:47.0152 5088 STHDA - ok

11:45:47.0238 5088 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

11:45:47.0248 5088 stisvc - ok

11:45:47.0328 5088 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

11:45:47.0330 5088 swenum - ok

11:45:47.0373 5088 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:45:47.0389 5088 swprv - ok

11:45:47.0514 5088 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS

11:45:47.0522 5088 SymDS - ok

11:45:47.0658 5088 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS

11:45:47.0677 5088 SymEFA - ok

11:45:47.0756 5088 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

11:45:47.0762 5088 SymEvent - ok

11:45:47.0820 5088 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS

11:45:47.0830 5088 SymIRON - ok

11:45:47.0938 5088 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS

11:45:47.0946 5088 SymNetS - ok

11:45:48.0011 5088 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys

11:45:48.0030 5088 SynTP - ok

11:45:48.0137 5088 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

11:45:48.0165 5088 SysMain - ok

11:45:48.0182 5088 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

11:45:48.0187 5088 TabletInputService - ok

11:45:48.0267 5088 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

11:45:48.0278 5088 TapiSrv - ok

11:45:48.0297 5088 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:45:48.0303 5088 TBS - ok

11:45:48.0413 5088 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

11:45:48.0456 5088 Tcpip - ok

11:45:48.0736 5088 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

11:45:48.0762 5088 TCPIP6 - ok

11:45:48.0935 5088 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:45:48.0939 5088 tcpipreg - ok

11:45:48.0983 5088 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:45:48.0985 5088 TDPIPE - ok

11:45:49.0045 5088 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

11:45:49.0047 5088 TDTCP - ok

11:45:49.0080 5088 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:45:49.0084 5088 tdx - ok

11:45:49.0285 5088 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

11:45:49.0288 5088 TermDD - ok

11:45:49.0407 5088 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

11:45:49.0423 5088 TermService - ok

11:45:49.0451 5088 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:45:49.0454 5088 Themes - ok

11:45:49.0527 5088 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:45:49.0531 5088 THREADORDER - ok

11:45:49.0593 5088 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:45:49.0599 5088 TrkWks - ok

11:45:49.0642 5088 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

11:45:49.0644 5088 TrustedInstaller - ok

11:45:49.0718 5088 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:45:49.0719 5088 tssecsrv - ok

11:45:49.0767 5088 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:45:49.0770 5088 TsUsbFlt - ok

11:45:49.0849 5088 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

11:45:49.0860 5088 TsUsbGD - ok

11:45:49.0912 5088 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:45:49.0918 5088 tunnel - ok

11:45:50.0070 5088 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

11:45:50.0073 5088 uagp35 - ok

11:45:50.0096 5088 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:45:50.0111 5088 udfs - ok

11:45:50.0179 5088 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:45:50.0182 5088 UI0Detect - ok

11:45:50.0212 5088 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:45:50.0214 5088 uliagpkx - ok

11:45:50.0303 5088 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

11:45:50.0306 5088 umbus - ok

11:45:50.0342 5088 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

11:45:50.0344 5088 UmPass - ok

11:45:50.0466 5088 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:45:50.0477 5088 upnphost - ok

11:45:50.0568 5088 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:45:50.0571 5088 usbccgp - ok

11:45:50.0670 5088 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:45:50.0674 5088 usbcir - ok

11:45:50.0712 5088 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

11:45:50.0714 5088 usbehci - ok

11:45:50.0756 5088 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys

11:45:50.0758 5088 usbfilter - ok

11:45:50.0879 5088 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:45:50.0886 5088 usbhub - ok

11:45:50.0965 5088 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

11:45:50.0967 5088 usbohci - ok

11:45:51.0045 5088 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

11:45:51.0047 5088 usbprint - ok

11:45:51.0159 5088 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:45:51.0165 5088 USBSTOR - ok

11:45:51.0264 5088 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

11:45:51.0266 5088 usbuhci - ok

11:45:51.0331 5088 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

11:45:51.0335 5088 usbvideo - ok

11:45:51.0399 5088 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:45:51.0405 5088 UxSms - ok

11:45:51.0448 5088 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:45:51.0450 5088 VaultSvc - ok

11:45:51.0481 5088 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:45:51.0484 5088 vdrvroot - ok

11:45:51.0548 5088 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

11:45:51.0561 5088 vds - ok

11:45:51.0624 5088 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:45:51.0626 5088 vga - ok

11:45:51.0678 5088 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:45:51.0679 5088 VgaSave - ok

11:45:51.0716 5088 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:45:51.0719 5088 vhdmp - ok

11:45:51.0775 5088 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:45:51.0777 5088 viaide - ok

11:45:51.0841 5088 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:45:51.0845 5088 volmgr - ok

11:45:51.0908 5088 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:45:51.0917 5088 volmgrx - ok

11:45:51.0976 5088 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:45:51.0981 5088 volsnap - ok

11:45:52.0032 5088 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

11:45:52.0035 5088 vsmraid - ok

11:45:52.0144 5088 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

11:45:52.0172 5088 VSS - ok

11:45:52.0261 5088 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:45:52.0263 5088 vwifibus - ok

11:45:52.0287 5088 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:45:52.0290 5088 vwififlt - ok

11:45:52.0366 5088 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:45:52.0380 5088 W32Time - ok

11:45:52.0451 5088 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

11:45:52.0452 5088 WacomPen - ok

11:45:52.0594 5088 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:45:52.0597 5088 WANARP - ok

11:45:52.0603 5088 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:45:52.0604 5088 Wanarpv6 - ok

11:45:52.0758 5088 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:45:52.0783 5088 WatAdminSvc - ok

11:45:52.0984 5088 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

11:45:53.0031 5088 wbengine - ok

11:45:53.0151 5088 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:45:53.0181 5088 WbioSrvc - ok

11:45:53.0275 5088 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

11:45:53.0288 5088 wcncsvc - ok

11:45:53.0359 5088 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:45:53.0365 5088 WcsPlugInService - ok

11:45:53.0445 5088 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

11:45:53.0447 5088 Wd - ok

11:45:53.0552 5088 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:45:53.0563 5088 Wdf01000 - ok

11:45:53.0626 5088 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:45:53.0630 5088 WdiServiceHost - ok

11:45:53.0635 5088 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:45:53.0638 5088 WdiSystemHost - ok

11:45:53.0663 5088 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

11:45:53.0669 5088 WebClient - ok

11:45:53.0745 5088 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:45:53.0750 5088 Wecsvc - ok

11:45:53.0771 5088 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:45:53.0774 5088 wercplsupport - ok

11:45:53.0850 5088 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:45:53.0854 5088 WerSvc - ok

11:45:53.0912 5088 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:45:53.0913 5088 WfpLwf - ok

11:45:53.0983 5088 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:45:53.0984 5088 WIMMount - ok

11:45:54.0007 5088 WinDefend - ok

11:45:54.0019 5088 WinHttpAutoProxySvc - ok

11:45:54.0072 5088 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:45:54.0077 5088 Winmgmt - ok

11:45:54.0197 5088 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

11:45:54.0232 5088 WinRM - ok

11:45:54.0355 5088 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

11:45:54.0357 5088 WinUsb - ok

11:45:54.0425 5088 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:45:54.0441 5088 Wlansvc - ok

11:45:54.0579 5088 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:45:54.0580 5088 WmiAcpi - ok

11:45:54.0642 5088 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:45:54.0646 5088 wmiApSrv - ok

11:45:54.0765 5088 WMPNetworkSvc - ok

11:45:54.0973 5088 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:45:54.0983 5088 WPCSvc - ok

11:45:55.0010 5088 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

11:45:55.0016 5088 WPDBusEnum - ok

11:45:55.0118 5088 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:45:55.0120 5088 ws2ifsl - ok

11:45:55.0158 5088 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

11:45:55.0163 5088 wscsvc - ok

11:45:55.0249 5088 WSearch - ok

11:45:55.0323 5088 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

11:45:55.0359 5088 wuauserv - ok

11:45:55.0437 5088 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:45:55.0440 5088 WudfPf - ok

11:45:55.0548 5088 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:45:55.0554 5088 WUDFRd - ok

11:45:55.0582 5088 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

11:45:55.0586 5088 wudfsvc - ok

11:45:55.0650 5088 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:45:55.0656 5088 WwanSvc - ok

11:45:55.0693 5088 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

11:45:55.0727 5088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

11:45:55.0727 5088 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

11:45:55.0757 5088 Boot (0x1200) (9c85a4733cd963a3c98bb87793746910) \Device\Harddisk0\DR0\Partition0

11:45:55.0759 5088 \Device\Harddisk0\DR0\Partition0 - ok

11:45:55.0767 5088 Boot (0x1200) (df54bce7fb5f4ee389f0739dcf8f0936) \Device\Harddisk0\DR0\Partition1

11:45:55.0768 5088 \Device\Harddisk0\DR0\Partition1 - ok

11:45:55.0798 5088 Boot (0x1200) (71451637ac9a668b623dd20855fb820c) \Device\Harddisk0\DR0\Partition2

11:45:55.0800 5088 \Device\Harddisk0\DR0\Partition2 - ok

11:45:55.0818 5088 Boot (0x1200) (eb373bfaf84e479b17063bac6749bdfb) \Device\Harddisk0\DR0\Partition3

11:45:55.0819 5088 \Device\Harddisk0\DR0\Partition3 - ok

11:45:55.0820 5088 ============================================================

11:45:55.0820 5088 Scan finished

11:45:55.0820 5088 ============================================================

11:45:55.0864 4488 Detected object count: 1

11:45:55.0864 4488 Actual detected object count: 1

11:46:09.0244 4488 \Device\Harddisk0\DR0\# - copied to quarantine

11:46:09.0244 4488 \Device\Harddisk0\DR0 - copied to quarantine

11:46:09.0300 4488 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

11:46:09.0304 4488 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

11:46:09.0311 4488 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

11:46:09.0319 4488 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

11:46:09.0338 4488 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

11:46:09.0350 4488 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

11:46:09.0353 4488 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

11:46:09.0355 4488 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

11:46:09.0357 4488 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

11:46:09.0361 4488 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

11:46:09.0364 4488 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

11:46:09.0367 4488 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

11:46:09.0405 4488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

11:46:09.0461 4488 \Device\Harddisk0\DR0 - ok

11:46:11.0193 4488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

11:46:17.0311 5304 Deinitialize success

Share this post


Link to post
Share on other sites

Thank you for helping me. I have been very worried about this as this is the laptop I use for my freelance business.

Share this post


Link to post
Share on other sites

In that case I am afraid I have bad news. Although the infection is gone now, it was a nasty rootkit, please read the following information first.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Share this post


Link to post
Share on other sites

This is horrible news. I use this laptop for EVERYTHING. I wil review your recommendations. I am afraid that I let the AV expire on all my PCs recently. Thank you for your help.

Christopher

Share this post


Link to post
Share on other sites

I will reset all passwords.....but I am not sure I have the OS disks. I MUST work on my laptop. Would it be possible to clean the laptop and then reinstall after I have received the OS disks?

Share this post


Link to post
Share on other sites

Yes, that wouldn't be a problem. :)

In that case, please continue with the combofix steps.

Share this post


Link to post
Share on other sites

<kibbitz>

@ctruong333

Are you still with us? Or have you already resolved your issues? Status update, please.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.