Sign in to follow this  
Followers 0
hpapres

My PC is Continuously downloading 1MB of unknown data/5-10 sec

6 posts in this topic

My PC has apparently been infected by some type of trojan that continuously downloads large amounts of data. What it is downloading and where it is going on this computer I am not sure. I have run the Malwarebytes Anti-Malware program several times. The first time it found numerous potential threats. I had it remove all and rebooted. Each time I run the program it finds and removes a Trojant.Agent memory process shown below in the excert from the most recent scan log:

mbam-log-2012-04-28 (08-36-11).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 367617

Time elapsed: 43 minute(s), 4 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 4348 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

I have downloaded and run DDS.exe per instructions and the resulting text files are attached.

Any help would be greatly appreciated.

Thanks

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

Hello hpapres and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall Ask Toolbar and Ask Toolbar Updater, because is bundled with many third party applications - also see this note.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Share this post


Link to post
Share on other sites

I was able to remove the ASK toolbar as you suggested, however, whenever I try to remove the ASK Toolbar Updater I keep getting a popup message stating the following:

"You do not have sufficient access to uninstall Ask Toolbar Updater. Please contact your system administrator."

This doesn't make sense since I an Administrator on this laptop.

The data download issue seems to have stopped for now with the removal of the threat found by TDSSKiller.exe.

Here are log files you requested:

1) TDSSKiller Log

19:24:36.0192 3036 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

19:24:36.0202 3036 ============================================================

19:24:36.0202 3036 Current date / time: 2012/04/29 19:24:36.0202

19:24:36.0202 3036 SystemInfo:

19:24:36.0202 3036

19:24:36.0202 3036 OS Version: 6.1.7601 ServicePack: 1.0

19:24:36.0202 3036 Product type: Workstation

19:24:36.0202 3036 ComputerName: MIGUEL-AAH-HP

19:24:36.0202 3036 UserName: Charles N. Hasek

19:24:36.0202 3036 Windows directory: C:\Windows

19:24:36.0202 3036 System windows directory: C:\Windows

19:24:36.0202 3036 Running under WOW64

19:24:36.0202 3036 Processor architecture: Intel x64

19:24:36.0202 3036 Number of processors: 4

19:24:36.0202 3036 Page size: 0x1000

19:24:36.0202 3036 Boot type: Normal boot

19:24:36.0202 3036 ============================================================

19:24:36.0482 3036 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:24:36.0482 3036 ============================================================

19:24:36.0482 3036 \Device\Harddisk0\DR0:

19:24:36.0482 3036 MBR partitions:

19:24:36.0482 3036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

19:24:36.0482 3036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48B3E000

19:24:36.0482 3036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48BA2000, BlocksNum 0x1C82000

19:24:36.0482 3036 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0

19:24:36.0482 3036 ============================================================

19:24:36.0512 3036 C: <-> \Device\Harddisk0\DR0\Partition1

19:24:36.0592 3036 D: <-> \Device\Harddisk0\DR0\Partition2

19:24:36.0592 3036 ============================================================

19:24:36.0592 3036 Initialize success

19:24:36.0592 3036 ============================================================

19:24:59.0113 4780 ============================================================

19:24:59.0113 4780 Scan started

19:24:59.0113 4780 Mode: Manual; SigCheck; TDLFS;

19:24:59.0113 4780 ============================================================

19:24:59.0573 4780 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

19:24:59.0673 4780 1394ohci - ok

19:24:59.0723 4780 Accelerometer (7a330a42870eb1fa81f88be514d2d566) C:\Windows\system32\DRIVERS\Accelerometer.sys

19:24:59.0763 4780 Accelerometer - ok

19:24:59.0823 4780 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

19:24:59.0853 4780 ACPI - ok

19:24:59.0873 4780 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

19:24:59.0973 4780 AcpiPmi - ok

19:25:00.0063 4780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

19:25:00.0093 4780 adp94xx - ok

19:25:00.0153 4780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

19:25:00.0183 4780 adpahci - ok

19:25:00.0233 4780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

19:25:00.0253 4780 adpu320 - ok

19:25:00.0283 4780 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

19:25:00.0473 4780 AeLookupSvc - ok

19:25:00.0573 4780 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

19:25:00.0673 4780 AESTFilters - ok

19:25:00.0773 4780 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

19:25:00.0873 4780 AFD - ok

19:25:00.0913 4780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

19:25:00.0933 4780 agp440 - ok

19:25:00.0983 4780 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

19:25:01.0053 4780 ALG - ok

19:25:01.0093 4780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

19:25:01.0123 4780 aliide - ok

19:25:01.0133 4780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

19:25:01.0143 4780 amdide - ok

19:25:01.0193 4780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

19:25:01.0233 4780 AmdK8 - ok

19:25:01.0253 4780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

19:25:01.0313 4780 AmdPPM - ok

19:25:01.0363 4780 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

19:25:01.0393 4780 amdsata - ok

19:25:01.0433 4780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

19:25:01.0453 4780 amdsbs - ok

19:25:01.0503 4780 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

19:25:01.0513 4780 amdxata - ok

19:25:01.0553 4780 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

19:25:01.0613 4780 AppID - ok

19:25:01.0643 4780 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

19:25:01.0713 4780 AppIDSvc - ok

19:25:01.0793 4780 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

19:25:01.0863 4780 Appinfo - ok

19:25:01.0963 4780 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:25:01.0983 4780 Apple Mobile Device - ok

19:25:02.0023 4780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

19:25:02.0043 4780 arc - ok

19:25:02.0073 4780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

19:25:02.0093 4780 arcsas - ok

19:25:02.0133 4780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:25:02.0273 4780 AsyncMac - ok

19:25:02.0303 4780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

19:25:02.0323 4780 atapi - ok

19:25:02.0403 4780 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:25:02.0463 4780 AudioEndpointBuilder - ok

19:25:02.0473 4780 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:25:02.0513 4780 AudioSrv - ok

19:25:02.0563 4780 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

19:25:02.0693 4780 AxInstSV - ok

19:25:02.0763 4780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

19:25:02.0853 4780 b06bdrv - ok

19:25:02.0923 4780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:25:02.0983 4780 b57nd60a - ok

19:25:03.0143 4780 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

19:25:03.0193 4780 BCM43XX - ok

19:25:03.0243 4780 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

19:25:03.0333 4780 BDESVC - ok

19:25:03.0393 4780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:25:03.0473 4780 Beep - ok

19:25:03.0573 4780 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

19:25:03.0653 4780 BFE - ok

19:25:03.0953 4780 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120413.001\BHDrvx64.sys

19:25:03.0993 4780 BHDrvx64 - ok

19:25:04.0173 4780 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

19:25:04.0243 4780 BITS - ok

19:25:04.0313 4780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

19:25:04.0358 4780 blbdrive - ok

19:25:04.0477 4780 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

19:25:04.0495 4780 Bonjour Service - ok

19:25:04.0525 4780 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

19:25:04.0599 4780 bowser - ok

19:25:04.0630 4780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

19:25:04.0662 4780 BrFiltLo - ok

19:25:04.0696 4780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

19:25:04.0712 4780 BrFiltUp - ok

19:25:04.0746 4780 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

19:25:04.0860 4780 Browser - ok

19:25:04.0930 4780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:25:05.0020 4780 Brserid - ok

19:25:05.0050 4780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:25:05.0100 4780 BrSerWdm - ok

19:25:05.0130 4780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:25:05.0180 4780 BrUsbMdm - ok

19:25:05.0210 4780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:25:05.0260 4780 BrUsbSer - ok

19:25:05.0300 4780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

19:25:05.0360 4780 BTHMODEM - ok

19:25:05.0420 4780 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

19:25:05.0510 4780 bthserv - ok

19:25:05.0610 4780 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys

19:25:05.0640 4780 ccSet_N360 - ok

19:25:05.0670 4780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:25:05.0740 4780 cdfs - ok

19:25:05.0810 4780 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

19:25:05.0870 4780 cdrom - ok

19:25:05.0920 4780 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:25:06.0010 4780 CertPropSvc - ok

19:25:06.0060 4780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

19:25:06.0121 4780 circlass - ok

19:25:06.0191 4780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:25:06.0221 4780 CLFS - ok

19:25:06.0281 4780 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:25:06.0311 4780 clr_optimization_v2.0.50727_32 - ok

19:25:06.0381 4780 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:25:06.0401 4780 clr_optimization_v2.0.50727_64 - ok

19:25:06.0491 4780 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:25:06.0511 4780 clr_optimization_v4.0.30319_32 - ok

19:25:06.0551 4780 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:25:06.0561 4780 clr_optimization_v4.0.30319_64 - ok

19:25:06.0601 4780 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

19:25:06.0631 4780 clwvd - ok

19:25:06.0661 4780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

19:25:06.0711 4780 CmBatt - ok

19:25:06.0741 4780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

19:25:06.0771 4780 cmdide - ok

19:25:06.0881 4780 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

19:25:06.0921 4780 CNG - ok

19:25:06.0951 4780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

19:25:06.0981 4780 Compbatt - ok

19:25:07.0001 4780 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

19:25:07.0041 4780 CompositeBus - ok

19:25:07.0061 4780 COMSysApp - ok

19:25:07.0091 4780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

19:25:07.0101 4780 crcdisk - ok

19:25:07.0151 4780 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

19:25:07.0211 4780 CryptSvc - ok

19:25:07.0381 4780 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

19:25:07.0411 4780 cvhsvc - ok

19:25:07.0501 4780 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:25:07.0571 4780 DcomLaunch - ok

19:25:07.0641 4780 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

19:25:07.0721 4780 defragsvc - ok

19:25:07.0821 4780 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

19:25:07.0901 4780 DfsC - ok

19:25:07.0971 4780 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

19:25:08.0051 4780 Dhcp - ok

19:25:08.0101 4780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:25:08.0181 4780 discache - ok

19:25:08.0241 4780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

19:25:08.0261 4780 Disk - ok

19:25:08.0301 4780 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

19:25:08.0391 4780 Dnscache - ok

19:25:08.0441 4780 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

19:25:08.0521 4780 dot3svc - ok

19:25:08.0551 4780 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

19:25:08.0611 4780 DPS - ok

19:25:08.0661 4780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:25:08.0721 4780 drmkaud - ok

19:25:08.0831 4780 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

19:25:08.0861 4780 DXGKrnl - ok

19:25:08.0911 4780 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

19:25:09.0001 4780 EapHost - ok

19:25:09.0261 4780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

19:25:09.0311 4780 ebdrv - ok

19:25:09.0421 4780 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

19:25:09.0451 4780 eeCtrl - ok

19:25:09.0561 4780 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

19:25:09.0651 4780 EFS - ok

19:25:09.0751 4780 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

19:25:09.0891 4780 ehRecvr - ok

19:25:09.0911 4780 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

19:25:09.0931 4780 ehSched - ok

19:25:10.0021 4780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

19:25:10.0051 4780 elxstor - ok

19:25:10.0171 4780 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

19:25:10.0201 4780 EraserUtilRebootDrv - ok

19:25:10.0221 4780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

19:25:10.0261 4780 ErrDev - ok

19:25:10.0331 4780 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

19:25:10.0411 4780 EventSystem - ok

19:25:10.0621 4780 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

19:25:10.0671 4780 EvtEng - ok

19:25:10.0821 4780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:25:10.0891 4780 exfat - ok

19:25:10.0901 4780 ezSharedSvc - ok

19:25:10.0941 4780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:25:11.0001 4780 fastfat - ok

19:25:11.0101 4780 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

19:25:11.0201 4780 Fax - ok

19:25:11.0231 4780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

19:25:11.0261 4780 fdc - ok

19:25:11.0301 4780 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

19:25:11.0371 4780 fdPHost - ok

19:25:11.0381 4780 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

19:25:11.0411 4780 FDResPub - ok

19:25:11.0451 4780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:25:11.0461 4780 FileInfo - ok

19:25:11.0471 4780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:25:11.0531 4780 Filetrace - ok

19:25:11.0561 4780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

19:25:11.0581 4780 flpydisk - ok

19:25:11.0631 4780 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

19:25:11.0661 4780 FltMgr - ok

19:25:11.0761 4780 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

19:25:11.0861 4780 FontCache - ok

19:25:11.0931 4780 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:25:11.0951 4780 FontCache3.0.0.0 - ok

19:25:12.0071 4780 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

19:25:12.0101 4780 FPLService - ok

19:25:12.0211 4780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:25:12.0241 4780 FsDepends - ok

19:25:12.0271 4780 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

19:25:12.0281 4780 Fs_Rec - ok

19:25:12.0341 4780 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:25:12.0371 4780 fvevol - ok

19:25:12.0431 4780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

19:25:12.0451 4780 gagp30kx - ok

19:25:12.0541 4780 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

19:25:12.0551 4780 GamesAppService - ok

19:25:12.0601 4780 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:25:12.0631 4780 GEARAspiWDM - ok

19:25:12.0721 4780 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

19:25:12.0771 4780 gpsvc - ok

19:25:12.0801 4780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:25:12.0901 4780 hcw85cir - ok

19:25:12.0951 4780 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

19:25:13.0001 4780 HdAudAddService - ok

19:25:13.0061 4780 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:25:13.0131 4780 HDAudBus - ok

19:25:13.0171 4780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

19:25:13.0221 4780 HidBatt - ok

19:25:13.0281 4780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

19:25:13.0331 4780 HidBth - ok

19:25:13.0381 4780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

19:25:13.0401 4780 HidIr - ok

19:25:13.0421 4780 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

19:25:13.0521 4780 hidserv - ok

19:25:13.0571 4780 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

19:25:13.0601 4780 HidUsb - ok

19:25:13.0641 4780 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

19:25:13.0721 4780 hkmsvc - ok

19:25:13.0791 4780 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

19:25:13.0901 4780 HomeGroupListener - ok

19:25:13.0941 4780 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

19:25:13.0991 4780 HomeGroupProvider - ok

19:25:14.0091 4780 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

19:25:14.0111 4780 HP Health Check Service - ok

19:25:14.0221 4780 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

19:25:14.0251 4780 HPClientSvc - ok

19:25:14.0381 4780 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

19:25:14.0421 4780 hpCMSrv - ok

19:25:14.0481 4780 HPDrvMntSvc.exe (18062df0dceb4ed88e03a8b161935722) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

19:25:14.0501 4780 HPDrvMntSvc.exe - ok

19:25:14.0621 4780 hpdskflt (a4be23c451adeb252cd17a0532cae220) C:\Windows\system32\DRIVERS\hpdskflt.sys

19:25:14.0641 4780 hpdskflt - ok

19:25:14.0741 4780 hpqwmiex (7b1637e5e0476ce22e8d76ac1203205e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

19:25:14.0771 4780 hpqwmiex - ok

19:25:14.0811 4780 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

19:25:14.0821 4780 HpSAMD - ok

19:25:14.0841 4780 hpsrv (a88a45e82bc54bffb49c63973010226a) C:\Windows\system32\Hpservice.exe

19:25:14.0851 4780 hpsrv - ok

19:25:14.0921 4780 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

19:25:14.0941 4780 HPWMISVC - ok

19:25:15.0031 4780 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

19:25:15.0101 4780 HTTP - ok

19:25:15.0131 4780 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

19:25:15.0141 4780 hwpolicy - ok

19:25:15.0181 4780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

19:25:15.0211 4780 i8042prt - ok

19:25:15.0281 4780 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys

19:25:15.0301 4780 iaStor - ok

19:25:15.0421 4780 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

19:25:15.0451 4780 IAStorDataMgrSvc - ok

19:25:15.0521 4780 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

19:25:15.0551 4780 iaStorV - ok

19:25:15.0681 4780 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:25:15.0711 4780 idsvc - ok

19:25:15.0941 4780 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120427.001\IDSvia64.sys

19:25:15.0971 4780 IDSVia64 - ok

19:25:17.0011 4780 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys

19:25:17.0221 4780 igfx - ok

19:25:17.0361 4780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

19:25:17.0381 4780 iirsp - ok

19:25:17.0471 4780 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

19:25:17.0561 4780 IKEEXT - ok

19:25:17.0621 4780 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

19:25:17.0691 4780 IntcDAud - ok

19:25:17.0721 4780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

19:25:17.0731 4780 intelide - ok

19:25:17.0761 4780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:25:17.0801 4780 intelppm - ok

19:25:17.0851 4780 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

19:25:17.0931 4780 IPBusEnum - ok

19:25:17.0961 4780 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:25:18.0001 4780 IpFilterDriver - ok

19:25:18.0081 4780 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

19:25:18.0161 4780 iphlpsvc - ok

19:25:18.0191 4780 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

19:25:18.0221 4780 IPMIDRV - ok

19:25:18.0261 4780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:25:18.0311 4780 IPNAT - ok

19:25:18.0451 4780 iPod Service (b7cb0b121962cd89f98c0dd89331b0c0) C:\Program Files\iPod\bin\iPodService.exe

19:25:18.0481 4780 iPod Service - ok

19:25:18.0511 4780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:25:18.0521 4780 IRENUM - ok

19:25:18.0551 4780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

19:25:18.0561 4780 isapnp - ok

19:25:18.0601 4780 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

19:25:18.0631 4780 iScsiPrt - ok

19:25:18.0671 4780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

19:25:18.0691 4780 kbdclass - ok

19:25:18.0701 4780 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

19:25:18.0731 4780 kbdhid - ok

19:25:18.0791 4780 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:25:18.0811 4780 KeyIso - ok

19:25:18.0831 4780 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

19:25:18.0851 4780 KSecDD - ok

19:25:18.0871 4780 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

19:25:18.0881 4780 KSecPkg - ok

19:25:18.0931 4780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:25:19.0021 4780 ksthunk - ok

19:25:19.0091 4780 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

19:25:19.0161 4780 KtmRm - ok

19:25:19.0241 4780 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

19:25:19.0311 4780 LanmanServer - ok

19:25:19.0371 4780 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

19:25:19.0451 4780 LanmanWorkstation - ok

19:25:19.0491 4780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:25:19.0551 4780 lltdio - ok

19:25:19.0611 4780 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

19:25:19.0681 4780 lltdsvc - ok

19:25:19.0721 4780 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

19:25:19.0751 4780 lmhosts - ok

19:25:19.0881 4780 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

19:25:19.0921 4780 LMS - ok

19:25:19.0951 4780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

19:25:19.0971 4780 LSI_FC - ok

19:25:20.0001 4780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

19:25:20.0031 4780 LSI_SAS - ok

19:25:20.0061 4780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

19:25:20.0091 4780 LSI_SAS2 - ok

19:25:20.0131 4780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

19:25:20.0161 4780 LSI_SCSI - ok

19:25:20.0191 4780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:25:20.0261 4780 luafv - ok

19:25:20.0311 4780 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

19:25:20.0341 4780 Mcx2Svc - ok

19:25:20.0361 4780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

19:25:20.0371 4780 megasas - ok

19:25:20.0441 4780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

19:25:20.0471 4780 MegaSR - ok

19:25:20.0501 4780 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

19:25:20.0511 4780 MEIx64 - ok

19:25:20.0611 4780 Microsoft SharePoint Workspace Audit Service - ok

19:25:20.0651 4780 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:25:20.0731 4780 MMCSS - ok

19:25:20.0761 4780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:25:20.0841 4780 Modem - ok

19:25:20.0881 4780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:25:20.0941 4780 monitor - ok

19:25:20.0981 4780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:25:21.0001 4780 mouclass - ok

19:25:21.0041 4780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:25:21.0081 4780 mouhid - ok

19:25:21.0131 4780 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

19:25:21.0151 4780 mountmgr - ok

19:25:21.0181 4780 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

19:25:21.0191 4780 mpio - ok

19:25:21.0221 4780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:25:21.0261 4780 mpsdrv - ok

19:25:21.0341 4780 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

19:25:21.0411 4780 MpsSvc - ok

19:25:21.0451 4780 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

19:25:21.0481 4780 MRxDAV - ok

19:25:21.0521 4780 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:25:21.0601 4780 mrxsmb - ok

19:25:21.0651 4780 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:25:21.0691 4780 mrxsmb10 - ok

19:25:21.0701 4780 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:25:21.0711 4780 mrxsmb20 - ok

19:25:21.0741 4780 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

19:25:21.0751 4780 msahci - ok

19:25:21.0791 4780 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

19:25:21.0801 4780 msdsm - ok

19:25:21.0831 4780 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

19:25:21.0861 4780 MSDTC - ok

19:25:21.0901 4780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:25:21.0931 4780 Msfs - ok

19:25:21.0991 4780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:25:22.0071 4780 mshidkmdf - ok

19:25:22.0101 4780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

19:25:22.0111 4780 msisadrv - ok

19:25:22.0161 4780 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

19:25:22.0201 4780 MSiSCSI - ok

19:25:22.0201 4780 msiserver - ok

19:25:22.0231 4780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:25:22.0301 4780 MSKSSRV - ok

19:25:22.0321 4780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:25:22.0411 4780 MSPCLOCK - ok

19:25:22.0441 4780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:25:22.0491 4780 MSPQM - ok

19:25:22.0551 4780 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

19:25:22.0581 4780 MsRPC - ok

19:25:22.0601 4780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

19:25:22.0611 4780 mssmbios - ok

19:25:22.0661 4780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:25:22.0741 4780 MSTEE - ok

19:25:22.0761 4780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

19:25:22.0771 4780 MTConfig - ok

19:25:22.0791 4780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:25:22.0801 4780 Mup - ok

19:25:22.0931 4780 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

19:25:22.0951 4780 MyWiFiDHCPDNS - ok

19:25:23.0101 4780 N360 (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\ccSvcHst.exe

19:25:23.0131 4780 N360 - ok

19:25:23.0191 4780 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

19:25:23.0261 4780 napagent - ok

19:25:23.0331 4780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:25:23.0391 4780 NativeWifiP - ok

19:25:23.0541 4780 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120420.002\ENG64.SYS

19:25:23.0571 4780 NAVENG - ok

19:25:23.0751 4780 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120420.002\EX64.SYS

19:25:23.0801 4780 NAVEX15 - ok

19:25:24.0011 4780 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

19:25:24.0041 4780 NDIS - ok

19:25:24.0081 4780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:25:24.0171 4780 NdisCap - ok

19:25:24.0221 4780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:25:24.0271 4780 NdisTapi - ok

19:25:24.0291 4780 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

19:25:24.0341 4780 Ndisuio - ok

19:25:24.0381 4780 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

19:25:24.0441 4780 NdisWan - ok

19:25:24.0471 4780 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

19:25:24.0511 4780 NDProxy - ok

19:25:24.0541 4780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:25:24.0621 4780 NetBIOS - ok

19:25:24.0661 4780 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

19:25:24.0721 4780 NetBT - ok

19:25:24.0761 4780 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:25:24.0771 4780 Netlogon - ok

19:25:24.0821 4780 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

19:25:24.0891 4780 Netman - ok

19:25:24.0951 4780 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

19:25:25.0061 4780 netprofm - ok

19:25:25.0171 4780 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:25:25.0191 4780 NetTcpPortSharing - ok

19:25:25.0771 4780 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys

19:25:25.0911 4780 NETwNs64 - ok

19:25:26.0081 4780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

19:25:26.0111 4780 nfrd960 - ok

19:25:26.0161 4780 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

19:25:26.0231 4780 NlaSvc - ok

19:25:26.0251 4780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:25:26.0291 4780 Npfs - ok

19:25:26.0321 4780 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

19:25:26.0401 4780 nsi - ok

19:25:26.0431 4780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:25:26.0511 4780 nsiproxy - ok

19:25:26.0691 4780 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

19:25:26.0731 4780 Ntfs - ok

19:25:26.0861 4780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:25:26.0921 4780 Null - ok

19:25:26.0961 4780 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys

19:25:27.0021 4780 nusb3hub - ok

19:25:27.0071 4780 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys

19:25:27.0141 4780 nusb3xhc - ok

19:25:27.0211 4780 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

19:25:27.0261 4780 NVENETFD - ok

19:25:27.0321 4780 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

19:25:27.0341 4780 nvraid - ok

19:25:27.0371 4780 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

19:25:27.0381 4780 nvstor - ok

19:25:27.0431 4780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

19:25:27.0451 4780 nv_agp - ok

19:25:27.0481 4780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

19:25:27.0501 4780 ohci1394 - ok

19:25:27.0591 4780 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:25:27.0611 4780 ose - ok

19:25:28.0111 4780 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:25:28.0201 4780 osppsvc - ok

19:25:28.0361 4780 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:25:28.0451 4780 p2pimsvc - ok

19:25:28.0521 4780 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

19:25:28.0541 4780 p2psvc - ok

19:25:28.0601 4780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

19:25:28.0631 4780 Parport - ok

19:25:28.0661 4780 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

19:25:28.0671 4780 partmgr - ok

19:25:28.0721 4780 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

19:25:28.0771 4780 PcaSvc - ok

19:25:28.0811 4780 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

19:25:28.0821 4780 pci - ok

19:25:28.0841 4780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:25:28.0851 4780 pciide - ok

19:25:28.0891 4780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

19:25:28.0911 4780 pcmcia - ok

19:25:28.0941 4780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:25:28.0951 4780 pcw - ok

19:25:29.0011 4780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:25:29.0071 4780 PEAUTH - ok

19:25:29.0181 4780 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

19:25:29.0231 4780 PerfHost - ok

19:25:29.0381 4780 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

19:25:29.0451 4780 pla - ok

19:25:29.0541 4780 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

19:25:29.0631 4780 PlugPlay - ok

19:25:29.0651 4780 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

19:25:29.0691 4780 PNRPAutoReg - ok

19:25:29.0751 4780 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:25:29.0771 4780 PNRPsvc - ok

19:25:29.0841 4780 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

19:25:29.0921 4780 PolicyAgent - ok

19:25:29.0971 4780 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

19:25:30.0061 4780 Power - ok

19:25:30.0151 4780 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

19:25:30.0231 4780 PptpMiniport - ok

19:25:30.0251 4780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

19:25:30.0281 4780 Processor - ok

19:25:30.0321 4780 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

19:25:30.0401 4780 ProfSvc - ok

19:25:30.0441 4780 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:25:30.0471 4780 ProtectedStorage - ok

19:25:30.0511 4780 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

19:25:30.0581 4780 Psched - ok

19:25:30.0621 4780 PTDUBus (bccea08c45bea866ffd2af32d23611b5) C:\Windows\system32\DRIVERS\PTDUBus.sys

19:25:30.0631 4780 PTDUBus - ok

19:25:30.0681 4780 PTDUMdm (f94a0753921e97cebb9002682097149a) C:\Windows\system32\DRIVERS\PTDUMdm.sys

19:25:30.0691 4780 PTDUMdm - ok

19:25:30.0711 4780 PTDUVsp (ac70cdae9e26d26ef6f41c3c23087aae) C:\Windows\system32\DRIVERS\PTDUVsp.sys

19:25:30.0731 4780 PTDUVsp - ok

19:25:30.0751 4780 PTDUWFLT (1d2bd34a8e5c9efd75085af598a7d9b4) C:\Windows\system32\DRIVERS\PTDUWFLT.sys

19:25:30.0761 4780 PTDUWFLT - ok

19:25:30.0781 4780 PTDUWWAN (3d47d2ae93fdf671c3c997b2fac4e13f) C:\Windows\system32\DRIVERS\PTDUWWAN.sys

19:25:30.0801 4780 PTDUWWAN - ok

19:25:30.0931 4780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

19:25:30.0971 4780 ql2300 - ok

19:25:31.0121 4780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

19:25:31.0141 4780 ql40xx - ok

19:25:31.0181 4780 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

19:25:31.0201 4780 QWAVE - ok

19:25:31.0231 4780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:25:31.0261 4780 QWAVEdrv - ok

19:25:31.0291 4780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:25:31.0321 4780 RasAcd - ok

19:25:31.0361 4780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:25:31.0431 4780 RasAgileVpn - ok

19:25:31.0471 4780 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

19:25:31.0561 4780 RasAuto - ok

19:25:31.0591 4780 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:25:31.0631 4780 Rasl2tp - ok

19:25:31.0691 4780 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

19:25:31.0761 4780 RasMan - ok

19:25:31.0801 4780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:25:31.0881 4780 RasPppoe - ok

19:25:31.0931 4780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:25:32.0011 4780 RasSstp - ok

19:25:32.0051 4780 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

19:25:32.0121 4780 rdbss - ok

19:25:32.0191 4780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

19:25:32.0221 4780 rdpbus - ok

19:25:32.0241 4780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:25:32.0301 4780 RDPCDD - ok

19:25:32.0321 4780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:25:32.0401 4780 RDPENCDD - ok

19:25:32.0431 4780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:25:32.0461 4780 RDPREFMP - ok

19:25:32.0511 4780 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

19:25:32.0571 4780 RDPWD - ok

19:25:32.0621 4780 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

19:25:32.0651 4780 rdyboost - ok

19:25:32.0801 4780 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

19:25:32.0831 4780 RegSrvc - ok

19:25:32.0871 4780 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

19:25:32.0931 4780 RemoteAccess - ok

19:25:32.0991 4780 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

19:25:33.0071 4780 RemoteRegistry - ok

19:25:33.0181 4780 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

19:25:33.0211 4780 RoxioNow Service - ok

19:25:33.0231 4780 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

19:25:33.0291 4780 RpcEptMapper - ok

19:25:33.0321 4780 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

19:25:33.0351 4780 RpcLocator - ok

19:25:33.0421 4780 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:25:33.0471 4780 RpcSs - ok

19:25:33.0591 4780 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys

19:25:33.0631 4780 RSPCIESTOR - ok

19:25:33.0671 4780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:25:33.0721 4780 rspndr - ok

19:25:33.0771 4780 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys

19:25:33.0791 4780 RTL8167 - ok

19:25:33.0821 4780 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:25:33.0831 4780 SamSs - ok

19:25:33.0871 4780 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

19:25:33.0881 4780 sbp2port - ok

19:25:33.0931 4780 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

19:25:33.0981 4780 SCardSvr - ok

19:25:34.0021 4780 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

19:25:34.0101 4780 scfilter - ok

19:25:34.0221 4780 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

19:25:34.0291 4780 Schedule - ok

19:25:34.0321 4780 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:25:34.0381 4780 SCPolicySvc - ok

19:25:34.0441 4780 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

19:25:34.0491 4780 sdbus - ok

19:25:34.0551 4780 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

19:25:34.0641 4780 SDRSVC - ok

19:25:34.0671 4780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:25:34.0731 4780 secdrv - ok

19:25:34.0771 4780 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

19:25:34.0821 4780 seclogon - ok

19:25:34.0841 4780 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

19:25:34.0921 4780 SENS - ok

19:25:34.0971 4780 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

19:25:35.0071 4780 SensrSvc - ok

19:25:35.0101 4780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

19:25:35.0141 4780 Serenum - ok

19:25:35.0201 4780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

19:25:35.0241 4780 Serial - ok

19:25:35.0281 4780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

19:25:35.0331 4780 sermouse - ok

19:25:35.0391 4780 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

19:25:35.0471 4780 SessionEnv - ok

19:25:35.0501 4780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

19:25:35.0521 4780 sffdisk - ok

19:25:35.0531 4780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

19:25:35.0561 4780 sffp_mmc - ok

19:25:35.0591 4780 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

19:25:35.0641 4780 sffp_sd - ok

19:25:35.0671 4780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

19:25:35.0711 4780 sfloppy - ok

19:25:35.0821 4780 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

19:25:35.0861 4780 Sftfs - ok

19:25:35.0971 4780 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

19:25:36.0001 4780 sftlist - ok

19:25:36.0041 4780 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

19:25:36.0051 4780 Sftplay - ok

19:25:36.0071 4780 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

19:25:36.0081 4780 Sftredir - ok

19:25:36.0091 4780 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

19:25:36.0101 4780 Sftvol - ok

19:25:36.0131 4780 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

19:25:36.0141 4780 sftvsa - ok

19:25:36.0191 4780 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

19:25:36.0231 4780 SharedAccess - ok

19:25:36.0291 4780 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

19:25:36.0361 4780 ShellHWDetection - ok

19:25:36.0411 4780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

19:25:36.0421 4780 SiSRaid2 - ok

19:25:36.0451 4780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

19:25:36.0461 4780 SiSRaid4 - ok

19:25:36.0491 4780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:25:36.0551 4780 Smb - ok

19:25:36.0651 4780 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS

19:25:36.0671 4780 SMSIVZAM5X64 - ok

19:25:36.0721 4780 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

19:25:36.0761 4780 SNMPTRAP - ok

19:25:36.0801 4780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:25:36.0811 4780 spldr - ok

19:25:36.0881 4780 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

19:25:36.0921 4780 Spooler - ok

19:25:37.0201 4780 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

19:25:37.0291 4780 sppsvc - ok

19:25:37.0421 4780 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

19:25:37.0481 4780 sppuinotify - ok

19:25:37.0651 4780 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\N360x64\0601020.00A\SRTSP64.SYS

19:25:37.0681 4780 SRTSP - ok

19:25:37.0701 4780 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\N360x64\0601020.00A\SRTSPX64.SYS

19:25:37.0711 4780 SRTSPX - ok

19:25:37.0771 4780 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

19:25:37.0861 4780 srv - ok

19:25:37.0931 4780 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

19:25:37.0981 4780 srv2 - ok

19:25:38.0081 4780 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

19:25:38.0111 4780 SrvHsfHDA - ok

19:25:38.0221 4780 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

19:25:38.0271 4780 SrvHsfV92 - ok

19:25:38.0471 4780 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

19:25:38.0531 4780 SrvHsfWinac - ok

19:25:38.0581 4780 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

19:25:38.0611 4780 srvnet - ok

19:25:38.0651 4780 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

19:25:38.0701 4780 SSDPSRV - ok

19:25:38.0731 4780 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

19:25:38.0771 4780 SstpSvc - ok

19:25:38.0891 4780 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe

19:25:38.0911 4780 STacSV - ok

19:25:38.0941 4780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

19:25:38.0951 4780 stexstor - ok

19:25:39.0071 4780 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys

19:25:39.0111 4780 STHDA - ok

19:25:39.0211 4780 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

19:25:39.0251 4780 stisvc - ok

19:25:39.0271 4780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

19:25:39.0281 4780 swenum - ok

19:25:39.0351 4780 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

19:25:39.0431 4780 swprv - ok

19:25:39.0561 4780 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS

19:25:39.0591 4780 SymDS - ok

19:25:39.0711 4780 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS

19:25:39.0751 4780 SymEFA - ok

19:25:39.0821 4780 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

19:25:39.0841 4780 SymEvent - ok

19:25:39.0881 4780 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS

19:25:39.0901 4780 SymIRON - ok

19:25:39.0951 4780 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS

19:25:39.0971 4780 SymNetS - ok

19:25:40.0131 4780 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys

19:25:40.0171 4780 SynTP - ok

19:25:40.0431 4780 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

19:25:40.0491 4780 SysMain - ok

19:25:40.0611 4780 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

19:25:40.0681 4780 TabletInputService - ok

19:25:40.0721 4780 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

19:25:40.0781 4780 TapiSrv - ok

19:25:40.0821 4780 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

19:25:40.0861 4780 TBS - ok

19:25:41.0091 4780 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

19:25:41.0131 4780 Tcpip - ok

19:25:41.0441 4780 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

19:25:41.0491 4780 TCPIP6 - ok

19:25:41.0621 4780 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

19:25:41.0711 4780 tcpipreg - ok

19:25:41.0741 4780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:25:41.0751 4780 TDPIPE - ok

19:25:41.0781 4780 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

19:25:41.0821 4780 TDTCP - ok

19:25:41.0861 4780 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

19:25:41.0911 4780 tdx - ok

19:25:41.0961 4780 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

19:25:41.0971 4780 TermDD - ok

19:25:42.0051 4780 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

19:25:42.0111 4780 TermService - ok

19:25:42.0151 4780 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

19:25:42.0191 4780 Themes - ok

19:25:42.0221 4780 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:25:42.0261 4780 THREADORDER - ok

19:25:42.0291 4780 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

19:25:42.0341 4780 TrkWks - ok

19:25:42.0401 4780 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

19:25:42.0461 4780 TrustedInstaller - ok

19:25:42.0501 4780 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:25:42.0551 4780 tssecsrv - ok

19:25:42.0591 4780 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

19:25:42.0611 4780 TsUsbFlt - ok

19:25:42.0641 4780 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

19:25:42.0681 4780 TsUsbGD - ok

19:25:42.0731 4780 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

19:25:42.0811 4780 tunnel - ok

19:25:42.0841 4780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

19:25:42.0851 4780 uagp35 - ok

19:25:42.0911 4780 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

19:25:42.0991 4780 udfs - ok

19:25:43.0021 4780 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

19:25:43.0041 4780 UI0Detect - ok

19:25:43.0101 4780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

19:25:43.0151 4780 uliagpkx - ok

19:25:43.0211 4780 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

19:25:43.0261 4780 umbus - ok

19:25:43.0291 4780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

19:25:43.0341 4780 UmPass - ok

19:25:43.0651 4780 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

19:25:43.0711 4780 UNS - ok

19:25:43.0851 4780 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

19:25:43.0941 4780 upnphost - ok

19:25:44.0011 4780 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

19:25:44.0101 4780 USBAAPL64 - ok

19:25:44.0141 4780 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

19:25:44.0191 4780 usbccgp - ok

19:25:44.0241 4780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

19:25:44.0271 4780 usbcir - ok

19:25:44.0291 4780 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

19:25:44.0331 4780 usbehci - ok

19:25:44.0401 4780 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

19:25:44.0451 4780 usbhub - ok

19:25:44.0481 4780 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

19:25:44.0511 4780 usbohci - ok

19:25:44.0561 4780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:25:44.0621 4780 usbprint - ok

19:25:44.0671 4780 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:25:44.0701 4780 USBSTOR - ok

19:25:44.0721 4780 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

19:25:44.0761 4780 usbuhci - ok

19:25:44.0821 4780 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

19:25:44.0851 4780 usbvideo - ok

19:25:44.0881 4780 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

19:25:44.0941 4780 UxSms - ok

19:25:44.0981 4780 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:25:44.0991 4780 VaultSvc - ok

19:25:45.0011 4780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

19:25:45.0031 4780 vdrvroot - ok

19:25:45.0101 4780 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

19:25:45.0171 4780 vds - ok

19:25:45.0211 4780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:25:45.0241 4780 vga - ok

19:25:45.0261 4780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:25:45.0311 4780 VgaSave - ok

19:25:45.0371 4780 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

19:25:45.0391 4780 vhdmp - ok

19:25:45.0421 4780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

19:25:45.0431 4780 viaide - ok

19:25:45.0461 4780 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

19:25:45.0481 4780 volmgr - ok

19:25:45.0541 4780 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

19:25:45.0551 4780 volmgrx - ok

19:25:45.0611 4780 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

19:25:45.0641 4780 volsnap - ok

19:25:45.0681 4780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

19:25:45.0701 4780 vsmraid - ok

19:25:45.0851 4780 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

19:25:45.0921 4780 VSS - ok

19:25:46.0061 4780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:25:46.0121 4780 vwifibus - ok

19:25:46.0161 4780 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:25:46.0221 4780 vwififlt - ok

19:25:46.0251 4780 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

19:25:46.0261 4780 vwifimp - ok

19:25:46.0331 4780 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

19:25:46.0381 4780 W32Time - ok

19:25:46.0411 4780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

19:25:46.0441 4780 WacomPen - ok

19:25:46.0491 4780 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:25:46.0561 4780 WANARP - ok

19:25:46.0561 4780 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:25:46.0591 4780 Wanarpv6 - ok

19:25:46.0731 4780 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

19:25:46.0761 4780 WatAdminSvc - ok

19:25:46.0911 4780 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

19:25:46.0981 4780 wbengine - ok

19:25:47.0111 4780 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

19:25:47.0161 4780 WbioSrvc - ok

19:25:47.0201 4780 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

19:25:47.0251 4780 wcncsvc - ok

19:25:47.0271 4780 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

19:25:47.0301 4780 WcsPlugInService - ok

19:25:47.0351 4780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

19:25:47.0381 4780 Wd - ok

19:25:47.0461 4780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:25:47.0491 4780 Wdf01000 - ok

19:25:47.0521 4780 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:25:47.0581 4780 WdiServiceHost - ok

19:25:47.0581 4780 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:25:47.0601 4780 WdiSystemHost - ok

19:25:47.0641 4780 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys

19:25:47.0651 4780 wdkmd - ok

19:25:47.0701 4780 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

19:25:47.0761 4780 WebClient - ok

19:25:47.0811 4780 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

19:25:47.0891 4780 Wecsvc - ok

19:25:47.0931 4780 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

19:25:47.0971 4780 wercplsupport - ok

19:25:48.0011 4780 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

19:25:48.0071 4780 WerSvc - ok

19:25:48.0131 4780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:25:48.0181 4780 WfpLwf - ok

19:25:48.0221 4780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:25:48.0231 4780 WIMMount - ok

19:25:48.0251 4780 WinDefend - ok

19:25:48.0251 4780 WinHttpAutoProxySvc - ok

19:25:48.0321 4780 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

19:25:48.0381 4780 Winmgmt - ok

19:25:48.0601 4780 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

19:25:48.0661 4780 WinRM - ok

19:25:48.0821 4780 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

19:25:48.0851 4780 WinUsb - ok

19:25:48.0961 4780 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

19:25:49.0041 4780 Wlansvc - ok

19:25:49.0131 4780 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

19:25:49.0151 4780 wlcrasvc - ok

19:25:49.0391 4780 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:25:49.0441 4780 wlidsvc - ok

19:25:49.0571 4780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

19:25:49.0621 4780 WmiAcpi - ok

19:25:49.0711 4780 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

19:25:49.0761 4780 wmiApSrv - ok

19:25:49.0821 4780 WMPNetworkSvc - ok

19:25:49.0851 4780 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

19:25:49.0891 4780 WPCSvc - ok

19:25:49.0911 4780 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

19:25:49.0931 4780 WPDBusEnum - ok

19:25:49.0961 4780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:25:49.0991 4780 ws2ifsl - ok

19:25:50.0031 4780 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

19:25:50.0101 4780 wscsvc - ok

19:25:50.0101 4780 WSearch - ok

19:25:50.0311 4780 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

19:25:50.0391 4780 wuauserv - ok

19:25:50.0541 4780 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

19:25:50.0621 4780 WudfPf - ok

19:25:50.0661 4780 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:25:50.0741 4780 WUDFRd - ok

19:25:50.0771 4780 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

19:25:50.0821 4780 wudfsvc - ok

19:25:50.0851 4780 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

19:25:50.0871 4780 WwanSvc - ok

19:25:50.0911 4780 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

19:25:50.0951 4780 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

19:25:50.0951 4780 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

19:25:51.0011 4780 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

19:25:51.0011 4780 \Device\Harddisk0\DR0 - detected TDSS File System (1)

19:25:51.0011 4780 Boot (0x1200) (97a4e1af68b0c5d7529196783c90014d) \Device\Harddisk0\DR0\Partition0

19:25:51.0011 4780 \Device\Harddisk0\DR0\Partition0 - ok

19:25:51.0041 4780 Boot (0x1200) (29fda0f0e3e6bc6f612a74751a98f6fc) \Device\Harddisk0\DR0\Partition1

19:25:51.0041 4780 \Device\Harddisk0\DR0\Partition1 - ok

19:25:51.0071 4780 Boot (0x1200) (38d7bef16ff0d74c1e9e9171afc46987) \Device\Harddisk0\DR0\Partition2

19:25:51.0071 4780 \Device\Harddisk0\DR0\Partition2 - ok

19:25:51.0151 4780 Boot (0x1200) (4637e7dd8f91bf8eff6158739d96b9f0) \Device\Harddisk0\DR0\Partition3

19:25:51.0151 4780 \Device\Harddisk0\DR0\Partition3 - ok

19:25:51.0151 4780 ============================================================

19:25:51.0151 4780 Scan finished

19:25:51.0151 4780 ============================================================

19:25:51.0171 5908 Detected object count: 2

19:25:51.0171 5908 Actual detected object count: 2

19:26:22.0371 5908 \Device\Harddisk0\DR0\# - copied to quarantine

19:26:22.0371 5908 \Device\Harddisk0\DR0 - copied to quarantine

19:26:22.0441 5908 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

19:26:22.0451 5908 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

19:26:22.0461 5908 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

19:26:22.0471 5908 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

19:26:22.0501 5908 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

19:26:22.0511 5908 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

19:26:22.0521 5908 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

19:26:22.0521 5908 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

19:26:22.0521 5908 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

19:26:22.0531 5908 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

19:26:22.0531 5908 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

19:26:22.0531 5908 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

19:26:22.0571 5908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

19:26:22.0621 5908 \Device\Harddisk0\DR0 - ok

19:26:23.0111 5908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

19:26:23.0111 5908 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

19:26:23.0111 5908 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

19:26:25.0270 3840 Deinitialize success

Share this post


Link to post
Share on other sites

My first post was telling me that it was too long so I had to post the 2nd and 3rd log files in this second post.

THANKS FOR ALL OF YOUR HELP so far MANIAC! It is greatly appreciated.

2) Malwarebytes' Anti-Malware log

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.30.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Charles N. Hasek :: MIGUEL-AAH-HP [administrator]

4/29/2012 7:31:01 PM

mbam-log-2012-04-29 (19-31-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 216412

Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

3) Fresh DDS log file

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Charles N. Hasek at 19:44:37 on 2012-04-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4698 [GMT -5:00]

.

AV: Norton 360 *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\ccSvcHst.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\userinit.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\ccSvcHst.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\PrintIsolationHost.exe

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\coIEPlg.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5} : DhcpNameServer = 8.8.8.8 8.4.4.4

TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5}\16474777966696 : DhcpNameServer = 184.49.34.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5}\3557E63756470245F65727370223831383 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5}\45451402D4162796E616 : DhcpNameServer = 192.168.1.7

TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5}\54E676C616E646E45647 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5}\C4353544F57455543545 : DhcpNameServer = 10.10.1.10 150.199.1.1

TCP: Interfaces\{D4E1D05E-A367-42CC-88BC-B5E9A7039FE5}\D656564796E6760227F6F6D60277966696 : DhcpNameServer = 4.2.2.2 4.2.2.3 150.199.1.29

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\coIEPlg.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-20 1160824]

R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120427.001\IDSviA64.sys [2012-4-28 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0601020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-14 89600]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-6-21 514232]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Norton 360\Engine\6.1.2.10\ccsvchst.exe [2012-4-12 138232]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-12 138360]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\system32\DRIVERS\PTDUBus.sys --> C:\Windows\system32\DRIVERS\PTDUBus.sys [?]

R3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\system32\DRIVERS\PTDUMdm.sys --> C:\Windows\system32\DRIVERS\PTDUMdm.sys [?]

R3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\system32\DRIVERS\PTDUVsp.sys --> C:\Windows\system32\DRIVERS\PTDUVsp.sys [?]

R3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\system32\DRIVERS\PTDUWFLT.sys --> C:\Windows\system32\DRIVERS\PTDUWFLT.sys [?]

R3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\system32\DRIVERS\PTDUWWAN.sys --> C:\Windows\system32\DRIVERS\PTDUWWAN.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-14 13336]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-14 2656280]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-30 00:24:21 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-17 02:11:29 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\Apple

2012-04-16 17:48:21 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Roaming\Malwarebytes

2012-04-16 17:47:50 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-16 17:47:49 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-16 17:47:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-14 02:35:54 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Roaming\Smith Micro

2012-04-13 00:13:47 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2012-04-12 22:39:43 738936 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtsp64.sys

2012-04-12 22:39:43 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symds64.sys

2012-04-12 22:39:43 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symnets.sys

2012-04-12 22:39:43 37496 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtspx64.sys

2012-04-12 22:39:43 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\ironx64.sys

2012-04-12 22:39:43 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\ccsetx64.sys

2012-04-12 22:39:43 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symefa64.sys

2012-04-12 22:39:40 -------- d-----w- C:\Windows\System32\drivers\N360x64\0601020.00A

2012-04-12 22:24:53 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-04-12 22:24:53 -------- d-----w- C:\Program Files\Symantec

2012-04-12 22:24:05 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2012-04-12 21:20:12 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\LogMeIn Rescue Applet

2012-04-12 20:59:50 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\Hewlett-Packard

2012-04-11 04:26:31 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\CyberLink

2012-04-11 04:07:27 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-04-11 04:07:23 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C92D2B71-5323-42B2-BA11-43E17388C1B0}\mpengine.dll

2012-04-11 03:59:59 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\Hewlett-Packard_Company

2012-04-11 03:58:03 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\Hewlett-Packard_Developme

2012-04-11 03:53:00 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\CrashDumps

2012-04-11 03:34:48 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Local\Symantec

2012-04-11 03:25:48 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-11 03:25:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-11 03:25:48 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-11 03:25:48 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-11 03:25:48 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-11 03:25:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-11 03:25:48 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-04 02:59:42 -------- d-----w- C:\Users\Charles N. Hasek\AppData\Roaming\Verizon Wireless

2012-04-04 02:58:54 -------- d-----w- C:\ProgramData\WEngineLite

2012-04-04 02:58:54 -------- d-----w- C:\ProgramData\Verizon Wireless

2012-04-04 02:58:54 -------- d-----w- C:\Program Files (x86)\Verizon Wireless

2012-04-04 02:57:07 70672 ----a-w- C:\Windows\System32\drivers\PTDUBus.sys

2012-04-04 02:57:07 173456 ----a-w- C:\Windows\System32\drivers\PTDUVsp.sys

2012-04-04 02:57:07 173456 ----a-w- C:\Windows\System32\drivers\PTDUMdm.sys

2012-04-04 02:57:07 141840 ----a-w- C:\Windows\System32\drivers\PTDUWWAN.sys

2012-04-04 02:57:07 12688 ----a-w- C:\Windows\System32\drivers\PTDUWFLT.sys

2012-04-04 02:57:07 111704 ----a-w- C:\Windows\SysWow64\PTDUWmcp64.dll

2012-04-04 02:57:07 111704 ----a-w- C:\Windows\System32\PTDUWmcp64.dll

2012-04-04 02:57:07 100952 ----a-w- C:\Windows\SysWow64\PTDUWmcp.dll

2012-04-04 02:57:07 100952 ----a-w- C:\Windows\System32\PTDUWmcp.dll

2012-04-04 02:57:07 -------- d-----w- C:\Program Files\PANTECH

.

==================== Find3M ====================

.

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-14 17:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 19:46:24.07 ===============

Share this post


Link to post
Share on other sites

Good! :)

Step 1

Please re-run TDSSKiller and following the same instructions choose Delete option for this one:

19:26:23.0111 5908 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:26:23.0111 5908 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.