Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Virus Won't Delete


  • Please log in to reply
3 replies to this topic

#1 MrSandman805

MrSandman805

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 January 2013 - 03:41 PM

Hello everyone,

I'll preface this all by saying I'm a noob at this sort of stuff. My sister downloaded a virus (playalotgames) from the internet. I tried to download Norton onto the computer, but I read online that the virus prevents the antivirus software from opening. What I have done so far is downloaded rkill, downloaded malwarebytes and ran a full scan. During the first full scan, the computer had a blue screen (not sure if real) then restarted. After the restart, malwarebytes pops up about every 10 seconds saying it's quarantined a trojan. I clicked delete all, but it just comes back 10 seconds later. Malwarebytes says it's under C/:svchost.trojan.agent. Any suggestions on what to do?
?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:30 PM

Posted 10 January 2013 - 04:48 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 MrSandman805

MrSandman805
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 10 January 2013 - 09:29 PM

I was not able to download the Avast. It said it could not find the program and to ensure that I typed it correctly.


Here is the log for TDSS
16:15:13.0188 4592 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:15:13.0809 4592 ============================================================
16:15:13.0809 4592 Current date / time: 2013/01/10 16:15:13.0809
16:15:13.0809 4592 SystemInfo:
16:15:13.0809 4592
16:15:13.0809 4592 OS Version: 6.1.7601 ServicePack: 1.0
16:15:13.0809 4592 Product type: Workstation
16:15:13.0809 4592 ComputerName: CAROLYN-PC
16:15:13.0809 4592 UserName: CAROLYN
16:15:13.0809 4592 Windows directory: C:\Windows
16:15:13.0809 4592 System windows directory: C:\Windows
16:15:13.0809 4592 Running under WOW64
16:15:13.0809 4592 Processor architecture: Intel x64
16:15:13.0809 4592 Number of processors: 4
16:15:13.0809 4592 Page size: 0x1000
16:15:13.0810 4592 Boot type: Normal boot
16:15:13.0810 4592 ============================================================
16:15:14.0187 4592 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:15:14.0202 4592 ============================================================
16:15:14.0202 4592 \Device\Harddisk0\DR0:
16:15:14.0202 4592 MBR partitions:
16:15:14.0202 4592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x143F000
16:15:14.0202 4592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1453000, BlocksNum 0x49404800
16:15:14.0202 4592 ============================================================
16:15:14.0219 4592 C: <-> \Device\Harddisk0\DR0\Partition2
16:15:14.0219 4592 ============================================================
16:15:14.0219 4592 Initialize success
16:15:14.0219 4592 ============================================================
16:16:00.0738 3532 ============================================================
16:16:00.0738 3532 Scan started
16:16:00.0738 3532 Mode: Manual; TDLFS;
16:16:00.0738 3532 ============================================================
16:16:00.0993 3532 ================ Scan system memory ========================
16:16:00.0993 3532 System memory - ok
16:16:00.0993 3532 ================ Scan services =============================
16:16:01.0156 3532 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:16:01.0159 3532 1394ohci - ok
16:16:01.0197 3532 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:16:01.0200 3532 ACPI - ok
16:16:01.0218 3532 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:16:01.0219 3532 AcpiPmi - ok
16:16:01.0366 3532 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:16:01.0368 3532 AdobeFlashPlayerUpdateSvc - ok
16:16:01.0419 3532 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:16:01.0427 3532 adp94xx - ok
16:16:01.0460 3532 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:16:01.0465 3532 adpahci - ok
16:16:01.0481 3532 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:16:01.0485 3532 adpu320 - ok
16:16:01.0518 3532 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:16:01.0520 3532 AeLookupSvc - ok
16:16:01.0566 3532 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:16:01.0573 3532 AFD - ok
16:16:01.0616 3532 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:16:01.0617 3532 agp440 - ok
16:16:01.0641 3532 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:16:01.0644 3532 ALG - ok
16:16:01.0669 3532 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:16:01.0670 3532 aliide - ok
16:16:01.0685 3532 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:16:01.0686 3532 amdide - ok
16:16:01.0692 3532 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:16:01.0694 3532 AmdK8 - ok
16:16:01.0715 3532 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:16:01.0717 3532 AmdPPM - ok
16:16:01.0748 3532 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:16:01.0750 3532 amdsata - ok
16:16:01.0772 3532 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:16:01.0776 3532 amdsbs - ok
16:16:01.0792 3532 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:16:01.0792 3532 amdxata - ok
16:16:01.0831 3532 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:16:01.0833 3532 AppID - ok
16:16:01.0855 3532 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:16:01.0856 3532 AppIDSvc - ok
16:16:01.0894 3532 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:16:01.0895 3532 Appinfo - ok
16:16:01.0993 3532 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:16:01.0994 3532 Apple Mobile Device - ok
16:16:02.0019 3532 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:16:02.0021 3532 arc - ok
16:16:02.0027 3532 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:16:02.0029 3532 arcsas - ok
16:16:02.0051 3532 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:16:02.0052 3532 AsyncMac - ok
16:16:02.0089 3532 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:16:02.0090 3532 atapi - ok
16:16:02.0141 3532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:16:02.0150 3532 AudioEndpointBuilder - ok
16:16:02.0165 3532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:16:02.0168 3532 AudioSrv - ok
16:16:02.0222 3532 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:16:02.0224 3532 AxInstSV - ok
16:16:02.0259 3532 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:16:02.0264 3532 b06bdrv - ok
16:16:02.0269 3532 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:16:02.0273 3532 b57nd60a - ok
16:16:02.0377 3532 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
16:16:02.0379 3532 BBSvc - ok
16:16:02.0438 3532 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
16:16:02.0441 3532 BBUpdate - ok
16:16:02.0466 3532 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:16:02.0468 3532 BDESVC - ok
16:16:02.0475 3532 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:16:02.0475 3532 Beep - ok
16:16:02.0532 3532 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:16:02.0541 3532 BFE - ok
16:16:02.0807 3532 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130107.001\BHDrvx64.sys
16:16:02.0813 3532 BHDrvx64 - ok
16:16:02.0845 3532 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:16:02.0853 3532 BITS - ok
16:16:02.0880 3532 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:16:02.0881 3532 blbdrive - ok
16:16:02.0962 3532 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:16:02.0969 3532 Bonjour Service - ok
16:16:03.0005 3532 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:16:03.0007 3532 bowser - ok
16:16:03.0036 3532 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:16:03.0037 3532 BrFiltLo - ok
16:16:03.0062 3532 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:16:03.0063 3532 BrFiltUp - ok
16:16:03.0099 3532 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:16:03.0101 3532 Browser - ok
16:16:03.0129 3532 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:16:03.0134 3532 Brserid - ok
16:16:03.0147 3532 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:16:03.0149 3532 BrSerWdm - ok
16:16:03.0171 3532 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:16:03.0172 3532 BrUsbMdm - ok
16:16:03.0193 3532 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:16:03.0194 3532 BrUsbSer - ok
16:16:03.0215 3532 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:16:03.0217 3532 BTHMODEM - ok
16:16:03.0262 3532 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:16:03.0264 3532 bthserv - ok
16:16:03.0332 3532 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1402000.013\ccSetx64.sys
16:16:03.0334 3532 ccSet_N360 - ok
16:16:03.0357 3532 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:16:03.0359 3532 cdfs - ok
16:16:03.0400 3532 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:16:03.0403 3532 cdrom - ok
16:16:03.0455 3532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:16:03.0457 3532 CertPropSvc - ok
16:16:03.0485 3532 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:16:03.0486 3532 circlass - ok
16:16:03.0520 3532 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:16:03.0526 3532 CLFS - ok
16:16:03.0588 3532 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:16:03.0589 3532 clr_optimization_v2.0.50727_32 - ok
16:16:03.0648 3532 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:16:03.0650 3532 clr_optimization_v2.0.50727_64 - ok
16:16:03.0715 3532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:16:03.0716 3532 clr_optimization_v4.0.30319_32 - ok
16:16:03.0753 3532 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:16:03.0755 3532 clr_optimization_v4.0.30319_64 - ok
16:16:03.0783 3532 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:16:03.0784 3532 CmBatt - ok
16:16:03.0824 3532 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:16:03.0825 3532 cmdide - ok
16:16:03.0874 3532 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:16:03.0881 3532 CNG - ok
16:16:03.0893 3532 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:16:03.0894 3532 Compbatt - ok
16:16:03.0922 3532 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:16:03.0924 3532 CompositeBus - ok
16:16:03.0944 3532 COMSysApp - ok
16:16:03.0958 3532 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:16:03.0959 3532 crcdisk - ok
16:16:04.0009 3532 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:16:04.0012 3532 CryptSvc - ok
16:16:04.0062 3532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:16:04.0072 3532 DcomLaunch - ok
16:16:04.0110 3532 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:16:04.0116 3532 defragsvc - ok
16:16:04.0145 3532 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:16:04.0147 3532 DfsC - ok
16:16:04.0195 3532 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:16:04.0200 3532 Dhcp - ok
16:16:04.0255 3532 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:16:04.0255 3532 discache - ok
16:16:04.0278 3532 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:16:04.0280 3532 Disk - ok
16:16:04.0310 3532 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:16:04.0313 3532 Dnscache - ok
16:16:04.0362 3532 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
16:16:04.0364 3532 DockLoginService - ok
16:16:04.0403 3532 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:16:04.0408 3532 dot3svc - ok
16:16:04.0447 3532 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:16:04.0449 3532 DPS - ok
16:16:04.0477 3532 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:16:04.0478 3532 drmkaud - ok
16:16:04.0512 3532 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:16:04.0521 3532 DXGKrnl - ok
16:16:04.0540 3532 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:16:04.0542 3532 EapHost - ok
16:16:04.0608 3532 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:16:04.0638 3532 ebdrv - ok
16:16:04.0684 3532 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:16:04.0686 3532 eeCtrl - ok
16:16:04.0722 3532 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:16:04.0723 3532 EFS - ok
16:16:04.0765 3532 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:16:04.0775 3532 ehRecvr - ok
16:16:04.0798 3532 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:16:04.0800 3532 ehSched - ok
16:16:04.0834 3532 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:16:04.0842 3532 elxstor - ok
16:16:04.0861 3532 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:16:04.0862 3532 EraserUtilRebootDrv - ok
16:16:04.0887 3532 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:16:04.0888 3532 ErrDev - ok
16:16:04.0927 3532 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:16:04.0933 3532 EventSystem - ok
16:16:04.0951 3532 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:16:04.0955 3532 exfat - ok
16:16:04.0975 3532 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:16:04.0979 3532 fastfat - ok
16:16:05.0031 3532 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:16:05.0041 3532 Fax - ok
16:16:05.0052 3532 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:16:05.0053 3532 fdc - ok
16:16:05.0082 3532 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:16:05.0083 3532 fdPHost - ok
16:16:05.0093 3532 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:16:05.0094 3532 FDResPub - ok
16:16:05.0105 3532 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:16:05.0106 3532 FileInfo - ok
16:16:05.0113 3532 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:16:05.0114 3532 Filetrace - ok
16:16:05.0131 3532 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:16:05.0132 3532 flpydisk - ok
16:16:05.0155 3532 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:16:05.0159 3532 FltMgr - ok
16:16:05.0217 3532 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
16:16:05.0232 3532 FontCache - ok
16:16:05.0279 3532 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:16:05.0281 3532 FontCache3.0.0.0 - ok
16:16:05.0303 3532 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:16:05.0305 3532 FsDepends - ok
16:16:05.0343 3532 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:16:05.0344 3532 Fs_Rec - ok
16:16:05.0383 3532 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:16:05.0386 3532 fvevol - ok
16:16:05.0403 3532 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:16:05.0405 3532 gagp30kx - ok
16:16:05.0445 3532 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:16:05.0445 3532 GEARAspiWDM - ok
16:16:05.0484 3532 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
16:16:05.0486 3532 GoToAssist - ok
16:16:05.0517 3532 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:16:05.0528 3532 gpsvc - ok
16:16:05.0540 3532 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:16:05.0542 3532 hcw85cir - ok
16:16:05.0587 3532 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:16:05.0589 3532 HDAudBus - ok
16:16:05.0621 3532 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:16:05.0622 3532 HECIx64 - ok
16:16:05.0629 3532 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:16:05.0630 3532 HidBatt - ok
16:16:05.0646 3532 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:16:05.0658 3532 HidBth - ok
16:16:05.0681 3532 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:16:05.0683 3532 HidIr - ok
16:16:05.0716 3532 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:16:05.0717 3532 hidserv - ok
16:16:05.0741 3532 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:16:05.0743 3532 HidUsb - ok
16:16:05.0782 3532 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:16:05.0784 3532 hkmsvc - ok
16:16:05.0814 3532 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:16:05.0820 3532 HomeGroupListener - ok
16:16:05.0855 3532 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:16:05.0859 3532 HomeGroupProvider - ok
16:16:05.0888 3532 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:16:05.0890 3532 HpSAMD - ok
16:16:05.0935 3532 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:16:05.0946 3532 HTTP - ok
16:16:05.0961 3532 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:16:05.0962 3532 hwpolicy - ok
16:16:05.0997 3532 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:16:05.0998 3532 i8042prt - ok
16:16:06.0034 3532 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:16:06.0039 3532 iaStor - ok
16:16:06.0109 3532 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:16:06.0110 3532 IAStorDataMgrSvc - ok
16:16:06.0133 3532 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:16:06.0139 3532 iaStorV - ok
16:16:06.0181 3532 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:16:06.0194 3532 idsvc - ok
16:16:06.0357 3532 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130109.001\IDSvia64.sys
16:16:06.0362 3532 IDSVia64 - ok
16:16:06.0396 3532 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:16:06.0398 3532 iirsp - ok
16:16:06.0450 3532 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:16:06.0461 3532 IKEEXT - ok
16:16:06.0521 3532 [ EE64207F2F5C20BFE5F73DB2566C4601 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:16:06.0537 3532 IntcAzAudAddService - ok
16:16:06.0562 3532 [ 49072EDBC5C2F964917D1B585C90ED0A ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
16:16:06.0565 3532 IntcDAud - ok
16:16:06.0579 3532 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:16:06.0580 3532 intelide - ok
16:16:06.0603 3532 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:16:06.0604 3532 intelppm - ok
16:16:06.0697 3532 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
16:16:06.0697 3532 IntuitUpdateService - ok
16:16:06.0751 3532 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
16:16:06.0751 3532 IntuitUpdateServiceV4 - ok
16:16:06.0782 3532 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:16:06.0785 3532 IPBusEnum - ok
16:16:06.0820 3532 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:16:06.0822 3532 IpFilterDriver - ok
16:16:06.0873 3532 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:16:06.0881 3532 iphlpsvc - ok
16:16:06.0902 3532 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:16:06.0904 3532 IPMIDRV - ok
16:16:06.0920 3532 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:16:06.0923 3532 IPNAT - ok
16:16:06.0967 3532 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:16:06.0970 3532 iPod Service - ok
16:16:06.0990 3532 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:16:06.0991 3532 IRENUM - ok
16:16:07.0004 3532 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:16:07.0006 3532 isapnp - ok
16:16:07.0028 3532 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:16:07.0032 3532 iScsiPrt - ok
16:16:07.0068 3532 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
16:16:07.0072 3532 k57nd60a - ok
16:16:07.0084 3532 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:16:07.0085 3532 kbdclass - ok
16:16:07.0110 3532 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:16:07.0111 3532 kbdhid - ok
16:16:07.0135 3532 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:16:07.0137 3532 KeyIso - ok
16:16:07.0166 3532 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:16:07.0168 3532 KSecDD - ok
16:16:07.0186 3532 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:16:07.0188 3532 KSecPkg - ok
16:16:07.0197 3532 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:16:07.0198 3532 ksthunk - ok
16:16:07.0227 3532 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:16:07.0234 3532 KtmRm - ok
16:16:07.0266 3532 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:16:07.0271 3532 LanmanServer - ok
16:16:07.0303 3532 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:16:07.0305 3532 LanmanWorkstation - ok
16:16:07.0338 3532 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:16:07.0340 3532 lltdio - ok
16:16:07.0363 3532 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:16:07.0369 3532 lltdsvc - ok
16:16:07.0389 3532 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:16:07.0389 3532 lmhosts - ok
16:16:07.0409 3532 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:16:07.0411 3532 LSI_FC - ok
16:16:07.0427 3532 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:16:07.0429 3532 LSI_SAS - ok
16:16:07.0443 3532 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:16:07.0445 3532 LSI_SAS2 - ok
16:16:07.0465 3532 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:16:07.0467 3532 LSI_SCSI - ok
16:16:07.0484 3532 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:16:07.0486 3532 luafv - ok
16:16:07.0529 3532 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:16:07.0530 3532 MBAMProtector - ok
16:16:07.0615 3532 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:16:07.0619 3532 MBAMScheduler - ok
16:16:07.0667 3532 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:16:07.0674 3532 MBAMService - ok
16:16:07.0709 3532 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:16:07.0712 3532 Mcx2Svc - ok
16:16:07.0729 3532 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:16:07.0730 3532 megasas - ok
16:16:07.0757 3532 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:16:07.0763 3532 MegaSR - ok
16:16:07.0792 3532 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:16:07.0794 3532 MMCSS - ok
16:16:07.0799 3532 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:16:07.0801 3532 Modem - ok
16:16:07.0831 3532 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:16:07.0832 3532 monitor - ok
16:16:07.0860 3532 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
16:16:07.0861 3532 mouclass - ok
16:16:07.0877 3532 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:16:07.0878 3532 mouhid - ok
16:16:07.0913 3532 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:16:07.0915 3532 mountmgr - ok
16:16:07.0938 3532 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:16:07.0941 3532 mpio - ok
16:16:07.0961 3532 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:16:07.0963 3532 mpsdrv - ok
16:16:08.0007 3532 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:16:08.0020 3532 MpsSvc - ok
16:16:08.0055 3532 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:16:08.0058 3532 MRxDAV - ok
16:16:08.0088 3532 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:16:08.0091 3532 mrxsmb - ok
16:16:08.0123 3532 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:16:08.0128 3532 mrxsmb10 - ok
16:16:08.0142 3532 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:16:08.0145 3532 mrxsmb20 - ok
16:16:08.0191 3532 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:16:08.0192 3532 msahci - ok
16:16:08.0225 3532 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:16:08.0228 3532 msdsm - ok
16:16:08.0245 3532 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:16:08.0250 3532 MSDTC - ok
16:16:08.0265 3532 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:16:08.0267 3532 Msfs - ok
16:16:08.0273 3532 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:16:08.0274 3532 mshidkmdf - ok
16:16:08.0286 3532 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:16:08.0287 3532 msisadrv - ok
16:16:08.0340 3532 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:16:08.0344 3532 MSiSCSI - ok
16:16:08.0349 3532 msiserver - ok
16:16:08.0377 3532 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:16:08.0378 3532 MSKSSRV - ok
16:16:08.0397 3532 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:16:08.0398 3532 MSPCLOCK - ok
16:16:08.0414 3532 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:16:08.0415 3532 MSPQM - ok
16:16:08.0457 3532 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:16:08.0462 3532 MsRPC - ok
16:16:08.0477 3532 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:16:08.0477 3532 mssmbios - ok
16:16:08.0491 3532 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:16:08.0493 3532 MSTEE - ok
16:16:08.0504 3532 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:16:08.0505 3532 MTConfig - ok
16:16:08.0522 3532 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:16:08.0523 3532 Mup - ok
16:16:08.0583 3532 [ 4A9258B9597A31DB68EC9740F3A8A70B ] N360 C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe
16:16:08.0585 3532 N360 - ok
16:16:08.0619 3532 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:16:08.0625 3532 napagent - ok
16:16:08.0651 3532 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:16:08.0656 3532 NativeWifiP - ok
16:16:08.0733 3532 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130110.005\ENG64.SYS
16:16:08.0734 3532 NAVENG - ok
16:16:08.0787 3532 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130110.005\EX64.SYS
16:16:08.0801 3532 NAVEX15 - ok
16:16:08.0835 3532 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:16:08.0847 3532 NDIS - ok
16:16:08.0870 3532 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:16:08.0898 3532 NdisCap - ok
16:16:08.0932 3532 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:16:08.0933 3532 NdisTapi - ok
16:16:08.0958 3532 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:16:08.0960 3532 Ndisuio - ok
16:16:08.0994 3532 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:16:08.0998 3532 NdisWan - ok
16:16:09.0035 3532 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:16:09.0037 3532 NDProxy - ok
16:16:09.0049 3532 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:16:09.0050 3532 NetBIOS - ok
16:16:09.0088 3532 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:16:09.0092 3532 NetBT - ok
16:16:09.0109 3532 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:16:09.0110 3532 Netlogon - ok
16:16:09.0139 3532 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:16:09.0142 3532 Netman - ok
16:16:09.0167 3532 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:16:09.0174 3532 netprofm - ok
16:16:09.0197 3532 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:16:09.0199 3532 NetTcpPortSharing - ok
16:16:09.0221 3532 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:16:09.0223 3532 nfrd960 - ok
16:16:09.0249 3532 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:16:09.0254 3532 NlaSvc - ok
16:16:09.0268 3532 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:16:09.0270 3532 Npfs - ok
16:16:09.0294 3532 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:16:09.0295 3532 nsi - ok
16:16:09.0302 3532 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:16:09.0303 3532 nsiproxy - ok
16:16:09.0367 3532 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:16:09.0380 3532 Ntfs - ok
16:16:09.0394 3532 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:16:09.0395 3532 Null - ok
16:16:09.0422 3532 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:16:09.0423 3532 NVHDA - ok
16:16:09.0620 3532 [ FE625499F48A992FCB0B676F08833FFC ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:16:09.0665 3532 nvlddmkm - ok
16:16:09.0737 3532 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:16:09.0741 3532 nvraid - ok
16:16:09.0760 3532 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:16:09.0764 3532 nvstor - ok
16:16:09.0807 3532 [ D2755AFEF371FADCFC5D9B83DCD4F4D4 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:16:09.0814 3532 nvsvc - ok
16:16:09.0839 3532 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:16:09.0840 3532 nv_agp - ok
16:16:09.0921 3532 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:16:09.0926 3532 odserv - ok
16:16:09.0944 3532 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:16:09.0946 3532 ohci1394 - ok
16:16:09.0987 3532 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:16:09.0990 3532 ose - ok
16:16:10.0025 3532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:16:10.0028 3532 p2pimsvc - ok
16:16:10.0041 3532 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:16:10.0043 3532 p2psvc - ok
16:16:10.0063 3532 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:16:10.0065 3532 Parport - ok
16:16:10.0094 3532 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:16:10.0096 3532 partmgr - ok
16:16:10.0112 3532 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:16:10.0116 3532 PcaSvc - ok
16:16:10.0128 3532 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:16:10.0130 3532 pci - ok
16:16:10.0152 3532 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:16:10.0154 3532 pciide - ok
16:16:10.0169 3532 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:16:10.0173 3532 pcmcia - ok
16:16:10.0189 3532 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:16:10.0190 3532 pcw - ok
16:16:10.0215 3532 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:16:10.0225 3532 PEAUTH - ok
16:16:10.0310 3532 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:16:10.0312 3532 PerfHost - ok
16:16:10.0371 3532 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:16:10.0389 3532 pla - ok
16:16:10.0438 3532 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:16:10.0445 3532 PlugPlay - ok
16:16:10.0470 3532 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:16:10.0473 3532 PNRPAutoReg - ok
16:16:10.0489 3532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:16:10.0493 3532 PNRPsvc - ok
16:16:10.0516 3532 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:16:10.0524 3532 PolicyAgent - ok
16:16:10.0552 3532 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:16:10.0554 3532 Power - ok
16:16:10.0579 3532 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:16:10.0581 3532 PptpMiniport - ok
16:16:10.0595 3532 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:16:10.0596 3532 Processor - ok
16:16:10.0619 3532 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
16:16:10.0624 3532 ProfSvc - ok
16:16:10.0636 3532 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:16:10.0637 3532 ProtectedStorage - ok
16:16:10.0683 3532 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:16:10.0686 3532 Psched - ok
16:16:10.0727 3532 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:16:10.0728 3532 PxHlpa64 - ok
16:16:10.0794 3532 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:16:10.0808 3532 ql2300 - ok
16:16:10.0824 3532 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:16:10.0826 3532 ql40xx - ok
16:16:10.0854 3532 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:16:10.0861 3532 QWAVE - ok
16:16:10.0876 3532 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:16:10.0878 3532 QWAVEdrv - ok
16:16:10.0887 3532 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:16:10.0888 3532 RasAcd - ok
16:16:10.0912 3532 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:16:10.0913 3532 RasAgileVpn - ok
16:16:10.0923 3532 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:16:10.0925 3532 RasAuto - ok
16:16:10.0952 3532 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:16:10.0955 3532 Rasl2tp - ok
16:16:10.0993 3532 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:16:10.0999 3532 RasMan - ok
16:16:11.0015 3532 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:16:11.0016 3532 RasPppoe - ok
16:16:11.0031 3532 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:16:11.0033 3532 RasSstp - ok
16:16:11.0046 3532 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:16:11.0050 3532 rdbss - ok
16:16:11.0068 3532 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:16:11.0069 3532 rdpbus - ok
16:16:11.0093 3532 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:16:11.0094 3532 RDPCDD - ok
16:16:11.0115 3532 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:16:11.0115 3532 RDPENCDD - ok
16:16:11.0143 3532 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:16:11.0143 3532 RDPREFMP - ok
16:16:11.0175 3532 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:16:11.0179 3532 RDPWD - ok
16:16:11.0209 3532 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:16:11.0213 3532 rdyboost - ok
16:16:11.0236 3532 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:16:11.0238 3532 RemoteAccess - ok
16:16:11.0253 3532 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:16:11.0256 3532 RemoteRegistry - ok
16:16:11.0364 3532 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
16:16:11.0384 3532 RoxMediaDB10 - ok
16:16:11.0397 3532 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:16:11.0400 3532 RpcEptMapper - ok
16:16:11.0426 3532 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:16:11.0428 3532 RpcLocator - ok
16:16:11.0467 3532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:16:11.0474 3532 RpcSs - ok
16:16:11.0490 3532 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:16:11.0492 3532 rspndr - ok
16:16:11.0496 3532 RxFilter - ok
16:16:11.0506 3532 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:16:11.0508 3532 SamSs - ok
16:16:11.0545 3532 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:16:11.0547 3532 sbp2port - ok
16:16:11.0572 3532 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:16:11.0575 3532 SCardSvr - ok
16:16:11.0604 3532 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:16:11.0606 3532 scfilter - ok
16:16:11.0651 3532 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:16:11.0669 3532 Schedule - ok
16:16:11.0699 3532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:16:11.0700 3532 SCPolicySvc - ok
16:16:11.0734 3532 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:16:11.0748 3532 SDRSVC - ok
16:16:11.0767 3532 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:16:11.0768 3532 secdrv - ok
16:16:11.0780 3532 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:16:11.0782 3532 seclogon - ok
16:16:11.0797 3532 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:16:11.0800 3532 SENS - ok
16:16:11.0820 3532 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:16:11.0823 3532 SensrSvc - ok
16:16:11.0847 3532 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:16:11.0848 3532 Serenum - ok
16:16:11.0877 3532 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:16:11.0879 3532 Serial - ok
16:16:11.0912 3532 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:16:11.0913 3532 sermouse - ok
16:16:11.0949 3532 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:16:11.0953 3532 SessionEnv - ok
16:16:11.0976 3532 SessionLauncher - ok
16:16:12.0004 3532 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:16:12.0005 3532 sffdisk - ok
16:16:12.0021 3532 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:16:12.0022 3532 sffp_mmc - ok
16:16:12.0027 3532 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:16:12.0029 3532 sffp_sd - ok
16:16:12.0047 3532 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:16:12.0049 3532 sfloppy - ok
16:16:12.0081 3532 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:16:12.0088 3532 SharedAccess - ok
16:16:12.0126 3532 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:16:12.0133 3532 ShellHWDetection - ok
16:16:12.0146 3532 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:16:12.0147 3532 SiSRaid2 - ok
16:16:12.0153 3532 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:16:12.0155 3532 SiSRaid4 - ok
16:16:12.0181 3532 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:16:12.0182 3532 Smb - ok
16:16:12.0208 3532 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:16:12.0211 3532 SNMPTRAP - ok
16:16:12.0224 3532 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:16:12.0224 3532 spldr - ok
16:16:12.0246 3532 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
16:16:12.0256 3532 Spooler - ok
16:16:12.0340 3532 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:16:12.0369 3532 sppsvc - ok
16:16:12.0381 3532 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:16:12.0383 3532 sppuinotify - ok
16:16:12.0441 3532 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
16:16:12.0442 3532 sprtsvc_DellSupportCenter - ok
16:16:12.0536 3532 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\system32\drivers\N360x64\1402000.013\SRTSP64.SYS
16:16:12.0543 3532 SRTSP - ok
16:16:12.0566 3532 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS
16:16:12.0567 3532 SRTSPX - ok
16:16:12.0609 3532 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:16:12.0617 3532 srv - ok
16:16:12.0635 3532 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:16:12.0639 3532 srv2 - ok
16:16:12.0651 3532 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:16:12.0653 3532 srvnet - ok
16:16:12.0683 3532 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:16:12.0687 3532 SSDPSRV - ok
16:16:12.0704 3532 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:16:12.0708 3532 SstpSvc - ok
16:16:12.0726 3532 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:16:12.0727 3532 stexstor - ok
16:16:12.0784 3532 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:16:12.0785 3532 StillCam - ok
16:16:12.0840 3532 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:16:12.0850 3532 stisvc - ok
16:16:12.0899 3532 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:16:12.0902 3532 stllssvr - ok
16:16:12.0937 3532 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:16:12.0938 3532 swenum - ok
16:16:12.0962 3532 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:16:12.0969 3532 swprv - ok
16:16:13.0016 3532 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\N360x64\1402000.013\SYMDS64.SYS
16:16:13.0024 3532 SymDS - ok
16:16:13.0056 3532 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\N360x64\1402000.013\SYMEFA64.SYS
16:16:13.0071 3532 SymEFA - ok
16:16:13.0099 3532 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:16:13.0100 3532 SymEvent - ok
16:16:13.0110 3532 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1402000.013\Ironx64.SYS
16:16:13.0111 3532 SymIRON - ok
16:16:13.0125 3532 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\system32\drivers\N360x64\1402000.013\SYMNETS.SYS
16:16:13.0129 3532 SymNetS - ok
16:16:13.0185 3532 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:16:13.0207 3532 SysMain - ok
16:16:13.0238 3532 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:16:13.0242 3532 TabletInputService - ok
16:16:13.0259 3532 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:16:13.0266 3532 TapiSrv - ok
16:16:13.0288 3532 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:16:13.0291 3532 TBS - ok
16:16:13.0357 3532 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:16:13.0373 3532 Tcpip - ok
16:16:13.0468 3532 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:16:13.0481 3532 TCPIP6 - ok
16:16:13.0521 3532 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:16:13.0523 3532 tcpipreg - ok
16:16:13.0550 3532 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:16:13.0551 3532 TDPIPE - ok
16:16:13.0585 3532 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:16:13.0586 3532 TDTCP - ok
16:16:13.0624 3532 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:16:13.0626 3532 tdx - ok
16:16:13.0660 3532 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:16:13.0661 3532 TermDD - ok
16:16:13.0713 3532 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:16:13.0721 3532 TermService - ok
16:16:13.0733 3532 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:16:13.0735 3532 Themes - ok
16:16:13.0763 3532 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:16:13.0763 3532 THREADORDER - ok
16:16:13.0772 3532 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:16:13.0774 3532 TrkWks - ok
16:16:13.0828 3532 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:16:13.0830 3532 TrustedInstaller - ok
16:16:13.0860 3532 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:16:13.0861 3532 tssecsrv - ok
16:16:13.0922 3532 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:16:13.0924 3532 TsUsbFlt - ok
16:16:13.0967 3532 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:16:13.0969 3532 tunnel - ok
16:16:13.0988 3532 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:16:13.0989 3532 uagp35 - ok
16:16:14.0031 3532 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:16:14.0036 3532 udfs - ok
16:16:14.0051 3532 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:16:14.0053 3532 UI0Detect - ok
16:16:14.0076 3532 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:16:14.0078 3532 uliagpkx - ok
16:16:14.0114 3532 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:16:14.0116 3532 umbus - ok
16:16:14.0142 3532 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:16:14.0143 3532 UmPass - ok
16:16:14.0172 3532 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:16:14.0176 3532 upnphost - ok
16:16:14.0211 3532 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:16:14.0213 3532 USBAAPL64 - ok
16:16:14.0245 3532 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
16:16:14.0248 3532 usbccgp - ok
16:16:14.0265 3532 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:16:14.0268 3532 usbcir - ok
16:16:14.0301 3532 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:16:14.0302 3532 usbehci - ok
16:16:14.0319 3532 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
16:16:14.0325 3532 usbhub - ok
16:16:14.0342 3532 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:16:14.0343 3532 usbohci - ok
16:16:14.0365 3532 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:16:14.0367 3532 usbprint - ok
16:16:14.0402 3532 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:16:14.0404 3532 usbscan - ok
16:16:14.0417 3532 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:16:14.0420 3532 USBSTOR - ok
16:16:14.0425 3532 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:16:14.0426 3532 usbuhci - ok
16:16:14.0441 3532 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:16:14.0444 3532 UxSms - ok
16:16:14.0467 3532 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:16:14.0469 3532 VaultSvc - ok
16:16:14.0491 3532 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:16:14.0492 3532 vdrvroot - ok
16:16:14.0532 3532 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:16:14.0542 3532 vds - ok
16:16:14.0559 3532 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:16:14.0560 3532 vga - ok
16:16:14.0576 3532 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:16:14.0577 3532 VgaSave - ok
16:16:14.0596 3532 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:16:14.0600 3532 vhdmp - ok
16:16:14.0629 3532 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:16:14.0630 3532 viaide - ok
16:16:14.0649 3532 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:16:14.0651 3532 volmgr - ok
16:16:14.0692 3532 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:16:14.0698 3532 volmgrx - ok
16:16:14.0713 3532 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:16:14.0718 3532 volsnap - ok
16:16:14.0746 3532 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:16:14.0750 3532 vsmraid - ok
16:16:14.0828 3532 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:16:14.0843 3532 VSS - ok
16:16:14.0855 3532 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:16:14.0856 3532 vwifibus - ok
16:16:14.0884 3532 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:16:14.0891 3532 W32Time - ok
16:16:14.0905 3532 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:16:14.0906 3532 WacomPen - ok
16:16:14.0922 3532 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:16:14.0923 3532 WANARP - ok
16:16:14.0926 3532 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:16:14.0926 3532 Wanarpv6 - ok
16:16:14.0981 3532 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:16:14.0998 3532 WatAdminSvc - ok
16:16:15.0035 3532 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:16:15.0050 3532 wbengine - ok
16:16:15.0060 3532 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:16:15.0063 3532 WbioSrvc - ok
16:16:15.0094 3532 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:16:15.0102 3532 wcncsvc - ok
16:16:15.0113 3532 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:16:15.0117 3532 WcsPlugInService - ok
16:16:15.0132 3532 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:16:15.0133 3532 Wd - ok
16:16:15.0158 3532 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:16:15.0167 3532 Wdf01000 - ok
16:16:15.0182 3532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:16:15.0185 3532 WdiServiceHost - ok
16:16:15.0188 3532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:16:15.0189 3532 WdiSystemHost - ok
16:16:15.0226 3532 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:16:15.0232 3532 WebClient - ok
16:16:15.0247 3532 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:16:15.0252 3532 Wecsvc - ok
16:16:15.0266 3532 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:16:15.0269 3532 wercplsupport - ok
16:16:15.0286 3532 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:16:15.0289 3532 WerSvc - ok
16:16:15.0303 3532 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:16:15.0305 3532 WfpLwf - ok
16:16:15.0321 3532 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:16:15.0323 3532 WIMMount - ok
16:16:15.0336 3532 WinDefend - ok
16:16:15.0342 3532 WinHttpAutoProxySvc - ok
16:16:15.0388 3532 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:16:15.0391 3532 Winmgmt - ok
16:16:15.0463 3532 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:16:15.0489 3532 WinRM - ok
16:16:15.0534 3532 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:16:15.0536 3532 WinUsb - ok
16:16:15.0581 3532 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:16:15.0595 3532 Wlansvc - ok
16:16:15.0702 3532 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:16:15.0711 3532 wlidsvc - ok
16:16:15.0735 3532 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:16:15.0736 3532 WmiAcpi - ok
16:16:15.0769 3532 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:16:15.0773 3532 wmiApSrv - ok
16:16:15.0800 3532 WMPNetworkSvc - ok
16:16:15.0836 3532 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:16:15.0838 3532 WPCSvc - ok
16:16:15.0869 3532 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:16:15.0872 3532 WPDBusEnum - ok
16:16:15.0896 3532 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:16:15.0898 3532 ws2ifsl - ok
16:16:15.0907 3532 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:16:15.0912 3532 wscsvc - ok
16:16:15.0917 3532 WSearch - ok
16:16:15.0996 3532 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:16:16.0017 3532 wuauserv - ok
16:16:16.0031 3532 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:16:16.0033 3532 WudfPf - ok
16:16:16.0066 3532 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:16:16.0069 3532 WUDFRd - ok
16:16:16.0081 3532 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:16:16.0084 3532 wudfsvc - ok
16:16:16.0102 3532 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:16:16.0108 3532 WwanSvc - ok
16:16:16.0113 3532 ================ Scan global ===============================
16:16:16.0142 3532 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:16:16.0184 3532 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:16:16.0194 3532 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:16:16.0221 3532 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:16:16.0242 3532 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:16:16.0244 3532 [Global] - ok
16:16:16.0245 3532 ================ Scan MBR ==================================
16:16:16.0257 3532 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:16:16.0257 3532 Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:16:16.0318 3532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:16:16.0318 3532 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:16:16.0425 3532 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:16:16.0425 3532 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:16:16.0426 3532 ================ Scan VBR ==================================
16:16:16.0429 3532 [ 5181A8D9C7BDE751A559220E9B2732EB ] \Device\Harddisk0\DR0\Partition1
16:16:16.0434 3532 \Device\Harddisk0\DR0\Partition1 - ok
16:16:16.0446 3532 [ 2C150C39A1074BFA8C50A25AE9071684 ] \Device\Harddisk0\DR0\Partition2
16:16:16.0449 3532 \Device\Harddisk0\DR0\Partition2 - ok
16:16:16.0449 3532 ============================================================
16:16:16.0449 3532 Scan finished
16:16:16.0449 3532 ============================================================
16:16:16.0460 0604 Detected object count: 2
16:16:16.0460 0604 Actual detected object count: 2
16:16:54.0286 0604 \Device\Harddisk0\DR0\# - copied to quarantine
16:16:54.0289 0604 \Device\Harddisk0\DR0 - copied to quarantine
16:16:54.0354 0604 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:16:54.0358 0604 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:16:54.0383 0604 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:16:54.0398 0604 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:16:54.0401 0604 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:16:54.0404 0604 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:16:54.0407 0604 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:16:54.0412 0604 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:16:54.0418 0604 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:16:54.0421 0604 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:16:54.0424 0604 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:16:54.0427 0604 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:16:54.0458 0604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:16:54.0461 0604 \Device\Harddisk0\DR0 - ok
16:16:54.0488 0604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
16:16:54.0489 0604 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:16:54.0489 0604 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Here is the log for ENET
C:\TDSSKiller_Quarantine\10.01.2013_16.15.13\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
C:\Users\CAROLYN\AppData\Local\Google\Chrome\User Data\Default\Default\aadfgddagfdcdidjgbdhgbgcdegddigg\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\CAROLYN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\59a9415d-14c06858 Java/TrojanDownloader.OpenStream.NCA trojan deleted - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:30 PM

Posted 11 January 2013 - 01:53 AM

Restart the PC,run TDSSkiller again and post the new log

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users