Hi folks! I've been fighting with a nasty little infection here, and I think I've got a pretty good bead on what it might be (Spybot only returns results for a "Smitfraud-c.gp - a bit of googling shows this to be a particularly nasty piece of malware) - unfortunately, it doesn't want to go willingly into the recycle bin in the sky.

I've run through my normal barrage of Spybot S&D and Malware Bytes, but this guy just doesn't want to go anywhere, so I turn to the pro's. I've done my ERUNT backup, and have the necessary log files. I've also included a HijackThis logfile - maybe not necessary, but I figure the more info I provide, the better I have a chance of getting my laptop back!

Thanks in advance for any assistance!
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Rob at 9:09:37 on 2012-04-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1553 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
-netsvcs
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Rob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6814AB87-A244-4A29-9F0B-AA214F5DF91A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6814AB87-A244-4A29-9F0B-AA214F5DF91A}\46C696E6B6 : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\ziqxp591.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-13 1160824]
R1 ccHP;Symantec Hash Provider;C:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys --> C:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120418.001\IDSviA64.sys [2012-4-18 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS --> C:\windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-20 654408]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccsvchst.exe [2011-10-16 126400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-27 1153368]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-5-26 51576]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-26 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-26 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-23 22:20:41 20480 ------w- C:\windows\svchost.exe
2012-04-23 15:03:40 -------- d-----w- C:\Users\Rob\AppData\Local\CrashDumps
2012-04-20 17:49:00 -------- d-----w- C:\Users\Rob\AppData\Roaming\Malwarebytes
2012-04-20 17:48:35 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-20 17:48:33 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-04-20 17:48:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-07 21:53:11 3145728 ---ha-w- C:\windows\System32\win32k.sys
2012-04-07 21:52:57 1544192 ---ha-w- C:\windows\System32\DWrite.dll
2012-04-07 21:52:56 1077248 ---ha-w- C:\windows\SysWow64\DWrite.dll
2012-04-07 21:48:18 9216 ---ha-w- C:\windows\System32\rdrmemptylst.exe
2012-04-07 21:48:18 149504 ---ha-w- C:\windows\System32\rdpcorekmts.dll
2012-04-07 21:48:17 77312 ---ha-w- C:\windows\System32\rdpwsx.dll
2012-04-07 21:48:07 -------- d--h--w- C:\Users\Rob\AppData\Roaming\Tific
2012-04-07 21:47:55 -------- d--h--w- C:\Users\Rob\AppData\Local\Symantec
2012-04-07 21:47:34 826880 ---ha-w- C:\windows\SysWow64\rdpcore.dll
2012-04-07 21:47:34 23552 ---ha-w- C:\windows\System32\drivers\tdtcp.sys
2012-04-07 21:47:34 210944 ---ha-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-07 21:47:34 1031680 ---ha-w- C:\windows\System32\rdpcore.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-25 20:59:04 -------- d--h--w- C:\Program Files (x86)\Skype
.
==================== Find3M ====================
.
2012-02-17 12:25:56 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 9:12:43.94 ===============

Hi spetrarca, welcome to the forum.

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.



Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg

Click the Start Scan button.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg

If a suspicious object is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg

If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Hi oldman, thanks for the quick reply, and sorry about the "code" tags - thought it might make things easier to read, but I guess the road to hell really is paved with good intentions ;)

As for the log from TDSSKiller, the forums don't seem to like it as it goes over the 64000 character text limit (even without my smalltalk), and it is 126.4 KB - which exceeds the forum's limit of 48.8 KB for txt file attachments - can I provide you with a Pastebin link, or should I just try and split the log over 2 replies?

Thank you!

Hi spetrarca,

The PasteBin link will be fine or you can zip it and attach it.

you can zip it and attach it.

Never even crossed my mind, hahaha. Is there a :facepalm: emote on these boards??

Hi spetrarca,


Why yes there is. :slap:

That got some of it. let's go for the rest.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)

Right click on ComboFix.exe, click Run as Administrator & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3 CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.


Tow's the computer?

So far so good, however during combofix I recieved the attached notification - I have disabled Norton 360 Autoprotect as instructed here (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html) - am I clear to proceed, or is there another step I need to take to "fully" disable N360?

Hi spetrarca,

I think you should be all right.

Great :)

Logfile attached.

As an aside, when I tried to open Windows Explorer after running CF and letting it run through its thing and reboot, I got the error message "C:\windows\explorer.exe Illegal operation attempted on a registry key that has been marked for deletion" - possibly related to the issue at hand?

Again - thanks!

Hi spetrarca,


No that message sometimes occurs after running combofix on a Vista or Win7 machine. Reboot the computer and it will go away.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE



File::
c:\windows\svchost.exe




In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif


Please post the combofix log.

How is the computer?

It's definitely booting a bit quicker, but I won't really be able to put it through its paces until I get home and connect it to my home network. For obvious reasons, I'm not sure connecting a possibly still infected laptop to the network at the office is a "good idea" ;)

Here's the new log file

Hi spetrarca,

Something is holding that file. Please rerun TDSSKiller with the same settings as before so we can make sure it did it's job. Please post the log.

Thanks

Hi there,

I've attached the latest TDSS log.

Thanks!

At least, I thought I did - sorry!

Hi spetrarca,

Please rerun TDSSKiller. When you are present with these lines:


13:27:01.0333 4752 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:27:01.0333 4752 \Device\Harddisk0\DR0 - detected TDSS File System (1)use the drop down menu and select delete.


Next

Please follow all previous instructions regarding security programs.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE



KillAll::

RootKit::
c:\windows\svchost.exe



In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Please post the TDSSKiller log and the combofix log.

How's the computer?

Here's the logs - seems to be running pretty smooth so far!!

Hi spetrarca,

We seem to have a file that just won't go away.


Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Just letting you know I haven't abandoned the thread - been an exceptionally busy couple of days. I should have the updated logs later this afternoon. Thanks!

Hi spetrarca,

:bigthumb:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-01 12:24:25
-----------------------------
12:24:25.731 OS Version: Windows x64 6.1.7601 Service Pack 1
12:24:25.731 Number of processors: 2 586 0x100
12:24:25.731 ComputerName: ROB-PC UserName: Rob
12:24:29.865 Initialize success
19:46:58.741 AVAST engine defs: 12050101
19:49:23.245 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
19:49:23.261 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 11
19:49:23.276 Disk 0 MBR read successfully
19:49:23.292 Disk 0 MBR scan
19:49:23.354 Disk 0 Windows VISTA default MBR code
19:49:23.370 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:49:23.401 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292137 MB offset 3074048
19:49:23.448 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11607 MB offset 601370624
19:49:23.510 Disk 0 scanning C:\windows\system32\drivers
19:49:37.977 Service scanning
19:50:39.994 Modules scanning
19:50:40.010 Disk 0 trace - called modules:
19:50:40.026
19:50:41.679 AVAST engine scan C:\windows
19:50:47.248 AVAST engine scan C:\windows\system32
19:54:55.808 AVAST engine scan C:\windows\system32\drivers
19:55:20.023 AVAST engine scan C:\Users\Rob
19:57:50.379 AVAST engine scan C:\ProgramData
19:59:03.845 Scan finished successfully
20:08:20.024 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
20:08:20.040 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-01 12:24:25
-----------------------------
12:24:25.731 OS Version: Windows x64 6.1.7601 Service Pack 1
12:24:25.731 Number of processors: 2 586 0x100
12:24:25.731 ComputerName: ROB-PC UserName: Rob
12:24:29.865 Initialize success
19:46:58.741 AVAST engine defs: 12050101
19:49:23.245 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
19:49:23.261 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 11
19:49:23.276 Disk 0 MBR read successfully
19:49:23.292 Disk 0 MBR scan
19:49:23.354 Disk 0 Windows VISTA default MBR code
19:49:23.370 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:49:23.401 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292137 MB offset 3074048
19:49:23.448 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11607 MB offset 601370624
19:49:23.510 Disk 0 scanning C:\windows\system32\drivers
19:49:37.977 Service scanning
19:50:39.994 Modules scanning
19:50:40.010 Disk 0 trace - called modules:
19:50:40.026
19:50:41.679 AVAST engine scan C:\windows
19:50:47.248 AVAST engine scan C:\windows\system32
19:54:55.808 AVAST engine scan C:\windows\system32\drivers
19:55:20.023 AVAST engine scan C:\Users\Rob
19:57:50.379 AVAST engine scan C:\ProgramData
19:59:03.845 Scan finished successfully
20:08:20.024 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
20:08:20.040 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
20:08:54.110 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
20:08:54.126 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"

Hi spetrarca

You posted the combofix log from 2012-04-25 twice. There should be a combofix log from 2012-04-27. You can find it at c:\combofix.txt

Please post it's contents.

11:46:06.0803 4508 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
11:46:06.0865 4508 ============================================================
11:46:06.0881 4508 Current date / time: 2012/04/27 11:46:06.0865
11:46:06.0881 4508 SystemInfo:
11:46:06.0881 4508
11:46:06.0881 4508 OS Version: 6.1.7601 ServicePack: 1.0
11:46:06.0881 4508 Product type: Workstation
11:46:06.0881 4508 ComputerName: ROB-PC
11:46:06.0881 4508 UserName: Rob
11:46:06.0881 4508 Windows directory: C:\windows
11:46:06.0881 4508 System windows directory: C:\windows
11:46:06.0881 4508 Running under WOW64
11:46:06.0881 4508 Processor architecture: Intel x64
11:46:06.0881 4508 Number of processors: 2
11:46:06.0881 4508 Page size: 0x1000
11:46:06.0881 4508 Boot type: Normal boot
11:46:06.0881 4508 ============================================================
11:46:08.0534 4508 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:46:08.0550 4508 ============================================================
11:46:08.0550 4508 \Device\Harddisk0\DR0:
11:46:08.0550 4508 MBR partitions:
11:46:08.0550 4508 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23A94800
11:46:08.0550 4508 ============================================================
11:46:08.0581 4508 C: <-> \Device\Harddisk0\DR0\Partition0
11:46:08.0581 4508 ============================================================
11:46:08.0581 4508 Initialize success
11:46:08.0581 4508 ============================================================
11:50:29.0227 3940 ============================================================
11:50:29.0227 3940 Scan started
11:50:29.0227 3940 Mode: Manual; SigCheck; TDLFS;
11:50:29.0227 3940 ============================================================
11:50:29.0773 3940 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
11:50:29.0914 3940 1394ohci - ok
11:50:29.0976 3940 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
11:50:30.0007 3940 ACPI - ok
11:50:30.0070 3940 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
11:50:30.0116 3940 AcpiPmi - ok
11:50:30.0335 3940 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:50:30.0366 3940 AdobeARMservice - ok
11:50:30.0460 3940 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
11:50:30.0506 3940 adp94xx - ok
11:50:30.0569 3940 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
11:50:30.0616 3940 adpahci - ok
11:50:30.0709 3940 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
11:50:30.0740 3940 adpu320 - ok
11:50:30.0787 3940 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
11:50:30.0850 3940 AeLookupSvc - ok
11:50:30.0959 3940 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
11:50:31.0006 3940 AFD - ok
11:50:31.0068 3940 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
11:50:31.0099 3940 agp440 - ok
11:50:31.0162 3940 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
11:50:31.0193 3940 ALG - ok
11:50:31.0255 3940 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
11:50:31.0271 3940 aliide - ok
11:50:31.0349 3940 AMD External Events Utility (a8b81d750556fb9a9266ec65bfab63af) C:\windows\system32\atiesrxx.exe
11:50:31.0396 3940 AMD External Events Utility - ok
11:50:31.0442 3940 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
11:50:31.0458 3940 amdide - ok
11:50:31.0520 3940 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
11:50:31.0552 3940 AmdK8 - ok
11:50:32.0378 3940 amdkmdag (7a1ac757f3a2a3126a806b7319cab21b) C:\windows\system32\DRIVERS\atikmdag.sys
11:50:32.0566 3940 amdkmdag - ok
11:50:32.0784 3940 amdkmdap (eef6f806eedfd1c746071f1fd684870e) C:\windows\system32\DRIVERS\atikmpag.sys
11:50:32.0831 3940 amdkmdap - ok
11:50:32.0909 3940 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
11:50:32.0956 3940 AmdPPM - ok
11:50:33.0018 3940 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
11:50:33.0049 3940 amdsata - ok
11:50:33.0096 3940 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
11:50:33.0127 3940 amdsbs - ok
11:50:33.0158 3940 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
11:50:33.0190 3940 amdxata - ok
11:50:33.0221 3940 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
11:50:33.0283 3940 amd_sata - ok
11:50:33.0330 3940 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
11:50:33.0377 3940 amd_xata - ok
11:50:33.0439 3940 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
11:50:33.0517 3940 AppID - ok
11:50:33.0533 3940 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
11:50:33.0611 3940 AppIDSvc - ok
11:50:33.0673 3940 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
11:50:33.0736 3940 Appinfo - ok
11:50:33.0892 3940 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:50:33.0923 3940 Apple Mobile Device - ok
11:50:34.0001 3940 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
11:50:34.0032 3940 arc - ok
11:50:34.0048 3940 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
11:50:34.0063 3940 arcsas - ok
11:50:34.0094 3940 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
11:50:34.0172 3940 AsyncMac - ok
11:50:34.0204 3940 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
11:50:34.0235 3940 atapi - ok
11:50:34.0360 3940 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
11:50:34.0453 3940 AudioEndpointBuilder - ok
11:50:34.0469 3940 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
11:50:34.0547 3940 AudioSrv - ok
11:50:34.0625 3940 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
11:50:34.0672 3940 AxInstSV - ok
11:50:34.0765 3940 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
11:50:34.0812 3940 b06bdrv - ok
11:50:34.0890 3940 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
11:50:34.0937 3940 b57nd60a - ok
11:50:34.0999 3940 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
11:50:35.0030 3940 BDESVC - ok
11:50:35.0062 3940 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
11:50:35.0124 3940 Beep - ok
11:50:35.0249 3940 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
11:50:35.0342 3940 BFE - ok
11:50:35.0732 3940 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
11:50:35.0810 3940 BHDrvx64 - ok
11:50:36.0044 3940 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
11:50:36.0138 3940 BITS - ok
11:50:36.0216 3940 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
11:50:36.0247 3940 blbdrive - ok
11:50:36.0434 3940 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:50:36.0466 3940 Bonjour Service - ok
11:50:36.0512 3940 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
11:50:36.0544 3940 bowser - ok
11:50:36.0590 3940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
11:50:36.0622 3940 BrFiltLo - ok
11:50:36.0653 3940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
11:50:36.0684 3940 BrFiltUp - ok
11:50:36.0715 3940 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
11:50:36.0793 3940 BridgeMP - ok
11:50:36.0856 3940 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
11:50:36.0918 3940 Browser - ok
11:50:36.0980 3940 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
11:50:37.0012 3940 Brserid - ok
11:50:37.0043 3940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
11:50:37.0074 3940 BrSerWdm - ok
11:50:37.0074 3940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
11:50:37.0121 3940 BrUsbMdm - ok
11:50:37.0121 3940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
11:50:37.0152 3940 BrUsbSer - ok
11:50:37.0168 3940 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
11:50:37.0214 3940 BTHMODEM - ok
11:50:37.0261 3940 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
11:50:37.0339 3940 bthserv - ok
11:50:37.0370 3940 catchme - ok
11:50:37.0480 3940 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
11:50:37.0542 3940 ccHP - ok
11:50:37.0589 3940 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
11:50:37.0651 3940 cdfs - ok
11:50:37.0714 3940 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
11:50:37.0745 3940 cdrom - ok
11:50:37.0823 3940 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
11:50:37.0885 3940 CertPropSvc - ok
11:50:37.0963 3940 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
11:50:37.0994 3940 circlass - ok
11:50:38.0104 3940 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
11:50:38.0135 3940 CLFS - ok
11:50:38.0244 3940 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:50:38.0275 3940 clr_optimization_v2.0.50727_32 - ok
11:50:38.0369 3940 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:50:38.0400 3940 clr_optimization_v2.0.50727_64 - ok
11:50:38.0509 3940 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:50:38.0540 3940 clr_optimization_v4.0.30319_32 - ok
11:50:38.0650 3940 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:50:38.0681 3940 clr_optimization_v4.0.30319_64 - ok
11:50:38.0743 3940 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
11:50:38.0759 3940 CmBatt - ok
11:50:38.0790 3940 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
11:50:38.0806 3940 cmdide - ok
11:50:38.0915 3940 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
11:50:38.0962 3940 CNG - ok
11:50:39.0180 3940 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
11:50:39.0258 3940 CnxtHdAudService - ok
11:50:39.0461 3940 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
11:50:39.0508 3940 Compbatt - ok
11:50:39.0554 3940 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
11:50:39.0586 3940 CompositeBus - ok
11:50:39.0617 3940 COMSysApp - ok
11:50:39.0648 3940 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
11:50:39.0679 3940 crcdisk - ok
11:50:39.0757 3940 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
11:50:39.0835 3940 CryptSvc - ok
11:50:39.0944 3940 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
11:50:40.0038 3940 DcomLaunch - ok
11:50:40.0100 3940 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
11:50:40.0178 3940 defragsvc - ok
11:50:40.0241 3940 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
11:50:40.0303 3940 DfsC - ok
11:50:40.0381 3940 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
11:50:40.0459 3940 Dhcp - ok
11:50:40.0522 3940 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
11:50:40.0600 3940 discache - ok
11:50:40.0646 3940 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
11:50:40.0678 3940 Disk - ok
11:50:40.0724 3940 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
11:50:40.0787 3940 Dnscache - ok
11:50:40.0849 3940 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
11:50:40.0912 3940 dot3svc - ok
11:50:40.0958 3940 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
11:50:41.0021 3940 DPS - ok
11:50:41.0099 3940 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
11:50:41.0130 3940 drmkaud - ok
11:50:41.0239 3940 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
11:50:41.0302 3940 DXGKrnl - ok
11:50:41.0364 3940 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
11:50:41.0442 3940 EapHost - ok
11:50:41.0738 3940 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
11:50:41.0863 3940 ebdrv - ok
11:50:42.0066 3940 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:50:42.0128 3940 eeCtrl - ok
11:50:42.0300 3940 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
11:50:42.0347 3940 EFS - ok
11:50:42.0472 3940 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
11:50:42.0518 3940 ehRecvr - ok
11:50:42.0550 3940 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
11:50:42.0581 3940 ehSched - ok
11:50:42.0737 3940 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
11:50:42.0784 3940 elxstor - ok
11:50:42.0940 3940 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:50:42.0986 3940 EraserUtilRebootDrv - ok
11:50:43.0033 3940 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
11:50:43.0064 3940 ErrDev - ok
11:50:43.0142 3940 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
11:50:43.0189 3940 ETD - ok
11:50:43.0252 3940 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
11:50:43.0345 3940 EventSystem - ok
11:50:43.0408 3940 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
11:50:43.0486 3940 exfat - ok
11:50:43.0532 3940 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
11:50:43.0595 3940 fastfat - ok
11:50:43.0735 3940 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
11:50:43.0782 3940 Fax - ok
11:50:43.0829 3940 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
11:50:43.0860 3940 fdc - ok
11:50:43.0907 3940 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
11:50:43.0985 3940 fdPHost - ok
11:50:44.0000 3940 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
11:50:44.0063 3940 FDResPub - ok
11:50:44.0125 3940 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
11:50:44.0156 3940 FileInfo - ok
11:50:44.0172 3940 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
11:50:44.0250 3940 Filetrace - ok
11:50:44.0297 3940 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
11:50:44.0328 3940 flpydisk - ok
11:50:44.0375 3940 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
11:50:44.0406 3940 FltMgr - ok
11:50:44.0546 3940 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
11:50:44.0609 3940 FontCache - ok
11:50:44.0687 3940 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:50:44.0702 3940 FontCache3.0.0.0 - ok
11:50:44.0765 3940 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
11:50:44.0796 3940 FsDepends - ok
11:50:44.0843 3940 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
11:50:44.0858 3940 Fs_Rec - ok
11:50:44.0921 3940 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
11:50:44.0952 3940 fvevol - ok
11:50:45.0030 3940 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
11:50:45.0061 3940 FwLnk - ok
11:50:45.0124 3940 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
11:50:45.0155 3940 gagp30kx - ok
11:50:45.0186 3940 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
11:50:45.0202 3940 GEARAspiWDM - ok
11:50:45.0342 3940 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
11:50:45.0436 3940 gpsvc - ok
11:50:45.0592 3940 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:50:45.0623 3940 gupdate - ok
11:50:45.0654 3940 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:50:45.0670 3940 gupdatem - ok
11:50:45.0732 3940 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:50:45.0748 3940 gusvc - ok
11:50:45.0810 3940 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
11:50:45.0841 3940 hcw85cir - ok
11:50:45.0904 3940 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
11:50:45.0950 3940 HdAudAddService - ok
11:50:46.0013 3940 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
11:50:46.0044 3940 HDAudBus - ok
11:50:46.0075 3940 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
11:50:46.0106 3940 HidBatt - ok
11:50:46.0153 3940 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
11:50:46.0184 3940 HidBth - ok
11:50:46.0231 3940 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
11:50:46.0262 3940 HidIr - ok
11:50:46.0309 3940 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
11:50:46.0372 3940 hidserv - ok
11:50:46.0450 3940 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
11:50:46.0481 3940 HidUsb - ok
11:50:46.0543 3940 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
11:50:46.0621 3940 hkmsvc - ok
11:50:46.0668 3940 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
11:50:46.0715 3940 HomeGroupListener - ok
11:50:46.0762 3940 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
11:50:46.0793 3940 HomeGroupProvider - ok
11:50:46.0855 3940 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
11:50:46.0886 3940 HpSAMD - ok
11:50:47.0011 3940 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
11:50:47.0089 3940 HTTP - ok
11:50:47.0120 3940 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
11:50:47.0136 3940 hwpolicy - ok
11:50:47.0214 3940 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
11:50:47.0245 3940 i8042prt - ok
11:50:47.0354 3940 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
11:50:47.0386 3940 iaStorV - ok
11:50:47.0542 3940 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:50:47.0588 3940 idsvc - ok
11:50:47.0838 3940 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120418.001\IDSvia64.sys
11:50:47.0900 3940 IDSVia64 - ok
11:50:48.0041 3940 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
11:50:48.0072 3940 iirsp - ok
11:50:48.0181 3940 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
11:50:48.0275 3940 IKEEXT - ok
11:50:48.0322 3940 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
11:50:48.0337 3940 intelide - ok
11:50:48.0415 3940 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
11:50:48.0446 3940 intelppm - ok
11:50:48.0524 3940 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
11:50:48.0587 3940 IPBusEnum - ok
11:50:48.0618 3940 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
11:50:48.0696 3940 IpFilterDriver - ok
11:50:48.0790 3940 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
11:50:48.0883 3940 iphlpsvc - ok
11:50:48.0914 3940 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
11:50:48.0946 3940 IPMIDRV - ok
11:50:48.0977 3940 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
11:50:49.0055 3940 IPNAT - ok
11:50:49.0289 3940 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
11:50:49.0336 3940 iPod Service - ok
11:50:49.0382 3940 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
11:50:49.0414 3940 IRENUM - ok
11:50:49.0445 3940 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
11:50:49.0476 3940 isapnp - ok
11:50:49.0523 3940 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
11:50:49.0554 3940 iScsiPrt - ok
11:50:49.0601 3940 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
11:50:49.0648 3940 kbdclass - ok
11:50:49.0710 3940 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
11:50:49.0741 3940 kbdhid - ok
11:50:49.0772 3940 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:50:49.0804 3940 KeyIso - ok
11:50:49.0819 3940 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
11:50:49.0850 3940 KSecDD - ok
11:50:49.0882 3940 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
11:50:49.0913 3940 KSecPkg - ok
11:50:49.0975 3940 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
11:50:50.0053 3940 ksthunk - ok
11:50:50.0116 3940 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
11:50:50.0194 3940 KtmRm - ok
11:50:50.0256 3940 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
11:50:50.0287 3940 L1C - ok
11:50:50.0381 3940 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
11:50:50.0459 3940 LanmanServer - ok
11:50:50.0490 3940 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
11:50:50.0568 3940 LanmanWorkstation - ok
11:50:50.0630 3940 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
11:50:50.0693 3940 lltdio - ok
11:50:50.0755 3940 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
11:50:50.0833 3940 lltdsvc - ok
11:50:50.0880 3940 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
11:50:50.0958 3940 lmhosts - ok
11:50:51.0005 3940 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
11:50:51.0036 3940 LSI_FC - ok
11:50:51.0052 3940 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
11:50:51.0083 3940 LSI_SAS - ok
11:50:51.0114 3940 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
11:50:51.0130 3940 LSI_SAS2 - ok
11:50:51.0192 3940 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
11:50:51.0223 3940 LSI_SCSI - ok
11:50:51.0270 3940 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
11:50:51.0348 3940 luafv - ok
11:50:51.0426 3940 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
11:50:51.0488 3940 MBAMProtector - ok
11:50:51.0660 3940 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:50:51.0707 3940 MBAMService - ok
11:50:51.0769 3940 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
11:50:51.0800 3940 Mcx2Svc - ok
11:50:51.0832 3940 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
11:50:51.0863 3940 megasas - ok
11:50:51.0956 3940 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
11:50:51.0988 3940 MegaSR - ok
11:50:52.0034 3940 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
11:50:52.0112 3940 MMCSS - ok
11:50:52.0128 3940 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
11:50:52.0206 3940 Modem - ok
11:50:52.0268 3940 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
11:50:52.0300 3940 monitor - ok
11:50:52.0346 3940 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
11:50:52.0378 3940 mouclass - ok
11:50:52.0440 3940 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
11:50:52.0456 3940 mouhid - ok
11:50:52.0518 3940 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
11:50:52.0549 3940 mountmgr - ok
11:50:52.0596 3940 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
11:50:52.0627 3940 mpio - ok
11:50:52.0643 3940 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
11:50:52.0721 3940 mpsdrv - ok
11:50:52.0814 3940 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
11:50:52.0892 3940 MpsSvc - ok
11:50:52.0924 3940 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
11:50:52.0970 3940 MRxDAV - ok
11:50:53.0017 3940 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
11:50:53.0064 3940 mrxsmb - ok
11:50:53.0111 3940 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
11:50:53.0142 3940 mrxsmb10 - ok
11:50:53.0173 3940 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
11:50:53.0204 3940 mrxsmb20 - ok
11:50:53.0251 3940 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
11:50:53.0267 3940 msahci - ok
11:50:53.0298 3940 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
11:50:53.0329 3940 msdsm - ok
11:50:53.0376 3940 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
11:50:53.0407 3940 MSDTC - ok
11:50:53.0454 3940 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
11:50:53.0516 3940 Msfs - ok
11:50:53.0563 3940 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
11:50:53.0641 3940 mshidkmdf - ok
11:50:53.0672 3940 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
11:50:53.0688 3940 msisadrv - ok
11:50:53.0735 3940 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
11:50:53.0813 3940 MSiSCSI - ok
11:50:53.0813 3940 msiserver - ok
11:50:53.0891 3940 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
11:50:53.0953 3940 MSKSSRV - ok
11:50:53.0969 3940 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
11:50:54.0031 3940 MSPCLOCK - ok
11:50:54.0047 3940 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
11:50:54.0125 3940 MSPQM - ok
11:50:54.0172 3940 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
11:50:54.0203 3940 MsRPC - ok
11:50:54.0218 3940 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
11:50:54.0234 3940 mssmbios - ok
11:50:54.0296 3940 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
11:50:54.0359 3940 MSTEE - ok
11:50:54.0390 3940 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
11:50:54.0406 3940 MTConfig - ok
11:50:54.0437 3940 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
11:50:54.0468 3940 Mup - ok
11:50:54.0624 3940 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
11:50:54.0655 3940 N360 - ok
11:50:54.0749 3940 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
11:50:54.0842 3940 napagent - ok
11:50:54.0936 3940 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
11:50:54.0983 3940 NativeWifiP - ok
11:50:55.0201 3940 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120419.002\ENG64.SYS
11:50:55.0248 3940 NAVENG - ok
11:50:55.0498 3940 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120419.002\EX64.SYS
11:50:55.0607 3940 NAVEX15 - ok
11:50:55.0903 3940 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
11:50:55.0950 3940 NDIS - ok
11:50:55.0997 3940 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
11:50:56.0075 3940 NdisCap - ok
11:50:56.0137 3940 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
11:50:56.0200 3940 NdisTapi - ok
11:50:56.0262 3940 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
11:50:56.0324 3940 Ndisuio - ok
11:50:56.0356 3940 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
11:50:56.0434 3940 NdisWan - ok
11:50:56.0465 3940 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
11:50:56.0527 3940 NDProxy - ok
11:50:56.0590 3940 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
11:50:56.0668 3940 NetBIOS - ok
11:50:56.0746 3940 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
11:50:56.0824 3940 NetBT - ok
11:50:56.0886 3940 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:50:56.0917 3940 Netlogon - ok
11:50:56.0995 3940 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
11:50:57.0089 3940 Netman - ok
11:50:57.0151 3940 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
11:50:57.0245 3940 netprofm - ok
11:50:57.0338 3940 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:50:57.0370 3940 NetTcpPortSharing - ok
11:50:57.0416 3940 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
11:50:57.0448 3940 nfrd960 - ok
11:50:57.0526 3940 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
11:50:57.0619 3940 NlaSvc - ok
11:50:57.0635 3940 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
11:50:57.0713 3940 Npfs - ok
11:50:57.0728 3940 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
11:50:57.0806 3940 nsi - ok
11:50:57.0838 3940 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
11:50:57.0916 3940 nsiproxy - ok
11:50:58.0118 3940 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
11:50:58.0181 3940 Ntfs - ok
11:50:58.0337 3940 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
11:50:58.0415 3940 Null - ok
11:50:58.0446 3940 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
11:50:58.0477 3940 nvraid - ok
11:50:58.0508 3940 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
11:50:58.0540 3940 nvstor - ok
11:50:58.0618 3940 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
11:50:58.0633 3940 nv_agp - ok
11:50:58.0649 3940 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
11:50:58.0680 3940 ohci1394 - ok
11:50:58.0742 3940 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
11:50:58.0789 3940 p2pimsvc - ok
11:50:58.0852 3940 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
11:50:58.0883 3940 p2psvc - ok
11:50:58.0930 3940 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
11:50:58.0961 3940 Parport - ok
11:50:58.0992 3940 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
11:50:59.0008 3940 partmgr - ok
11:50:59.0070 3940 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
11:50:59.0101 3940 PcaSvc - ok
11:50:59.0148 3940 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
11:50:59.0164 3940 pci - ok
11:50:59.0226 3940 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
11:50:59.0242 3940 pciide - ok
11:50:59.0304 3940 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
11:50:59.0320 3940 pcmcia - ok
11:50:59.0351 3940 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
11:50:59.0366 3940 pcw - ok
11:50:59.0444 3940 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
11:50:59.0538 3940 PEAUTH - ok
11:50:59.0694 3940 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
11:50:59.0741 3940 PerfHost - ok
11:50:59.0912 3940 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
11:50:59.0959 3940 PGEffect - ok
11:51:00.0131 3940 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
11:51:00.0224 3940 pla - ok
11:51:00.0318 3940 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
11:51:00.0349 3940 PlugPlay - ok
11:51:00.0380 3940 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
11:51:00.0412 3940 PNRPAutoReg - ok
11:51:00.0458 3940 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
11:51:00.0490 3940 PNRPsvc - ok
11:51:00.0568 3940 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
11:51:00.0661 3940 PolicyAgent - ok
11:51:00.0708 3940 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
11:51:00.0786 3940 Power - ok
11:51:00.0880 3940 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
11:51:00.0958 3940 PptpMiniport - ok
11:51:00.0989 3940 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
11:51:01.0020 3940 Processor - ok
11:51:01.0067 3940 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
11:51:01.0145 3940 ProfSvc - ok
11:51:01.0160 3940 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:51:01.0192 3940 ProtectedStorage - ok
11:51:01.0223 3940 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
11:51:01.0301 3940 Psched - ok
11:51:01.0457 3940 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
11:51:01.0535 3940 ql2300 - ok
11:51:01.0706 3940 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
11:51:01.0738 3940 ql40xx - ok
11:51:01.0785 3940 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
11:51:01.0831 3940 QWAVE - ok
11:51:01.0863 3940 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
11:51:01.0909 3940 QWAVEdrv - ok
11:51:01.0941 3940 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
11:51:02.0003 3940 RasAcd - ok
11:51:02.0065 3940 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
11:51:02.0128 3940 RasAgileVpn - ok
11:51:02.0175 3940 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
11:51:02.0253 3940 RasAuto - ok
11:51:02.0331 3940 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
11:51:02.0409 3940 Rasl2tp - ok
11:51:02.0471 3940 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
11:51:02.0549 3940 RasMan - ok
11:51:02.0596 3940 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
11:51:02.0674 3940 RasPppoe - ok
11:51:02.0721 3940 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
11:51:02.0799 3940 RasSstp - ok
11:51:02.0845 3940 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
11:51:02.0923 3940 rdbss - ok
11:51:02.0955 3940 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
11:51:03.0001 3940 rdpbus - ok
11:51:03.0048 3940 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
11:51:03.0111 3940 RDPCDD - ok
11:51:03.0126 3940 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
11:51:03.0189 3940 RDPENCDD - ok
11:51:03.0220 3940 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
11:51:03.0282 3940 RDPREFMP - ok
11:51:03.0345 3940 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
11:51:03.0391 3940 RDPWD - ok
11:51:03.0454 3940 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
11:51:03.0485 3940 rdyboost - ok
11:51:03.0516 3940 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
11:51:03.0594 3940 RemoteAccess - ok
11:51:03.0641 3940 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
11:51:03.0719 3940 RemoteRegistry - ok
11:51:03.0735 3940 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
11:51:03.0813 3940 RpcEptMapper - ok
11:51:03.0859 3940 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
11:51:03.0875 3940 RpcLocator - ok
11:51:03.0953 3940 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
11:51:04.0047 3940 RpcSs - ok
11:51:04.0109 3940 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
11:51:04.0187 3940 rspndr - ok
11:51:04.0265 3940 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
11:51:04.0312 3940 RSUSBSTOR - ok
11:51:04.0499 3940 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
11:51:04.0561 3940 RTL8192Ce - ok
11:51:04.0593 3940 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:51:04.0624 3940 SamSs - ok
11:51:04.0655 3940 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
11:51:04.0686 3940 sbp2port - ok
11:51:04.0905 3940 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:51:04.0967 3940 SBSDWSCService - ok
11:51:05.0014 3940 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
11:51:05.0092 3940 SCardSvr - ok
11:51:05.0154 3940 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
11:51:05.0232 3940 scfilter - ok
11:51:05.0357 3940 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
11:51:05.0466 3940 Schedule - ok
11:51:05.0513 3940 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
11:51:05.0575 3940 SCPolicySvc - ok
11:51:05.0638 3940 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
11:51:05.0669 3940 SDRSVC - ok
11:51:05.0763 3940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
11:51:05.0841 3940 secdrv - ok
11:51:05.0872 3940 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
11:51:05.0950 3940 seclogon - ok
11:51:05.0965 3940 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
11:51:06.0043 3940 SENS - ok
11:51:06.0106 3940 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
11:51:06.0153 3940 SensrSvc - ok
11:51:06.0199 3940 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
11:51:06.0231 3940 Serenum - ok
11:51:06.0277 3940 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
11:51:06.0324 3940 Serial - ok
11:51:06.0340 3940 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
11:51:06.0355 3940 sermouse - ok
11:51:06.0418 3940 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
11:51:06.0496 3940 SessionEnv - ok
11:51:06.0511 3940 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
11:51:06.0543 3940 sffdisk - ok
11:51:06.0558 3940 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
11:51:06.0589 3940 sffp_mmc - ok
11:51:06.0621 3940 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
11:51:06.0652 3940 sffp_sd - ok
11:51:06.0683 3940 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
11:51:06.0714 3940 sfloppy - ok
11:51:06.0792 3940 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
11:51:06.0870 3940 SharedAccess - ok
11:51:06.0933 3940 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
11:51:07.0026 3940 ShellHWDetection - ok
11:51:07.0073 3940 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
11:51:07.0104 3940 SiSRaid2 - ok
11:51:07.0120 3940 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
11:51:07.0135 3940 SiSRaid4 - ok
11:51:07.0167 3940 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
11:51:07.0245 3940 Smb - ok
11:51:07.0323 3940 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
11:51:07.0354 3940 SNMPTRAP - ok
11:51:07.0385 3940 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
11:51:07.0401 3940 spldr - ok
11:51:07.0479 3940 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
11:51:07.0572 3940 Spooler - ok
11:51:07.0962 3940 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
11:51:08.0165 3940 sppsvc - ok
11:51:08.0321 3940 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
11:51:08.0399 3940 sppuinotify - ok
11:51:08.0539 3940 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
11:51:08.0602 3940 SRTSP - ok
11:51:08.0617 3940 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
11:51:08.0649 3940 SRTSPX - ok
11:51:08.0727 3940 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
11:51:08.0789 3940 srv - ok
11:51:08.0851 3940 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
11:51:08.0883 3940 srv2 - ok
11:51:08.0929 3940 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
11:51:08.0961 3940 srvnet - ok
11:51:09.0023 3940 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
11:51:09.0101 3940 SSDPSRV - ok
11:51:09.0132 3940 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
11:51:09.0210 3940 SstpSvc - ok
11:51:09.0241 3940 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
11:51:09.0273 3940 stexstor - ok
11:51:09.0382 3940 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
11:51:09.0429 3940 stisvc - ok
11:51:09.0475 3940 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
11:51:09.0522 3940 swenum - ok
11:51:09.0678 3940 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
11:51:09.0756 3940 swprv - ok
11:51:09.0897 3940 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
11:51:09.0943 3940 SymDS - ok
11:51:10.0021 3940 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
11:51:10.0068 3940 SymEFA - ok
11:51:10.0146 3940 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
11:51:10.0193 3940 SymEvent - ok
11:51:10.0255 3940 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
11:51:10.0318 3940 SymIRON - ok
11:51:10.0411 3940 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
11:51:10.0474 3940 SYMTDIv - ok
11:51:10.0661 3940 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
11:51:10.0755 3940 SysMain - ok
11:51:10.0926 3940 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
11:51:10.0973 3940 TabletInputService - ok
11:51:11.0020 3940 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
11:51:11.0098 3940 TapiSrv - ok
11:51:11.0129 3940 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
11:51:11.0207 3940 TBS - ok
11:51:11.0488 3940 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
11:51:11.0566 3940 Tcpip - ok
11:51:11.0940 3940 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
11:51:12.0003 3940 TCPIP6 - ok
11:51:12.0190 3940 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
11:51:12.0268 3940 tcpipreg - ok
11:51:12.0330 3940 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
11:51:12.0377 3940 tdcmdpst - ok
11:51:12.0424 3940 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
11:51:12.0439 3940 TDPIPE - ok
11:51:12.0486 3940 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
11:51:12.0517 3940 TDTCP - ok
11:51:12.0549 3940 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
11:51:12.0627 3940 tdx - ok
11:51:12.0673 3940 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
11:51:12.0705 3940 TermDD - ok
11:51:12.0798 3940 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
11:51:12.0892 3940 TermService - ok
11:51:12.0923 3940 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
11:51:12.0970 3940 Themes - ok
11:51:13.0001 3940 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
11:51:13.0079 3940 THREADORDER - ok
11:51:13.0266 3940 TMachInfo (dfe9ba871b9f3dbb591bd113611cbcc0) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
11:51:13.0297 3940 TMachInfo - ok
11:51:13.0344 3940 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
11:51:13.0375 3940 TODDSrv - ok
11:51:13.0578 3940 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:51:13.0609 3940 TosCoSrv - ok
11:51:13.0719 3940 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:51:13.0750 3940 TOSHIBA HDD SSD Alert Service - ok
11:51:13.0781 3940 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
11:51:13.0859 3940 TrkWks - ok
11:51:13.0937 3940 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
11:51:14.0015 3940 TrustedInstaller - ok
11:51:14.0077 3940 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
11:51:14.0155 3940 tssecsrv - ok
11:51:14.0202 3940 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
11:51:14.0249 3940 TsUsbFlt - ok
11:51:14.0265 3940 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
11:51:14.0280 3940 TsUsbGD - ok
11:51:14.0374 3940 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
11:51:14.0436 3940 tunnel - ok
11:51:14.0514 3940 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
11:51:14.0545 3940 TVALZ - ok
11:51:14.0577 3940 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
11:51:14.0592 3940 uagp35 - ok
11:51:14.0670 3940 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
11:51:14.0748 3940 udfs - ok
11:51:14.0779 3940 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
11:51:14.0811 3940 UI0Detect - ok
11:51:14.0857 3940 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
11:51:14.0889 3940 uliagpkx - ok
11:51:14.0935 3940 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
11:51:14.0967 3940 umbus - ok
11:51:15.0029 3940 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
11:51:15.0060 3940 UmPass - ok
11:51:15.0107 3940 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
11:51:15.0201 3940 upnphost - ok
11:51:15.0263 3940 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
11:51:15.0294 3940 USBAAPL64 - ok
11:51:15.0325 3940 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
11:51:15.0372 3940 usbccgp - ok
11:51:15.0435 3940 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
11:51:15.0481 3940 usbcir - ok
11:51:15.0513 3940 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
11:51:15.0544 3940 usbehci - ok
11:51:15.0622 3940 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
11:51:15.0669 3940 usbhub - ok
11:51:15.0700 3940 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
11:51:15.0731 3940 usbohci - ok
11:51:15.0762 3940 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
11:51:15.0793 3940 usbprint - ok
11:51:15.0825 3940 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
11:51:15.0856 3940 USBSTOR - ok
11:51:15.0871 3940 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
11:51:15.0903 3940 usbuhci - ok
11:51:15.0965 3940 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
11:51:16.0012 3940 usbvideo - ok
11:51:16.0043 3940 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
11:51:16.0121 3940 UxSms - ok
11:51:16.0152 3940 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:51:16.0183 3940 VaultSvc - ok
11:51:16.0230 3940 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
11:51:16.0246 3940 vdrvroot - ok
11:51:16.0339 3940 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
11:51:16.0417 3940 vds - ok
11:51:16.0480 3940 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
11:51:16.0511 3940 vga - ok
11:51:16.0527 3940 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
11:51:16.0605 3940 VgaSave - ok
11:51:16.0636 3940 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
11:51:16.0651 3940 vhdmp - ok
11:51:16.0683 3940 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
11:51:16.0714 3940 viaide - ok
11:51:16.0745 3940 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
11:51:16.0776 3940 volmgr - ok
11:51:16.0839 3940 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
11:51:16.0870 3940 volmgrx - ok
11:51:16.0901 3940 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
11:51:16.0932 3940 volsnap - ok
11:51:17.0010 3940 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
11:51:17.0026 3940 vsmraid - ok
11:51:17.0213 3940 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
11:51:17.0322 3940 VSS - ok
11:51:17.0494 3940 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
11:51:17.0525 3940 vwifibus - ok
11:51:17.0587 3940 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
11:51:17.0619 3940 vwififlt - ok
11:51:17.0728 3940 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
11:51:17.0821 3940 W32Time - ok
11:51:17.0868 3940 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
11:51:17.0899 3940 WacomPen - ok
11:51:17.0962 3940 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:51:18.0055 3940 WANARP - ok
11:51:18.0071 3940 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:51:18.0133 3940 Wanarpv6 - ok
11:51:18.0352 3940 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
11:51:18.0414 3940 WatAdminSvc - ok
11:51:18.0586 3940 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
11:51:18.0648 3940 wbengine - ok
11:51:18.0835 3940 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
11:51:18.0882 3940 WbioSrvc - ok
11:51:18.0945 3940 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
11:51:18.0991 3940 wcncsvc - ok
11:51:19.0007 3940 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
11:51:19.0038 3940 WcsPlugInService - ok
11:51:19.0116 3940 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
11:51:19.0147 3940 Wd - ok
11:51:19.0225 3940 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
11:51:19.0272 3940 Wdf01000 - ok
11:51:19.0288 3940 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
11:51:19.0335 3940 WdiServiceHost - ok
11:51:19.0335 3940 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
11:51:19.0381 3940 WdiSystemHost - ok
11:51:19.0444 3940 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
11:51:19.0491 3940 WebClient - ok
11:51:19.0537 3940 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
11:51:19.0615 3940 Wecsvc - ok
11:51:19.0662 3940 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
11:51:19.0725 3940 wercplsupport - ok
11:51:19.0787 3940 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
11:51:19.0865 3940 WerSvc - ok
11:51:19.0959 3940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
11:51:20.0021 3940 WfpLwf - ok
11:51:20.0052 3940 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
11:51:20.0068 3940 WIMMount - ok
11:51:20.0161 3940 WinDefend - ok
11:51:20.0177 3940 WinHttpAutoProxySvc - ok
11:51:20.0271 3940 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
11:51:20.0349 3940 Winmgmt - ok
11:51:20.0583 3940 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
11:51:20.0707 3940 WinRM - ok
11:51:20.0926 3940 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
11:51:20.0973 3940 WinUsb - ok
11:51:21.0082 3940 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
11:51:21.0144 3940 Wlansvc - ok
11:51:21.0285 3940 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:51:21.0316 3940 wlcrasvc - ok
11:51:21.0643 3940 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:51:21.0737 3940 wlidsvc - ok
11:51:21.0909 3940 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
11:51:21.0940 3940 WmiAcpi - ok
11:51:22.0033 3940 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
11:51:22.0080 3940 wmiApSrv - ok
11:51:22.0174 3940 WMPNetworkSvc - ok
11:51:22.0236 3940 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
11:51:22.0283 3940 WPCSvc - ok
11:51:22.0314 3940 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
11:51:22.0345 3940 WPDBusEnum - ok
11:51:22.0377 3940 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
11:51:22.0455 3940 ws2ifsl - ok
11:51:22.0486 3940 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
11:51:22.0517 3940 wscsvc - ok
11:51:22.0533 3940 WSearch - ok
11:51:22.0782 3940 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
11:51:22.0923 3940 wuauserv - ok
11:51:23.0110 3940 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
11:51:23.0188 3940 WudfPf - ok
11:51:23.0250 3940 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
11:51:23.0313 3940 WUDFRd - ok
11:51:23.0344 3940 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
11:51:23.0422 3940 wudfsvc - ok
11:51:23.0469 3940 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
11:51:23.0515 3940 WwanSvc - ok
11:51:23.0578 3940 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
11:51:23.0703 3940 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:51:23.0703 3940 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:51:23.0749 3940 Boot (0x1200) (80ff801dbe2bbb8d72c04df77d231689) \Device\Harddisk0\DR0\Partition0
11:51:23.0749 3940 \Device\Harddisk0\DR0\Partition0 - ok
11:51:23.0749 3940 ============================================================
11:51:23.0749 3940 Scan finished
11:51:23.0749 3940 ============================================================
11:51:23.0781 4864 Detected object count: 1
11:51:23.0781 4864 Actual detected object count: 1
11:52:54.0417 4864 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:52:54.0432 4864 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:52:54.0432 4864 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:52:54.0448 4864 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:52:54.0479 4864 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:52:54.0510 4864 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:52:54.0510 4864 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:52:54.0526 4864 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:52:54.0526 4864 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:52:54.0526 4864 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:52:54.0541 4864 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:52:54.0541 4864 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:52:54.0541 4864 \Device\Harddisk0\DR0\TDLFS - deleted
11:52:54.0541 4864 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
11:53:11.0046 4148 Deinitialize success

Crud, I can't edit my posts. Correct log incoming shortly...

Well that's no good, I don't seem to have a log from the 27th - it does appear however that the svchost.exe file is no longer running in the Processes tab of the Task Manager - would running CF without the script generate the log you need?

Thanks

Hi spetrarca,

Get a new copy of combofix first. Just right click and delete the one you have now.

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.