Rootkit.Boot.Pihar.c - is not removing Options

[surbo]

I have a machine that will not clean -

here is the log file


08:51:46.0166 4640 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
08:51:46.0744 4640 ============================================================
08:51:46.0744 4640 Current date / time: 2012/04/23 08:51:46.0744
08:51:46.0744 4640 SystemInfo:
08:51:46.0744 4640
08:51:46.0744 4640 OS Version: 5.1.2600 ServicePack: 3.0
08:51:46.0744 4640 Product type: Workstation
08:51:46.0744 4640 ComputerName:
08:51:46.0744 4640 UserName:
08:51:46.0744 4640 Windows directory: C:\WINDOWS
08:51:46.0744 4640 System windows directory: C:\WINDOWS
08:51:46.0744 4640 Processor architecture: Intel x86
08:51:46.0744 4640 Number of processors: 4
08:51:46.0744 4640 Page size: 0x1000
08:51:46.0744 4640 Boot type: Normal boot
08:51:46.0744 4640 ============================================================
08:51:48.0228 4640 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:51:48.0244 4640 \Device\Harddisk0\DR0:
08:51:48.0244 4640 MBR partitions:
08:51:48.0244 4640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A14400
08:51:48.0337 4640 C: <-> \Device\Harddisk0\DR0\Partition0
08:51:48.0337 4640 Initialize success
08:51:48.0337 4640 ============================================================
08:51:49.0369 4452 ============================================================
08:51:49.0369 4452 Scan started
08:51:49.0369 4452 Mode: Manual;
08:51:49.0369 4452 ============================================================
08:51:52.0337 4452 Abiosdsk - ok
08:51:52.0540 4452 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
08:51:52.0853 4452 abp480n5 - ok
08:51:53.0478 4452 Acceler (eb008a36206bf9d0de3c5f9df67d20d8) C:\WINDOWS\system32\DRIVERS\Accelern.sys
08:51:53.0525 4452 Acceler - ok
08:51:53.0946 4452 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:51:53.0962 4452 ACPI - ok
08:51:54.0368 4452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:51:54.0368 4452 ACPIEC - ok
08:51:54.0774 4452 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:51:54.0790 4452 AdobeFlashPlayerUpdateSvc - ok
08:51:55.0134 4452 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:51:55.0134 4452 adpu160m - ok
08:51:55.0384 4452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:51:55.0384 4452 aec - ok
08:51:55.0446 4452 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
08:51:55.0446 4452 AESTAud - ok
08:51:55.0556 4452 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:51:55.0556 4452 AFD - ok
08:51:55.0602 4452 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
08:51:55.0618 4452 agp440 - ok
08:51:55.0915 4452 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
08:51:55.0915 4452 agpCPQ - ok
08:51:56.0181 4452 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
08:51:56.0181 4452 Aha154x - ok
08:51:56.0415 4452 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:51:56.0431 4452 aic78u2 - ok
08:51:56.0649 4452 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:51:56.0665 4452 aic78xx - ok
08:51:56.0727 4452 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:51:56.0727 4452 Alerter - ok
08:51:56.0759 4452 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:51:56.0759 4452 ALG - ok
08:51:56.0837 4452 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
08:51:56.0852 4452 AliIde - ok
08:51:56.0915 4452 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
08:51:56.0915 4452 alim1541 - ok
08:51:57.0024 4452 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
08:51:57.0024 4452 amdagp - ok
08:51:57.0102 4452 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
08:51:57.0102 4452 amsint - ok
08:51:57.0196 4452 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
08:51:57.0212 4452 ApfiltrService - ok
08:51:57.0305 4452 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:51:57.0321 4452 AppMgmt - ok
08:51:57.0415 4452 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:51:57.0415 4452 Arp1394 - ok
08:51:57.0587 4452 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
08:51:57.0587 4452 asc - ok
08:51:57.0868 4452 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
08:51:57.0868 4452 asc3350p - ok
08:51:58.0118 4452 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
08:51:58.0134 4452 asc3550 - ok
08:51:58.0368 4452 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:51:58.0446 4452 aspnet_state - ok
08:51:58.0696 4452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:51:58.0696 4452 AsyncMac - ok
08:51:58.0899 4452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:51:58.0899 4452 atapi - ok
08:51:59.0071 4452 Atdisk - ok
08:51:59.0149 4452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:51:59.0149 4452 Atmarpc - ok
08:51:59.0321 4452 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:51:59.0321 4452 AudioSrv - ok
08:51:59.0446 4452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:51:59.0446 4452 audstub - ok
08:52:00.0555 4452 BCM43XX (5d4893633b7161fa25500eb7aeabec94) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
08:52:02.0461 4452 BCM43XX - ok
08:52:02.0836 4452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:52:02.0836 4452 Beep - ok
08:52:03.0227 4452 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:52:03.0508 4452 BITS - ok
08:52:03.0805 4452 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:52:03.0821 4452 Browser - ok
08:52:04.0180 4452 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
08:52:04.0180 4452 cbidf - ok
08:52:04.0508 4452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:52:04.0508 4452 cbidf2k - ok
08:52:04.0727 4452 ccEvtMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:52:04.0742 4452 ccEvtMgr - ok
08:52:05.0274 4452 CcmExec (a454a9baa25b8c8e76735dd86bd4b017) C:\WINDOWS\system32\CCM\CcmExec.exe
08:52:05.0274 4452 CcmExec - ok
08:52:05.0539 4452 ccSetMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:52:05.0555 4452 ccSetMgr - ok
08:52:06.0086 4452 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
08:52:06.0086 4452 cd20xrnt - ok
08:52:06.0492 4452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:52:06.0492 4452 Cdaudio - ok
08:52:06.0789 4452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:52:06.0789 4452 Cdfs - ok
08:52:07.0117 4452 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:52:07.0117 4452 Cdrom - ok
08:52:07.0414 4452 Changer - ok
08:52:07.0695 4452 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:52:07.0695 4452 CiSvc - ok
08:52:07.0945 4452 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:52:07.0945 4452 ClipSrv - ok
08:52:08.0680 4452 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:52:08.0695 4452 clr_optimization_v2.0.50727_32 - ok
08:52:08.0820 4452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:52:09.0461 4452 clr_optimization_v4.0.30319_32 - ok
08:52:09.0883 4452 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:52:09.0883 4452 CmBatt - ok
08:52:09.0976 4452 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
08:52:09.0976 4452 CmdIde - ok
08:52:10.0054 4452 CmgHiber (c355a2f869cd8a7b4266e96177db6ea8) C:\WINDOWS\system32\DRIVERS\CmgHiber.sys
08:52:10.0054 4452 CmgHiber - ok
08:52:10.0148 4452 CmgPCS (ad95fda079db80052572d6e8beda8488) C:\WINDOWS\system32\DRIVERS\CmgPCS.sys
08:52:10.0148 4452 CmgPCS - ok
08:52:11.0023 4452 CMGShield (43d3dbbeacfbdde5234fb3e9064e62fe) C:\WINDOWS\system32\CmgShieldSvc.exe
08:52:11.0070 4452 CMGShield - ok
08:52:11.0476 4452 CmgShieldCEF (6bd866bef712ce70784cee487bebd37c) C:\WINDOWS\system32\DRIVERS\CMGShCEF.sys
08:52:11.0492 4452 CmgShieldCEF - ok
08:52:11.0726 4452 CmgShieldNP (e6bc6971721e68a8e5a477e90405ec45) C:\WINDOWS\system32\CmgShieldNP.dll
08:52:11.0726 4452 CmgShieldNP - ok
08:52:11.0804 4452 CMGShieldReg (e7ee956560c6421db92242132d75aa4f) C:\WINDOWS\system32\DRIVERS\CmgShREG.sys
08:52:11.0804 4452 CMGShieldReg - ok
08:52:11.0851 4452 COH_Mon (de88a385898f6d13026f94f749fbaed2) C:\WINDOWS\system32\Drivers\COH_Mon.sys
08:52:11.0851 4452 COH_Mon - ok
08:52:11.0914 4452 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:52:11.0914 4452 Compbatt - ok
08:52:11.0914 4452 COMSysApp - ok
08:52:11.0976 4452 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
08:52:11.0976 4452 Cpqarray - ok
08:52:12.0023 4452 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:52:12.0023 4452 CryptSvc - ok
08:52:12.0070 4452 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
08:52:12.0070 4452 CVirtA - ok
08:52:12.0226 4452 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
08:52:12.0242 4452 CVPND - ok
08:52:12.0289 4452 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
08:52:12.0289 4452 CVPNDRVA - ok
08:52:12.0351 4452 cvusbdrv (fec7d64eba56095ff5765ec65337bef4) C:\WINDOWS\system32\Drivers\cvusbdrv.sys
08:52:12.0351 4452 cvusbdrv - ok
08:52:12.0398 4452 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
08:52:12.0398 4452 dac2w2k - ok
08:52:12.0429 4452 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
08:52:12.0429 4452 dac960nt - ok
08:52:12.0476 4452 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:52:12.0492 4452 DcomLaunch - ok
08:52:12.0523 4452 Dhcp (c51de19619d50cbd03708647aca10e70) C:\WINDOWS\System32\dhcpcsvc.dll
08:52:12.0523 4452 Dhcp - ok
08:52:12.0570 4452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:52:12.0586 4452 Disk - ok
08:52:12.0586 4452 dmadmin - ok
08:52:12.0664 4452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:52:12.0679 4452 dmboot - ok
08:52:12.0695 4452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:52:12.0695 4452 dmio - ok
08:52:12.0711 4452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:52:12.0711 4452 dmload - ok
08:52:12.0757 4452 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:52:12.0757 4452 dmserver - ok
08:52:12.0804 4452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:52:12.0820 4452 DMusic - ok
08:52:12.0867 4452 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
08:52:12.0882 4452 DNE - ok
08:52:12.0914 4452 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:52:12.0929 4452 Dnscache - ok
08:52:12.0976 4452 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:52:12.0976 4452 Dot3svc - ok
08:52:13.0039 4452 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:52:13.0039 4452 dpti2o - ok
08:52:13.0086 4452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:52:13.0086 4452 drmkaud - ok
08:52:13.0179 4452 DVMIO (7797f0cc249709001819e29dab170eed) C:\Program Files\Dell\Reader 2.1\dvmio.sys
08:52:13.0195 4452 DVMIO - ok
08:52:13.0210 4452 DvmMDES (6f0952f5a3c8d9e90df1f88b84541145) C:\Program Files\Dell\Reader 2.1\DVMExportService.exe
08:52:13.0226 4452 DvmMDES - ok
08:52:13.0289 4452 DwMirror (383182215a2c238e76b86e3b5ede40eb) C:\WINDOWS\system32\DRIVERS\DamewareMini.sys
08:52:13.0289 4452 DwMirror - ok
08:52:13.0304 4452 DWMRCS - ok
08:52:13.0320 4452 dwvkbd (5a402c57f621114c99f813c6ae7bc37a) C:\WINDOWS\system32\DRIVERS\dwvkbd.sys
08:52:13.0320 4452 dwvkbd - ok
08:52:13.0367 4452 e1kexpress (8bed3dbbb13d2c8e1c1c9decec309826) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
08:52:13.0382 4452 e1kexpress - ok
08:52:13.0429 4452 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:52:13.0429 4452 EapHost - ok
08:52:13.0554 4452 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:52:13.0570 4452 eeCtrl - ok
08:52:13.0570 4452 EMS - ok
08:52:13.0601 4452 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:52:13.0617 4452 EraserUtilRebootDrv - ok
08:52:13.0757 4452 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:52:13.0757 4452 ERSvc - ok
08:52:13.0835 4452 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
08:52:13.0835 4452 es1371 - ok
08:52:13.0882 4452 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:52:13.0882 4452 Eventlog - ok
08:52:13.0914 4452 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:52:13.0914 4452 EventSystem - ok
08:52:14.0007 4452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:52:14.0007 4452 Fastfat - ok
08:52:14.0054 4452 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
08:52:14.0054 4452 FastUserSwitchingCompatibility - ok
08:52:14.0148 4452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:52:14.0148 4452 Fdc - ok
08:52:14.0179 4452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:52:14.0179 4452 Fips - ok
08:52:14.0195 4452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:52:14.0195 4452 Flpydisk - ok
08:52:14.0242 4452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:52:14.0257 4452 FltMgr - ok
08:52:14.0335 4452 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:52:14.0335 4452 FontCache3.0.0.0 - ok
08:52:14.0398 4452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:52:14.0398 4452 Fs_Rec - ok
08:52:14.0445 4452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:52:14.0460 4452 Ftdisk - ok
08:52:14.0507 4452 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
08:52:14.0507 4452 gameenum - ok
08:52:14.0570 4452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:52:14.0570 4452 Gpc - ok
08:52:14.0632 4452 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:52:14.0648 4452 HDAudBus - ok
08:52:14.0726 4452 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:52:14.0726 4452 helpsvc - ok
08:52:14.0804 4452 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:52:14.0804 4452 HidServ - ok
08:52:14.0867 4452 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:52:14.0867 4452 hidusb - ok
08:52:14.0898 4452 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:52:14.0913 4452 hkmsvc - ok
08:52:14.0960 4452 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
08:52:14.0960 4452 hpn - ok
08:52:15.0007 4452 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:52:15.0007 4452 HPZid412 - ok
08:52:15.0038 4452 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:52:15.0038 4452 HPZipr12 - ok
08:52:15.0070 4452 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:52:15.0070 4452 HPZius12 - ok
08:52:15.0117 4452 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
08:52:15.0117 4452 HSFHWAZL - ok
08:52:15.0148 4452 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
08:52:15.0179 4452 HSF_DPV - ok
08:52:15.0242 4452 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
08:52:15.0257 4452 HTTP - ok
08:52:15.0320 4452 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:52:15.0335 4452 HTTPFilter - ok
08:52:15.0382 4452 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
08:52:15.0382 4452 i2omgmt - ok
08:52:15.0413 4452 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
08:52:15.0413 4452 i2omp - ok
08:52:15.0476 4452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:52:15.0476 4452 i8042prt - ok
08:52:15.0585 4452 ialm (f21999a5dd2ae87886eec8a9a442aae2) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:52:15.0695 4452 ialm - ok
08:52:15.0742 4452 iaStor (26541a068572f650a2fa490726fe81be) C:\WINDOWS\system32\DRIVERS\iaStor.sys
08:52:15.0757 4452 iaStor - ok
08:52:15.0851 4452 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:52:15.0882 4452 idsvc - ok
08:52:15.0960 4452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:52:15.0960 4452 Imapi - ok
08:52:15.0992 4452 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:52:15.0992 4452 ImapiService - ok
08:52:16.0023 4452 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\WINDOWS\system32\DRIVERS\Impcd.sys
08:52:16.0038 4452 Impcd - ok
08:52:16.0070 4452 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
08:52:16.0085 4452 ini910u - ok
08:52:16.0132 4452 IntcDAud (34ee48d11c584eedb59fd0d537ac2296) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
08:52:16.0148 4452 IntcDAud - ok
08:52:16.0195 4452 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:52:16.0195 4452 IntelIde - ok
08:52:16.0257 4452 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:52:16.0257 4452 intelppm - ok
08:52:16.0335 4452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:52:16.0351 4452 Ip6Fw - ok
08:52:16.0476 4452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:52:16.0491 4452 IpFilterDriver - ok
08:52:16.0538 4452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:52:16.0538 4452 IpInIp - ok
08:52:16.0570 4452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:52:16.0585 4452 IpNat - ok
08:52:16.0601 4452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:52:16.0601 4452 IPSec - ok
08:52:16.0663 4452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:52:16.0663 4452 IRENUM - ok
08:52:16.0773 4452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:52:16.0788 4452 isapnp - ok
08:52:16.0929 4452 JavaQuickStarterService (09417134f248dfceea15c72bcc87f592) C:\Program Files\Java\jre6\bin\jqs.exe
08:52:16.0929 4452 JavaQuickStarterService - ok
08:52:17.0023 4452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:52:17.0023 4452 Kbdclass - ok
08:52:17.0085 4452 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:52:17.0085 4452 kbdhid - ok
08:52:17.0148 4452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:52:17.0148 4452 kmixer - ok
08:52:17.0210 4452 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
08:52:17.0210 4452 KSecDD - ok
08:52:17.0273 4452 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
08:52:17.0288 4452 LanmanServer - ok
08:52:17.0335 4452 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:52:17.0335 4452 lanmanworkstation - ok
08:52:17.0351 4452 lbrtfdc - ok
08:52:17.0523 4452 LiveUpdate (6105b28f5d03c4affa7197b228768849) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
08:52:17.0648 4452 LiveUpdate - ok
08:52:17.0773 4452 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:52:17.0788 4452 LmHosts - ok
08:52:17.0929 4452 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
08:52:17.0929 4452 MDM - ok
08:52:18.0054 4452 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:52:18.0054 4452 mdmxsdk - ok
08:52:18.0085 4452 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:52:18.0085 4452 Messenger - ok
08:52:18.0179 4452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:52:18.0179 4452 mnmdd - ok
08:52:18.0241 4452 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:52:18.0257 4452 mnmsrvc - ok
08:52:18.0351 4452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:52:18.0351 4452 Modem - ok
08:52:18.0460 4452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:52:18.0460 4452 Mouclass - ok
08:52:18.0538 4452 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:52:18.0538 4452 mouhid - ok
08:52:18.0554 4452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:52:18.0569 4452 MountMgr - ok
08:52:18.0601 4452 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
08:52:18.0601 4452 mraid35x - ok
08:52:18.0616 4452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:52:18.0632 4452 MRxDAV - ok
08:52:18.0694 4452 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:52:18.0710 4452 MRxSmb - ok
08:52:18.0757 4452 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:52:18.0773 4452 MSDTC - ok
08:52:18.0804 4452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:52:18.0804 4452 Msfs - ok
08:52:18.0804 4452 MSIServer - ok
08:52:18.0851 4452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:52:18.0866 4452 MSKSSRV - ok
08:52:18.0898 4452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:52:18.0913 4452 MSPCLOCK - ok
08:52:18.0929 4452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:52:18.0929 4452 MSPQM - ok
08:52:18.0960 4452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:52:18.0976 4452 mssmbios - ok
08:52:19.0023 4452 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:52:19.0023 4452 Mup - ok
08:52:19.0069 4452 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:52:19.0085 4452 napagent - ok
08:52:19.0241 4452 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120422.006\NAVENG.SYS
08:52:19.0257 4452 NAVENG - ok
08:52:19.0351 4452 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120422.006\NAVEX15.SYS
08:52:19.0398 4452 NAVEX15 - ok
08:52:19.0476 4452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:52:19.0491 4452 NDIS - ok
08:52:19.0523 4452 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:52:19.0538 4452 NdisTapi - ok
08:52:19.0616 4452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:52:19.0632 4452 Ndisuio - ok
08:52:19.0663 4452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:52:19.0663 4452 NdisWan - ok
08:52:19.0726 4452 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:52:19.0726 4452 NDProxy - ok
08:52:19.0741 4452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:52:19.0741 4452 NetBIOS - ok
08:52:19.0772 4452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:52:19.0772 4452 NetBT - ok
08:52:19.0835 4452 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:52:19.0835 4452 NetDDE - ok
08:52:19.0835 4452 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:52:19.0851 4452 NetDDEdsdm - ok
08:52:19.0913 4452 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:52:19.0929 4452 Netlogon - ok
08:52:19.0991 4452 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:52:19.0991 4452 Netman - ok
08:52:20.0101 4452 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:52:20.0116 4452 NetTcpPortSharing - ok
08:52:20.0147 4452 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:52:20.0147 4452 NIC1394 - ok
08:52:20.0210 4452 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:52:20.0210 4452 Nla - ok
08:52:20.0272 4452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:52:20.0272 4452 Npfs - ok
08:52:20.0288 4452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:52:20.0319 4452 Ntfs - ok
08:52:20.0444 4452 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:52:20.0460 4452 NtLmSsp - ok
08:52:20.0554 4452 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:52:20.0569 4452 NtmsSvc - ok
08:52:20.0694 4452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:52:20.0694 4452 Null - ok
08:52:20.0804 4452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:52:20.0835 4452 NwlnkFlt - ok
08:52:20.0882 4452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:52:20.0882 4452 NwlnkFwd - ok
08:52:20.0960 4452 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:52:20.0976 4452 ohci1394 - ok
08:52:21.0038 4452 omci (fc246eba4a5375a90e7f5c764f6c5d12) C:\WINDOWS\system32\DRIVERS\omci.sys
08:52:21.0038 4452 omci - ok
08:52:21.0116 4452 ose (2a505a55f0b614954548720b0f7f72da) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:52:21.0132 4452 ose - ok
08:52:21.0210 4452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:52:21.0210 4452 Parport - ok
08:52:21.0272 4452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:52:21.0272 4452 PartMgr - ok
08:52:21.0304 4452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:52:21.0304 4452 ParVdm - ok
08:52:21.0335 4452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:52:21.0350 4452 PCI - ok
08:52:21.0350 4452 PCIDump - ok
08:52:21.0413 4452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:52:21.0413 4452 PCIIde - ok
08:52:21.0475 4452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:52:21.0491 4452 Pcmcia - ok
08:52:21.0600 4452 PCnet (7bc8027d56fab153a987c56ae9835664) C:\WINDOWS\system32\DRIVERS\pcntpci5.sys
08:52:21.0616 4452 PCnet - ok
08:52:21.0647 4452 PDCOMP - ok
08:52:21.0647 4452 PDFRAME - ok
08:52:21.0663 4452 PDRELI - ok
08:52:21.0679 4452 PDRFRAME - ok
08:52:21.0741 4452 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
08:52:21.0741 4452 perc2 - ok
08:52:21.0757 4452 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
08:52:21.0757 4452 perc2hib - ok
08:52:21.0850 4452 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:52:21.0850 4452 PlugPlay - ok
08:52:21.0866 4452 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:52:21.0866 4452 PolicyAgent - ok
08:52:21.0897 4452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:52:21.0897 4452 PptpMiniport - ok
08:52:21.0960 4452 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\WINDOWS\system32\CCM\prepdrv.sys
08:52:21.0991 4452 prepdrvr - ok
08:52:22.0116 4452 prgnDiscAgent (792b1a0999f54f9e6698e2e6b6f5cd13) C:\Program Files\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
08:52:22.0132 4452 prgnDiscAgent - ok
08:52:22.0257 4452 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:52:22.0257 4452 ProtectedStorage - ok
08:52:22.0319 4452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:52:22.0319 4452 PSched - ok
08:52:22.0350 4452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:52:22.0350 4452 Ptilink - ok
08:52:22.0429 4452 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:52:22.0429 4452 PxHelp20 - ok
08:52:22.0585 4452 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
08:52:22.0585 4452 ql1080 - ok
08:52:22.0741 4452 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
08:52:22.0741 4452 Ql10wnt - ok
08:52:22.0866 4452 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
08:52:22.0866 4452 ql12160 - ok
08:52:22.0975 4452 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
08:52:22.0975 4452 ql1240 - ok
08:52:23.0116 4452 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
08:52:23.0132 4452 ql1280 - ok
08:52:23.0241 4452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:52:23.0241 4452 RasAcd - ok
08:52:23.0366 4452 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:52:23.0366 4452 RasAuto - ok
08:52:23.0491 4452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:52:23.0491 4452 Rasl2tp - ok
08:52:23.0600 4452 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:52:23.0616 4452 RasMan - ok
08:52:23.0725 4452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:52:23.0741 4452 RasPppoe - ok
08:52:23.0772 4452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:52:23.0772 4452 Raspti - ok
08:52:23.0803 4452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:52:23.0803 4452 Rdbss - ok
08:52:23.0866 4452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:52:23.0866 4452 RDPCDD - ok
08:52:23.0975 4452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:52:23.0975 4452 rdpdr - ok
08:52:24.0132 4452 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:52:24.0147 4452 RDPWD - ok
08:52:24.0288 4452 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:52:24.0303 4452 RDSessMgr - ok
08:52:24.0444 4452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:52:24.0444 4452 redbook - ok
08:52:24.0522 4452 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:52:24.0538 4452 RemoteAccess - ok
08:52:24.0600 4452 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:52:24.0600 4452 RemoteRegistry - ok
08:52:24.0710 4452 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\WINDOWS\system32\DRIVERS\risdpe86.sys
08:52:24.0725 4452 risdpcie - ok
08:52:24.0944 4452 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
08:52:24.0991 4452 RoxMediaDB10 - ok
08:52:25.0116 4452 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:52:25.0116 4452 RpcLocator - ok
08:52:25.0163 4452 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:52:25.0163 4452 RpcSs - ok
08:52:25.0194 4452 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:52:25.0210 4452 RSVP - ok
08:52:25.0256 4452 RxFilter (aabb1d240862349181f5350dd62faae7) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
08:52:25.0256 4452 RxFilter - ok
08:52:25.0335 4452 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:52:25.0350 4452 SamSs - ok
08:52:25.0491 4452 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:52:25.0491 4452 SCardSvr - ok
08:52:25.0616 4452 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:52:25.0631 4452 Schedule - ok
08:52:25.0694 4452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:52:25.0694 4452 Secdrv - ok
08:52:25.0725 4452 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:52:25.0725 4452 seclogon - ok
08:52:25.0756 4452 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:52:25.0756 4452 SENS - ok
08:52:25.0788 4452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:52:25.0788 4452 serenum - ok
08:52:25.0803 4452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:52:25.0819 4452 Serial - ok
08:52:25.0866 4452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:52:25.0866 4452 Sfloppy - ok
08:52:25.0897 4452 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:52:25.0913 4452 SharedAccess - ok
08:52:25.0960 4452 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
08:52:25.0960 4452 ShellHWDetection - ok
08:52:25.0975 4452 Simbad - ok
08:52:26.0038 4452 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
08:52:26.0038 4452 sisagp - ok
08:52:26.0225 4452 SmcService (fbb0baac634fd95eda136c4b2fec76f6) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
08:52:26.0241 4452 SmcService - ok
08:52:26.0381 4452 smsmdd (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
08:52:26.0381 4452 smsmdd - ok
08:52:26.0475 4452 smstsmgr - ok
08:52:26.0647 4452 SNAC (65e1ebf379856b677979802c8d5bcd87) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
08:52:26.0663 4452 SNAC - ok
08:52:26.0803 4452 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
08:52:26.0803 4452 Sparrow - ok
08:52:26.0944 4452 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
08:52:26.0959 4452 SPBBCDrv - ok
08:52:27.0116 4452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:52:27.0116 4452 splitter - ok
08:52:27.0256 4452 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:52:27.0272 4452 Spooler - ok
08:52:27.0381 4452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:52:27.0381 4452 sr - ok
08:52:27.0444 4452 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:52:27.0459 4452 srservice - ok
08:52:27.0506 4452 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
08:52:27.0522 4452 SRTSP - ok
08:52:27.0584 4452 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
08:52:27.0600 4452 SRTSPL - ok
08:52:27.0647 4452 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
08:52:27.0647 4452 SRTSPX - ok
08:52:27.0725 4452 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:52:27.0741 4452 Srv - ok
08:52:27.0866 4452 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:52:27.0881 4452 SSDPSRV - ok
08:52:27.0991 4452 STacSV (95e100d2aab23a591a01655e6063d36e) C:\Program Files\IDT\WDM\stacsv.exe
08:52:27.0991 4452 STacSV - ok
08:52:28.0100 4452 stdcfltn (73d7a81e3af7763aa627d99f50bd3f49) C:\WINDOWS\system32\DRIVERS\stdcfltn.sys
08:52:28.0100 4452 stdcfltn - ok
08:52:28.0287 4452 STHDA (72c411579358a57941f8d0b3a67175b4) C:\WINDOWS\system32\drivers\sthda.sys
08:52:28.0350 4452 STHDA - ok
08:52:28.0506 4452 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:52:28.0522 4452 stisvc - ok
08:52:28.0616 4452 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
08:52:28.0616 4452 stllssvr - ok
08:52:28.0741 4452 SU (250a4e9a53014d88e36e446443cc2566) C:\Windows\system32\suss.exe
08:52:28.0756 4452 SU - ok
08:52:28.0803 4452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:52:28.0803 4452 swenum - ok
08:52:28.0881 4452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:52:28.0881 4452 swmidi - ok
08:52:28.0928 4452 SwPrv - ok
08:52:29.0194 4452 Symantec AntiVirus (05799a82b7a2714ae14ee17c4b660701) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
08:52:29.0225 4452 Symantec AntiVirus - ok
08:52:29.0366 4452 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
08:52:29.0366 4452 symc810 - ok
08:52:29.0397 4452 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
08:52:29.0397 4452 symc8xx - ok
08:52:29.0444 4452 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
08:52:29.0459 4452 SymEvent - ok
08:52:29.0506 4452 Symmpi (805f9d7be6c71f93f350e420f9b52166) C:\WINDOWS\system32\DRIVERS\symmpi.sys
08:52:29.0522 4452 Symmpi - ok
08:52:29.0569 4452 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
08:52:29.0569 4452 SYMREDRV - ok
08:52:29.0584 4452 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
08:52:29.0600 4452 SYMTDI - ok
08:52:29.0631 4452 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
08:52:29.0631 4452 sym_hi - ok
08:52:29.0662 4452 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
08:52:29.0662 4452 sym_u3 - ok
08:52:29.0709 4452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:52:29.0709 4452 sysaudio - ok
08:52:29.0772 4452 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:52:29.0787 4452 SysmonLog - ok
08:52:29.0928 4452 SysPlant (c074793032757749ed7fa46469a66b17) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
08:52:29.0944 4452 SysPlant - ok
08:52:30.0147 4452 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:52:30.0162 4452 TapiSrv - ok
08:52:30.0319 4452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:52:30.0334 4452 Tcpip - ok
08:52:30.0428 4452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:52:30.0428 4452 TDPIPE - ok
08:52:30.0506 4452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:52:30.0506 4452 TDTCP - ok
08:52:30.0647 4452 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
08:52:30.0647 4452 Teefer2 - ok
08:52:30.0819 4452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:52:30.0819 4452 TermDD - ok
08:52:30.0944 4452 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:52:30.0959 4452 TermService - ok
08:52:31.0084 4452 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
08:52:31.0100 4452 Themes - ok
08:52:31.0240 4452 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:52:31.0256 4452 TlntSvr - ok
08:52:31.0350 4452 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
08:52:31.0350 4452 TosIde - ok
08:52:31.0475 4452 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:52:31.0490 4452 TrkWks - ok
08:52:31.0647 4452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:52:31.0647 4452 Udfs - ok
08:52:31.0787 4452 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
08:52:31.0787 4452 ultra - ok
08:52:31.0928 4452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:52:31.0943 4452 Update - ok
08:52:32.0053 4452 UPHClean (325fb38c323c63c7f57885b4dfb1b91e) C:\Program Files\UPHClean\uphclean.exe
08:52:32.0053 4452 UPHClean - ok
08:52:32.0209 4452 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:52:32.0209 4452 upnphost - ok
08:52:32.0381 4452 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:52:32.0397 4452 UPS - ok
08:52:32.0522 4452 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:52:32.0522 4452 usbccgp - ok
08:52:32.0615 4452 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
08:52:32.0615 4452 USBCCID - ok
08:52:32.0740 4452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:52:32.0740 4452 usbehci - ok
08:52:32.0881 4452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:52:32.0881 4452 usbhub - ok
08:52:33.0006 4452 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:52:33.0006 4452 usbprint - ok
08:52:33.0131 4452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:52:33.0131 4452 usbscan - ok
08:52:33.0225 4452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:52:33.0240 4452 USBSTOR - ok
08:52:33.0396 4452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:52:33.0396 4452 usbuhci - ok
08:52:33.0787 4452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:52:33.0787 4452 VgaSave - ok
08:52:33.0881 4452 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
08:52:33.0881 4452 viaagp - ok
08:52:33.0912 4452 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
08:52:33.0928 4452 ViaIde - ok
08:52:33.0990 4452 vmscsi (82132036ee4d3e8aa3e73feebe1a9741) C:\WINDOWS\system32\DRIVERS\vmscsi.sys
08:52:33.0990 4452 vmscsi - ok
08:52:34.0053 4452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:52:34.0068 4452 VolSnap - ok
08:52:34.0178 4452 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
08:52:34.0193 4452 vsdatant - ok
08:52:34.0428 4452 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:52:34.0428 4452 VSS - ok
08:52:34.0615 4452 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:52:34.0615 4452 W32Time - ok
08:52:34.0693 4452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:52:34.0693 4452 Wanarp - ok
08:52:34.0771 4452 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
08:52:34.0787 4452 Wdf01000 - ok
08:52:34.0803 4452 WDICA - ok
08:52:34.0865 4452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:52:34.0865 4452 wdmaud - ok
08:52:34.0881 4452 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:52:34.0896 4452 WebClient - ok
08:52:35.0006 4452 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
08:52:35.0037 4452 winachsf - ok
08:52:35.0193 4452 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:52:35.0193 4452 winmgmt - ok
08:52:35.0256 4452 wltrysvc - ok
08:52:35.0334 4452 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:52:35.0349 4452 WmdmPmSN - ok
08:52:35.0428 4452 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:52:35.0506 4452 Wmi - ok
08:52:35.0646 4452 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:52:35.0646 4452 WmiAcpi - ok
08:52:35.0803 4452 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:52:35.0803 4452 WmiApSrv - ok
08:52:35.0974 4452 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:52:36.0006 4452 WMPNetworkSvc - ok
08:52:36.0474 4452 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:52:36.0537 4452 WPFFontCache_v0400 - ok
08:52:36.0709 4452 WPS (4434525f44b84a97decbfe032334f51b) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
08:52:36.0709 4452 WPS - ok
08:52:36.0865 4452 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
08:52:36.0865 4452 WpsHelper - ok
08:52:37.0068 4452 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:52:37.0084 4452 wscsvc - ok
08:52:37.0224 4452 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:52:37.0256 4452 wuauserv - ok
08:52:37.0849 4452 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:52:37.0865 4452 WudfPf - ok
08:52:37.0990 4452 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:52:37.0990 4452 WudfRd - ok
08:52:38.0115 4452 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:52:38.0115 4452 WudfSvc - ok
08:52:38.0427 4452 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:52:38.0443 4452 WZCSVC - ok
08:52:38.0615 4452 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:52:38.0615 4452 xmlprov - ok
08:52:38.0677 4452 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:52:38.0709 4452 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
08:52:38.0709 4452 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
08:52:38.0740 4452 Boot (0x1200) (e0a0cc013f8109f584d8329efd6c56f7) \Device\Harddisk0\DR0\Partition0
08:52:38.0740 4452 \Device\Harddisk0\DR0\Partition0 - ok
08:52:38.0740 4452 ============================================================
08:52:38.0740 4452 Scan finished
08:52:38.0740 4452 ============================================================
08:52:38.0771 4636 Detected object count: 1
08:52:38.0771 4636 Actual detected object count: 1
08:54:23.0435 4636 \Device\Harddisk0\DR0\# - copied to quarantine
08:54:23.0450 4636 \Device\Harddisk0\DR0 - copied to quarantine
08:54:23.0575 4636 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
08:54:23.0607 4636 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
08:54:23.0638 4636 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:54:23.0685 4636 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:54:23.0732 4636 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:54:23.0747 4636 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
08:54:23.0763 4636 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:54:23.0779 4636 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:54:23.0857 4636 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:54:23.0888 4636 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:54:23.0904 4636 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
08:54:23.0919 4636 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
08:54:23.0950 4636 \Device\Harddisk0\DR0 - processing error
08:54:29.0716 4636 \Device\Harddisk0\DR0 - will be restored on reboot
08:54:29.0731 4636 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure Restore
08:54:33.0903 5020 Deinitialize success

Attached File(s)

 23.04.2012_08.51.46.zip ( 219.09K ) Number of downloads: 1

 

[exxoid]

Don't mean to hyjack your thread, but I ran into the same issue yesterday with a computer.. unable to remove the Rootkit.Boot.Pihar.c rootkit.

Our users are running Win7x64 SP1, when I try to remove the rootkit using TDSSKIller it breaks the partition information, I have to boot into recovery and fix my partition info, only then am I allowed back in Windows.

When running FEP scan, it picks up the rootkit again, somehow the TDSSKiller is not removing it. Could it be a new variant of the rootkit that TDSSKiller is not proprely removing?

[skunkbayweather]

Same here. TDSSKiller finds it.... "cures" it and then I get an "Invalid Partition" on reboot. I fix the partition with bootrec and the virus is back.... I am chasing my tail here...

Thanks

[Yury.Parshin]

TDSSKiller was updated today - 2.7.33.0.

[thisisu]

TDSSKiller was updated today - 2.7.33.0.

Hello Yury.Parshin,

I have a user that experienced the same "Invalid Partition" on reboot problem after using v2.7.32.0
I've already had them use bootrec /fixmbr and bootrec /fixboot which removed this error message but now they are presented with a flashing underscore on boot.
The thread is here: http://forums.majorgeeks.com/showthread.php?t=257856
Do you have any suggestions on what needs to be done in order to get them booting again?

Attaching part of the TDSSKiller log since you may not be able to view the attachments without being registered.

21:35:28.0334 2472 Detected object count: 2
21:35:28.0334 2472 Actual detected object count: 2
21:36:07.0348 2472 \Device\Harddisk0\DR0\# - copied to quarantine
21:36:07.0349 2472 \Device\Harddisk0\DR0 - copied to quarantine
21:36:07.0377 2472 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:36:07.0400 2472 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:36:07.0410 2472 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:36:07.0419 2472 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:36:07.0421 2472 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:36:07.0422 2472 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:36:07.0458 2472 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:36:07.0460 2472 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:36:07.0464 2472 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:36:07.0465 2472 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:36:07.0467 2472 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:36:07.0469 2472 \Device\Harddisk0\DR0 - processing error
21:36:16.0204 2472 \Device\Harddisk0\DR0 - will be restored on reboot
21:36:21.0750 2472 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure Restore
21:36:21.0760 2472 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:36:21.0762 2472 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:36:21.0777 2472 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:36:21.0784 2472 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:36:21.0811 2472 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:36:21.0814 2472 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:36:21.0816 2472 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:36:21.0818 2472 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:36:21.0828 2472 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:36:21.0831 2472 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:36:21.0839 2472 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:36:21.0841 2472 \Device\Harddisk0\DR0\TDLFS - deleted
21:36:21.0841 2472 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

Thanks for any help

This post has been edited by thisisu: 25.04.2012 23:59

[skunkbayweather]

Actually..... I got up at 2:45 this morning after a scan by another utility and decided to try Tdsskiller one more time. I was thrilled to find an update! I was even more thrilled when it worked!!!

Thank You,
Greg

[surbo]

Actually..... I got up at 2:45 this morning after a scan by another utility and decided to try Tdsskiller one more time. I was thrilled to find an update! I was even more thrilled when it worked!!!

Thank You,
Greg

Glad its working now - I used symantecs tool for tdss and fixed it. If I find another I will test this.

[Yury.Parshin]

Hello Yury.Parshin,

I have a user that experienced the same "Invalid Partition" on reboot problem after using v2.7.32.0
I've already had them use bootrec /fixmbr and bootrec /fixboot which removed this error message but now they are presented with a flashing underscore on boot.
The thread is here: http://forums.majorgeeks.com/showthread.php?t=257856
Do you have any suggestions on what needs to be done in order to get them booting again?

Attaching part of the TDSSKiller log since you may not be able to view the attachments without being registered.

21:35:28.0334 2472 Detected object count: 2
21:35:28.0334 2472 Actual detected object count: 2
21:36:07.0348 2472 \Device\Harddisk0\DR0\# - copied to quarantine
21:36:07.0349 2472 \Device\Harddisk0\DR0 - copied to quarantine
21:36:07.0377 2472 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:36:07.0400 2472 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:36:07.0410 2472 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:36:07.0419 2472 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:36:07.0421 2472 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:36:07.0422 2472 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:36:07.0458 2472 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:36:07.0460 2472 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:36:07.0464 2472 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:36:07.0465 2472 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:36:07.0467 2472 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:36:07.0469 2472 \Device\Harddisk0\DR0 - processing error
21:36:16.0204 2472 \Device\Harddisk0\DR0 - will be restored on reboot
21:36:21.0750 2472 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure Restore
21:36:21.0760 2472 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:36:21.0762 2472 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:36:21.0777 2472 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:36:21.0784 2472 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:36:21.0811 2472 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:36:21.0814 2472 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:36:21.0816 2472 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:36:21.0818 2472 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:36:21.0828 2472 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:36:21.0831 2472 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:36:21.0839 2472 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:36:21.0841 2472 \Device\Harddisk0\DR0\TDLFS - deleted
21:36:21.0841 2472 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

Thanks for any help

Hello. The actual version is 2.7.33. Earlier can't cure new Pihar.c. Boot problem explanation - http://forum.kaspersky.com/index.php?showt...t&p=1841421

[thisisu]

Hello. The actual version is 2.7.33. Earlier can't cure new Pihar.c. Boot problem explanation - http://forum.kaspersky.com/index.php?showt...t&p=1841421

Thank you, Yury.Parshin