12 replies to this topic

[momofthree]

My Malware keeps blocking an outgoing threat. Its coming from IP address 206.161.121.5 and coming from Port: svchost.exe

I have run my Malware and it sees it but when I reboot to have it removed it comes right back. I am not very tech savvy so please bear with me.

Attached Files

•  Attach.txt   8.68K   6 downloads
•  DDS.txt   24.63K   5 downloads

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

[momofthree]

I'm trying to run the Roguekiller but my computer keeps stopping it. I have turned off my SmartScreen Filter and my Norton security but windows keeps stopping it. What else do I need to turn off to run this program?

[MrCharlie]

Can you disable it?

Information on disabling your malware programs can be found Here.

MrC

[momofthree]

Thank you for bearing with me. I really don't know what else to disable. I have gone into my security folder and made sure everything has been disabled. The pop up that I get is that Roguekiller has stopped working correctly and windows willl close the problem. I'm not sure what I am doing wrong. I can get it to come up but once it starts to scan my computer I get that pop up. I'm sorry I'm not really tech savvy but I am trying. I just don't know what else to do. I don't know what else to disable or what is causing the problem. Thank you for taking the time to help me out.

[MrCharlie]

See post below, MrC

[MrCharlie]

Try renaming it to userinit.exe or abc.com, if it still won't run just do this.....

---------------------------------

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.



----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

[momofthree]

10:35:39.0127 5304 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
10:35:39.0423 5304 ============================================================
10:35:39.0423 5304 Current date / time: 2012/04/22 10:35:39.0423
10:35:39.0423 5304 SystemInfo:
10:35:39.0423 5304
10:35:39.0423 5304 OS Version: 6.1.7601 ServicePack: 1.0
10:35:39.0423 5304 Product type: Workstation
10:35:39.0423 5304 ComputerName: CINDY-HP
10:35:39.0423 5304 UserName: Cindy
10:35:39.0423 5304 Windows directory: C:\Windows
10:35:39.0423 5304 System windows directory: C:\Windows
10:35:39.0423 5304 Running under WOW64
10:35:39.0423 5304 Processor architecture: Intel x64
10:35:39.0423 5304 Number of processors: 8
10:35:39.0423 5304 Page size: 0x1000
10:35:39.0423 5304 Boot type: Normal boot
10:35:39.0423 5304 ============================================================
10:35:39.0845 5304 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:35:39.0845 5304 \Device\Harddisk0\DR0:
10:35:39.0845 5304 MBR partitions:
10:35:39.0845 5304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:35:39.0845 5304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72EE1800
10:35:39.0845 5304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72F14000, BlocksNum 0x17F2000
10:35:39.0876 5304 C: <-> \Device\Harddisk0\DR0\Partition1
10:35:39.0923 5304 D: <-> \Device\Harddisk0\DR0\Partition2
10:35:39.0923 5304 Initialize success
10:35:39.0923 5304 ============================================================
10:40:11.0363 6100 ============================================================
10:40:11.0363 6100 Scan started
10:40:11.0363 6100 Mode: Manual; SigCheck; TDLFS;
10:40:11.0363 6100 ============================================================
10:40:11.0566 6100 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:40:11.0613 6100 !SASCORE - ok
10:40:12.0439 6100 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:40:13.0235 6100 1394ohci - ok
10:40:13.0313 6100 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:40:13.0344 6100 ACDaemon - ok
10:40:13.0407 6100 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:40:13.0438 6100 ACPI - ok
10:40:13.0453 6100 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:40:13.0500 6100 AcpiPmi - ok
10:40:13.0594 6100 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:40:13.0609 6100 AdobeARMservice - ok
10:40:13.0641 6100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:40:13.0656 6100 adp94xx - ok
10:40:13.0687 6100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:40:13.0719 6100 adpahci - ok
10:40:13.0734 6100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:40:13.0750 6100 adpu320 - ok
10:40:13.0781 6100 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:40:13.0828 6100 AeLookupSvc - ok
10:40:13.0875 6100 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:40:13.0921 6100 AFD - ok
10:40:13.0953 6100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:40:13.0968 6100 agp440 - ok
10:40:13.0999 6100 ahcix64s (a31f4d7c3243341e06155d1ac09a7e98) C:\Windows\system32\drivers\ahcix64s.sys
10:40:14.0015 6100 ahcix64s - ok
10:40:14.0031 6100 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:40:14.0062 6100 ALG - ok
10:40:14.0093 6100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:40:14.0109 6100 aliide - ok
10:40:14.0140 6100 AMD External Events Utility (998021e7c3de3e97e441abace498ffb6) C:\Windows\system32\atiesrxx.exe
10:40:14.0187 6100 AMD External Events Utility - ok
10:40:14.0233 6100 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\drivers\amdhub30.sys
10:40:14.0233 6100 amdhub30 - ok
10:40:14.0249 6100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:40:14.0265 6100 amdide - ok
10:40:14.0296 6100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:40:14.0311 6100 AmdK8 - ok
10:40:14.0467 6100 amdkmdag (250d5b746fff9b7d88591ee60b63b3e4) C:\Windows\system32\DRIVERS\atikmdag.sys
10:40:14.0639 6100 amdkmdag - ok
10:40:14.0655 6100 amdkmdap (781daec0c3e63950cca53d193582f2e8) C:\Windows\system32\DRIVERS\atikmpag.sys
10:40:14.0670 6100 amdkmdap - ok
10:40:14.0717 6100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:40:14.0748 6100 AmdPPM - ok
10:40:14.0795 6100 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:40:14.0811 6100 amdsata - ok
10:40:14.0857 6100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:40:14.0873 6100 amdsbs - ok
10:40:14.0889 6100 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:40:14.0904 6100 amdxata - ok
10:40:14.0935 6100 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\drivers\amdxhc.sys
10:40:14.0951 6100 amdxhc - ok
10:40:15.0013 6100 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\drivers\amd_sata.sys
10:40:15.0029 6100 amd_sata - ok
10:40:15.0045 6100 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\drivers\amd_xata.sys
10:40:15.0045 6100 amd_xata - ok
10:40:15.0076 6100 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:40:15.0185 6100 AppID - ok
10:40:15.0216 6100 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:40:15.0341 6100 AppIDSvc - ok
10:40:15.0637 6100 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:40:15.0715 6100 Appinfo - ok
10:40:15.0762 6100 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:40:15.0778 6100 arc - ok
10:40:15.0809 6100 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:40:15.0825 6100 arcsas - ok
10:40:15.0871 6100 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
10:40:15.0871 6100 ArcSoftKsUFilter - ok
10:40:15.0949 6100 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:40:15.0981 6100 aspnet_state - ok
10:40:16.0012 6100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:40:16.0059 6100 AsyncMac - ok
10:40:16.0105 6100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:40:16.0105 6100 atapi - ok
10:40:16.0137 6100 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
10:40:16.0152 6100 AtiHDAudioService - ok
10:40:16.0199 6100 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:40:16.0261 6100 AudioEndpointBuilder - ok
10:40:16.0261 6100 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:40:16.0293 6100 AudioSrv - ok
10:40:16.0308 6100 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:40:16.0371 6100 AxInstSV - ok
10:40:16.0402 6100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:40:16.0433 6100 b06bdrv - ok
10:40:16.0480 6100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:40:16.0511 6100 b57nd60a - ok
10:40:16.0558 6100 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:40:16.0573 6100 BBSvc - ok
10:40:16.0651 6100 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:40:16.0698 6100 BCM43XX - ok
10:40:16.0714 6100 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:40:16.0729 6100 BDESVC - ok
10:40:16.0745 6100 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:40:16.0807 6100 Beep - ok
10:40:16.0854 6100 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:40:16.0901 6100 BFE - ok
10:40:17.0026 6100 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
10:40:17.0057 6100 BHDrvx64 - ok
10:40:17.0088 6100 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:40:17.0166 6100 BITS - ok
10:40:17.0197 6100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
10:40:17.0213 6100 blbdrive - ok
10:40:17.0229 6100 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:40:17.0260 6100 bowser - ok
10:40:17.0291 6100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:40:17.0307 6100 BrFiltLo - ok
10:40:17.0322 6100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:40:17.0338 6100 BrFiltUp - ok
10:40:17.0353 6100 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:40:17.0416 6100 Browser - ok
10:40:17.0447 6100 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:40:17.0494 6100 Brserid - ok
10:40:17.0509 6100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:40:17.0541 6100 BrSerWdm - ok
10:40:17.0572 6100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:40:17.0587 6100 BrUsbMdm - ok
10:40:17.0619 6100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:40:17.0728 6100 BrUsbSer - ok
10:40:18.0087 6100 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
10:40:18.0102 6100 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
10:40:18.0102 6100 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
10:40:18.0133 6100 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:40:18.0165 6100 BthEnum - ok
10:40:18.0196 6100 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:40:18.0227 6100 BTHMODEM - ok
10:40:18.0243 6100 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:40:18.0274 6100 BthPan - ok
10:40:18.0289 6100 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:40:18.0321 6100 BTHPORT - ok
10:40:18.0367 6100 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:40:18.0414 6100 bthserv - ok
10:40:18.0445 6100 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:40:18.0477 6100 BTHUSB - ok
10:40:18.0523 6100 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys
10:40:18.0539 6100 BTWAMPFL - ok
10:40:18.0570 6100 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\Windows\system32\drivers\btwaudio.sys
10:40:18.0586 6100 btwaudio - ok
10:40:18.0633 6100 btwavdt (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys
10:40:18.0648 6100 btwavdt - ok
10:40:18.0711 6100 btwdins (1ad3a2baf31c4327dcbb2b0eca4a23bb) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:40:18.0742 6100 btwdins - ok
10:40:18.0773 6100 btwl2cap (346b4051b3d7ff70e8f027869b8eca6e) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:40:18.0773 6100 btwl2cap - ok
10:40:18.0804 6100 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
10:40:18.0820 6100 btwrchid - ok
10:40:18.0898 6100 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys
10:40:18.0913 6100 ccSet_NIS - ok
10:40:18.0929 6100 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:40:18.0976 6100 cdfs - ok
10:40:19.0007 6100 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:40:19.0023 6100 cdrom - ok
10:40:19.0069 6100 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:40:19.0116 6100 CertPropSvc - ok
10:40:19.0147 6100 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:40:19.0163 6100 circlass - ok
10:40:19.0194 6100 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:40:19.0210 6100 CLFS - ok
10:40:19.0272 6100 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:40:19.0288 6100 clr_optimization_v2.0.50727_32 - ok
10:40:19.0335 6100 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:40:19.0350 6100 clr_optimization_v2.0.50727_64 - ok
10:40:19.0397 6100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:40:19.0428 6100 clr_optimization_v4.0.30319_32 - ok
10:40:19.0459 6100 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:40:19.0491 6100 clr_optimization_v4.0.30319_64 - ok
10:40:19.0522 6100 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:40:19.0553 6100 CmBatt - ok
10:40:19.0569 6100 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:40:19.0584 6100 cmdide - ok
10:40:19.0615 6100 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:40:19.0647 6100 CNG - ok
10:40:19.0678 6100 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:40:19.0693 6100 Compbatt - ok
10:40:19.0725 6100 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:40:19.0756 6100 CompositeBus - ok
10:40:19.0771 6100 COMSysApp - ok
10:40:19.0787 6100 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:40:19.0803 6100 crcdisk - ok
10:40:19.0834 6100 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:40:19.0896 6100 CryptSvc - ok
10:40:19.0927 6100 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
10:40:19.0943 6100 dc3d - ok
10:40:20.0021 6100 DCamUSBNovatek (87a70750325afc300f0977dc3137a350) C:\Windows\system32\Drivers\nvtcam.sys
10:40:20.0442 6100 DCamUSBNovatek - ok
10:40:20.0505 6100 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:40:20.0567 6100 DcomLaunch - ok
10:40:20.0598 6100 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:40:20.0645 6100 defragsvc - ok
10:40:20.0676 6100 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:40:20.0707 6100 DfsC - ok
10:40:20.0723 6100 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:40:20.0785 6100 Dhcp - ok
10:40:20.0848 6100 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:40:20.0895 6100 discache - ok
10:40:20.0910 6100 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:40:20.0910 6100 Disk - ok
10:40:20.0941 6100 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:40:20.0973 6100 Dnscache - ok
10:40:20.0988 6100 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:40:21.0035 6100 dot3svc - ok
10:40:21.0051 6100 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:40:21.0097 6100 DPS - ok
10:40:21.0129 6100 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:40:21.0160 6100 drmkaud - ok
10:40:21.0191 6100 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:40:21.0207 6100 DXGKrnl - ok
10:40:21.0222 6100 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:40:21.0253 6100 EapHost - ok
10:40:21.0331 6100 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:40:21.0425 6100 ebdrv - ok
10:40:21.0503 6100 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:40:21.0519 6100 eeCtrl - ok
10:40:21.0565 6100 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:40:21.0612 6100 EFS - ok
10:40:21.0659 6100 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:40:21.0706 6100 ehRecvr - ok
10:40:21.0706 6100 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:40:21.0737 6100 ehSched - ok
10:40:21.0768 6100 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:40:21.0784 6100 elxstor - ok
10:40:21.0815 6100 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:40:21.0831 6100 EraserUtilRebootDrv - ok
10:40:21.0862 6100 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:40:21.0877 6100 ErrDev - ok
10:40:21.0909 6100 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:40:21.0955 6100 EventSystem - ok
10:40:22.0002 6100 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:40:22.0049 6100 exfat - ok
10:40:22.0065 6100 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:40:22.0111 6100 fastfat - ok
10:40:22.0143 6100 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:40:22.0158 6100 Fax - ok
10:40:22.0189 6100 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:40:22.0189 6100 fdc - ok
10:40:22.0221 6100 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:40:22.0267 6100 fdPHost - ok
10:40:22.0283 6100 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:40:22.0299 6100 FDResPub - ok
10:40:22.0330 6100 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:40:22.0330 6100 FileInfo - ok
10:40:22.0345 6100 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:40:22.0361 6100 Filetrace - ok
10:40:22.0392 6100 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:40:22.0392 6100 flpydisk - ok
10:40:22.0423 6100 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:40:22.0423 6100 FltMgr - ok
10:40:23.0079 6100 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:40:23.0110 6100 FontCache - ok
10:40:23.0172 6100 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:40:23.0188 6100 FontCache3.0.0.0 - ok
10:40:23.0235 6100 FPLService (71cdc1d7f58d5ec49ebc2e2332ad3fae) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
10:40:23.0250 6100 FPLService - ok
10:40:23.0281 6100 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:40:23.0297 6100 FsDepends - ok
10:40:23.0344 6100 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:40:23.0359 6100 Fs_Rec - ok
10:40:23.0375 6100 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:40:23.0391 6100 fvevol - ok
10:40:23.0422 6100 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:40:23.0422 6100 gagp30kx - ok
10:40:23.0484 6100 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:40:23.0500 6100 GamesAppService - ok
10:40:23.0547 6100 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:40:23.0578 6100 gpsvc - ok
10:40:23.0609 6100 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:40:23.0625 6100 hcw85cir - ok
10:40:23.0671 6100 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:40:23.0703 6100 HdAudAddService - ok
10:40:23.0734 6100 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:40:23.0749 6100 HDAudBus - ok
10:40:23.0781 6100 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:40:23.0796 6100 HidBatt - ok
10:40:23.0812 6100 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:40:23.0843 6100 HidBth - ok
10:40:23.0874 6100 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:40:23.0890 6100 HidIr - ok
10:40:23.0921 6100 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:40:23.0968 6100 hidserv - ok
10:40:23.0983 6100 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:40:23.0999 6100 HidUsb - ok
10:40:24.0015 6100 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:40:24.0061 6100 hkmsvc - ok
10:40:24.0093 6100 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:40:24.0124 6100 HomeGroupListener - ok
10:40:24.0139 6100 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:40:24.0155 6100 HomeGroupProvider - ok
10:40:24.0233 6100 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:40:24.0249 6100 HP Support Assistant Service - ok
10:40:24.0295 6100 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:40:24.0311 6100 HPClientSvc - ok
10:40:24.0342 6100 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:40:24.0358 6100 HPDrvMntSvc.exe - ok
10:40:24.0373 6100 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:40:24.0405 6100 hpqwmiex - ok
10:40:24.0451 6100 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:40:24.0467 6100 HpSAMD - ok
10:40:24.0498 6100 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:40:24.0561 6100 HTTP - ok
10:40:24.0576 6100 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:40:24.0576 6100 hwpolicy - ok
10:40:24.0607 6100 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:40:24.0623 6100 i8042prt - ok
10:40:24.0670 6100 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys
10:40:24.0685 6100 iaStor - ok
10:40:24.0717 6100 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:40:24.0748 6100 iaStorV - ok
10:40:24.0810 6100 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:40:24.0841 6100 idsvc - ok
10:40:24.0966 6100 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120420.001\IDSvia64.sys
10:40:24.0982 6100 IDSVia64 - ok
10:40:25.0668 6100 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:40:25.0824 6100 igfx - ok
10:40:25.0871 6100 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:40:25.0887 6100 iirsp - ok
10:40:25.0918 6100 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:40:25.0980 6100 IKEEXT - ok
10:40:26.0058 6100 IntcAzAudAddService (c7124da48e557d8f88d0d7f1254557f4) C:\Windows\system32\drivers\RTKVHD64.sys
10:40:26.0105 6100 IntcAzAudAddService - ok
10:40:26.0121 6100 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:40:26.0136 6100 intelide - ok
10:40:26.0167 6100 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
10:40:26.0183 6100 intelppm - ok
10:40:26.0199 6100 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:40:26.0245 6100 IPBusEnum - ok
10:40:26.0261 6100 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:40:26.0292 6100 IpFilterDriver - ok
10:40:26.0339 6100 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:40:26.0401 6100 iphlpsvc - ok
10:40:26.0417 6100 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:40:26.0417 6100 IPMIDRV - ok
10:40:26.0448 6100 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:40:26.0464 6100 IPNAT - ok
10:40:26.0479 6100 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:40:26.0479 6100 IRENUM - ok
10:40:26.0511 6100 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:40:26.0526 6100 isapnp - ok
10:40:26.0542 6100 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:40:26.0557 6100 iScsiPrt - ok
10:40:26.0620 6100 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
10:40:26.0635 6100 jhi_service - ok
10:40:26.0667 6100 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:40:26.0682 6100 kbdclass - ok
10:40:26.0729 6100 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:40:26.0745 6100 kbdhid - ok
10:40:26.0776 6100 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:40:26.0791 6100 KeyIso - ok
10:40:26.0807 6100 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:40:26.0823 6100 KSecDD - ok
10:40:26.0854 6100 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:40:26.0869 6100 KSecPkg - ok
10:40:26.0885 6100 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:40:26.0916 6100 ksthunk - ok
10:40:26.0963 6100 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:40:26.0994 6100 KtmRm - ok
10:40:27.0025 6100 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:40:27.0057 6100 LanmanServer - ok
10:40:27.0088 6100 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:40:27.0103 6100 LanmanWorkstation - ok
10:40:27.0275 6100 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
10:40:27.0400 6100 LeapFrog Connect Device Service - ok
10:40:27.0462 6100 LeapFrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys
10:40:27.0478 6100 LeapFrog-USBLAN - ok
10:40:27.0509 6100 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:40:27.0571 6100 lltdio - ok
10:40:27.0993 6100 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:40:28.0024 6100 lltdsvc - ok
10:40:28.0055 6100 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:40:28.0071 6100 lmhosts - ok
10:40:28.0086 6100 LMS (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:40:28.0102 6100 LMS - ok
10:40:28.0117 6100 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:40:28.0133 6100 LSI_FC - ok
10:40:28.0164 6100 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:40:28.0180 6100 LSI_SAS - ok
10:40:28.0195 6100 LSI_SAS2 (b36dcc1517afc724c3cad4d0dcccabec) C:\Windows\system32\drivers\lsi_sas2.sys
10:40:28.0211 6100 LSI_SAS2 - ok
10:40:28.0227 6100 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:40:28.0242 6100 LSI_SCSI - ok
10:40:28.0273 6100 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:40:28.0320 6100 luafv - ok
10:40:28.0367 6100 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
10:40:28.0367 6100 MBAMProtector - ok
10:40:28.0461 6100 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:40:28.0476 6100 MBAMService - ok
10:40:28.0492 6100 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:40:28.0507 6100 Mcx2Svc - ok
10:40:28.0523 6100 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:40:28.0523 6100 megasas - ok
10:40:28.0554 6100 megasas2 (5e886be4014cf9082054acb2c02aeffd) C:\Windows\system32\drivers\megasas2.sys
10:40:28.0570 6100 megasas2 - ok
10:40:28.0585 6100 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:40:28.0601 6100 MegaSR - ok
10:40:28.0617 6100 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
10:40:28.0617 6100 MEIx64 - ok
10:40:28.0695 6100 MemeoBackgroundService (671a03ca9cd0259ccbb7b78a9ce234ec) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
10:40:28.0695 6100 MemeoBackgroundService - ok
10:40:28.0710 6100 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:40:28.0773 6100 MMCSS - ok
10:40:28.0788 6100 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:40:28.0819 6100 Modem - ok
10:40:28.0851 6100 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:40:28.0866 6100 monitor - ok
10:40:28.0897 6100 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:40:28.0913 6100 mouclass - ok
10:40:28.0929 6100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:40:28.0944 6100 mouhid - ok
10:40:28.0975 6100 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:40:28.0991 6100 mountmgr - ok
10:40:29.0007 6100 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:40:29.0022 6100 mpio - ok
10:40:29.0038 6100 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:40:29.0085 6100 mpsdrv - ok
10:40:29.0116 6100 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:40:29.0131 6100 MpsSvc - ok
10:40:29.0163 6100 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:40:29.0194 6100 MRxDAV - ok
10:40:29.0209 6100 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:40:29.0225 6100 mrxsmb - ok
10:40:29.0241 6100 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:40:29.0272 6100 mrxsmb10 - ok
10:40:29.0287 6100 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:40:29.0303 6100 mrxsmb20 - ok
10:40:29.0319 6100 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:40:29.0334 6100 msahci - ok
10:40:29.0365 6100 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:40:29.0365 6100 msdsm - ok
10:40:29.0397 6100 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:40:29.0412 6100 MSDTC - ok
10:40:29.0443 6100 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:40:29.0490 6100 Msfs - ok
10:40:29.0506 6100 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:40:29.0521 6100 mshidkmdf - ok
10:40:29.0537 6100 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:40:29.0537 6100 msisadrv - ok
10:40:29.0568 6100 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:40:29.0615 6100 MSiSCSI - ok
10:40:29.0615 6100 msiserver - ok
10:40:29.0646 6100 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:40:29.0693 6100 MSKSSRV - ok
10:40:29.0709 6100 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:40:29.0724 6100 MSPCLOCK - ok
10:40:29.0740 6100 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:40:29.0771 6100 MSPQM - ok
10:40:29.0787 6100 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:40:29.0802 6100 MsRPC - ok
10:40:29.0818 6100 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:40:29.0833 6100 mssmbios - ok
10:40:30.0348 6100 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:40:30.0395 6100 MSTEE - ok
10:40:30.0426 6100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:40:30.0426 6100 MTConfig - ok
10:40:30.0442 6100 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:40:30.0442 6100 Mup - ok
10:40:30.0473 6100 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:40:30.0535 6100 napagent - ok
10:40:30.0567 6100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:40:30.0582 6100 NativeWifiP - ok
10:40:30.0723 6100 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120421.017\ENG64.SYS
10:40:30.0738 6100 NAVENG - ok
10:40:30.0816 6100 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120421.017\EX64.SYS
10:40:30.0847 6100 NAVEX15 - ok
10:40:30.0894 6100 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:40:30.0925 6100 NDIS - ok
10:40:30.0957 6100 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:40:30.0972 6100 NdisCap - ok
10:40:31.0003 6100 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:40:31.0050 6100 NdisTapi - ok
10:40:31.0066 6100 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:40:31.0081 6100 Ndisuio - ok
10:40:31.0144 6100 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:40:31.0206 6100 NdisWan - ok
10:40:31.0222 6100 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:40:31.0237 6100 NDProxy - ok
10:40:31.0269 6100 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:40:31.0284 6100 NetBIOS - ok
10:40:31.0315 6100 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:40:31.0331 6100 NetBT - ok
10:40:31.0362 6100 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:40:31.0378 6100 Netlogon - ok
10:40:31.0440 6100 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:40:31.0471 6100 Netman - ok
10:40:31.0549 6100 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:31.0565 6100 NetMsmqActivator - ok
10:40:31.0565 6100 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:31.0581 6100 NetPipeActivator - ok
10:40:31.0612 6100 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:40:31.0659 6100 netprofm - ok
10:40:31.0659 6100 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:31.0659 6100 NetTcpActivator - ok
10:40:31.0659 6100 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:40:31.0674 6100 NetTcpPortSharing - ok
10:40:31.0690 6100 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:40:31.0705 6100 nfrd960 - ok
10:40:31.0768 6100 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
10:40:31.0783 6100 NIS - ok
10:40:31.0815 6100 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:40:31.0861 6100 NlaSvc - ok
10:40:31.0877 6100 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:40:31.0893 6100 Npfs - ok
10:40:31.0893 6100 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:40:31.0939 6100 nsi - ok
10:40:31.0939 6100 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:40:31.0971 6100 nsiproxy - ok
10:40:32.0033 6100 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:40:32.0095 6100 Ntfs - ok
10:40:32.0111 6100 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:40:32.0127 6100 Null - ok
10:40:32.0142 6100 nusb3hub (c25cc69829e976c67b34152334eeddd1) C:\Windows\system32\drivers\nusb3hub.sys
10:40:32.0158 6100 nusb3hub - ok
10:40:32.0626 6100 nusb3xhc (20bc4b57a6dba0447adb3b623c200f8e) C:\Windows\system32\drivers\nusb3xhc.sys
10:40:32.0673 6100 nusb3xhc - ok
10:40:32.0719 6100 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:40:32.0735 6100 nvraid - ok
10:40:32.0782 6100 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:40:32.0797 6100 nvstor - ok
10:40:32.0829 6100 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\drivers\nvstor64.sys
10:40:32.0844 6100 nvstor64 - ok
10:40:32.0860 6100 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:40:32.0860 6100 nv_agp - ok
10:40:32.0891 6100 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:40:32.0907 6100 ohci1394 - ok
10:40:32.0953 6100 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:40:32.0969 6100 ose - ok
10:40:33.0109 6100 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:40:33.0156 6100 osppsvc - ok
10:40:33.0187 6100 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:40:33.0203 6100 p2pimsvc - ok
10:40:33.0234 6100 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:40:33.0250 6100 p2psvc - ok
10:40:33.0297 6100 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:40:33.0312 6100 Parport - ok
10:40:33.0343 6100 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:40:33.0343 6100 partmgr - ok
10:40:33.0375 6100 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:40:33.0406 6100 PcaSvc - ok
10:40:33.0421 6100 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:40:33.0437 6100 pci - ok
10:40:33.0468 6100 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:40:33.0484 6100 pciide - ok
10:40:33.0515 6100 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:40:33.0531 6100 pcmcia - ok
10:40:33.0546 6100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:40:33.0546 6100 pcw - ok
10:40:33.0577 6100 pdfcDispatcher - ok
10:40:33.0609 6100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:40:33.0655 6100 PEAUTH - ok
10:40:33.0687 6100 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:40:33.0718 6100 PerfHost - ok
10:40:33.0780 6100 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:40:33.0843 6100 pla - ok
10:40:33.0889 6100 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:40:33.0921 6100 PlugPlay - ok
10:40:33.0936 6100 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys
10:40:33.0952 6100 pmxdrv - ok
10:40:33.0983 6100 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:40:34.0014 6100 PNRPAutoReg - ok
10:40:34.0030 6100 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:40:34.0045 6100 PNRPsvc - ok
10:40:34.0077 6100 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
10:40:34.0092 6100 Point64 - ok
10:40:34.0123 6100 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:40:34.0170 6100 PolicyAgent - ok
10:40:34.0201 6100 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:40:34.0264 6100 Power - ok
10:40:34.0295 6100 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:40:34.0357 6100 PptpMiniport - ok
10:40:34.0373 6100 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:40:34.0404 6100 Processor - ok
10:40:34.0435 6100 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:40:34.0498 6100 ProfSvc - ok
10:40:34.0872 6100 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:40:34.0888 6100 ProtectedStorage - ok
10:40:34.0903 6100 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:40:34.0950 6100 Psched - ok
10:40:34.0997 6100 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:40:35.0044 6100 ql2300 - ok
10:40:35.0075 6100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:40:35.0075 6100 ql40xx - ok
10:40:35.0106 6100 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:40:35.0122 6100 QWAVE - ok
10:40:35.0122 6100 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:40:35.0137 6100 QWAVEdrv - ok
10:40:35.0169 6100 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:40:35.0215 6100 RasAcd - ok
10:40:35.0247 6100 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:40:35.0262 6100 RasAgileVpn - ok
10:40:35.0278 6100 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:40:35.0294 6100 RasAuto - ok
10:40:35.0309 6100 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:40:35.0372 6100 Rasl2tp - ok
10:40:35.0418 6100 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:40:35.0450 6100 RasMan - ok
10:40:35.0465 6100 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:40:35.0496 6100 RasPppoe - ok
10:40:35.0512 6100 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:40:35.0528 6100 RasSstp - ok
10:40:35.0543 6100 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:40:35.0574 6100 rdbss - ok
10:40:35.0590 6100 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:40:35.0606 6100 rdpbus - ok
10:40:35.0621 6100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:40:35.0637 6100 RDPCDD - ok
10:40:35.0684 6100 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:40:35.0746 6100 RDPENCDD - ok
10:40:35.0777 6100 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:40:35.0808 6100 RDPREFMP - ok
10:40:35.0855 6100 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:40:35.0902 6100 RDPWD - ok
10:40:35.0918 6100 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:40:35.0933 6100 rdyboost - ok
10:40:35.0964 6100 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:40:36.0027 6100 RemoteAccess - ok
10:40:36.0042 6100 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:40:36.0089 6100 RemoteRegistry - ok
10:40:36.0136 6100 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:40:36.0167 6100 RFCOMM - ok
10:40:36.0214 6100 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
10:40:36.0230 6100 RoxioNow Service - ok
10:40:36.0292 6100 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:40:36.0339 6100 RpcEptMapper - ok
10:40:36.0354 6100 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:40:36.0354 6100 RpcLocator - ok
10:40:36.0370 6100 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:40:36.0401 6100 RpcSs - ok
10:40:36.0417 6100 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:40:36.0432 6100 rspndr - ok
10:40:36.0464 6100 rsteahci (3801f80b38a08ec0be283093644e5a09) C:\Windows\system32\drivers\rsteahci.sys
10:40:36.0495 6100 rsteahci - ok
10:40:36.0510 6100 rstescu (e5d8afc13a276114660cb4adb3e2d6a3) C:\Windows\system32\drivers\rstescu.sys
10:40:36.0526 6100 rstescu - ok
10:40:36.0557 6100 rstescu1 (828572882dbd58d35417daeed07bc8b6) C:\Windows\system32\drivers\rstescu1.sys
10:40:36.0588 6100 rstescu1 - ok
10:40:36.0620 6100 rstfltr (397cffcd9c8b9978b38163d727c78aa1) C:\Windows\system32\drivers\rstfltr.sys
10:40:36.0635 6100 rstfltr - ok
10:40:36.0666 6100 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:40:36.0682 6100 RTL8167 - ok
10:40:37.0119 6100 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:40:37.0134 6100 SamSs - ok
10:40:37.0212 6100 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:40:37.0228 6100 SASDIFSV - ok
10:40:37.0259 6100 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:40:37.0275 6100 SASKUTIL - ok
10:40:37.0306 6100 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:40:37.0322 6100 sbp2port - ok
10:40:37.0353 6100 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:40:37.0384 6100 SCardSvr - ok
10:40:37.0400 6100 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:40:37.0431 6100 scfilter - ok
10:40:37.0462 6100 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:40:37.0509 6100 Schedule - ok
10:40:37.0540 6100 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:40:37.0571 6100 SCPolicySvc - ok
10:40:37.0571 6100 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:40:37.0587 6100 SDRSVC - ok
10:40:37.0618 6100 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
10:40:37.0618 6100 SeagateDashboardService - ok
10:40:37.0649 6100 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:40:37.0680 6100 SeaPort - ok
10:40:37.0696 6100 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:40:37.0758 6100 secdrv - ok
10:40:37.0774 6100 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:40:37.0805 6100 seclogon - ok
10:40:37.0821 6100 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:40:37.0852 6100 SENS - ok
10:40:37.0852 6100 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:40:37.0868 6100 SensrSvc - ok
10:40:37.0899 6100 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:40:37.0914 6100 Serenum - ok
10:40:37.0930 6100 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:40:37.0961 6100 Serial - ok
10:40:37.0992 6100 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:40:38.0024 6100 sermouse - ok
10:40:38.0039 6100 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:40:38.0102 6100 SessionEnv - ok
10:40:38.0117 6100 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:40:38.0133 6100 sffdisk - ok
10:40:38.0148 6100 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:40:38.0164 6100 sffp_mmc - ok
10:40:38.0180 6100 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:40:38.0195 6100 sffp_sd - ok
10:40:38.0211 6100 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:40:38.0211 6100 sfloppy - ok
10:40:38.0242 6100 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:40:38.0258 6100 SharedAccess - ok
10:40:38.0289 6100 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:40:38.0304 6100 ShellHWDetection - ok
10:40:38.0336 6100 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:40:38.0351 6100 SiSRaid2 - ok
10:40:38.0367 6100 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:40:38.0382 6100 SiSRaid4 - ok
10:40:38.0398 6100 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:40:38.0429 6100 Smb - ok
10:40:38.0460 6100 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:40:38.0476 6100 SNMPTRAP - ok
10:40:38.0507 6100 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:40:38.0507 6100 spldr - ok
10:40:38.0538 6100 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:40:38.0554 6100 Spooler - ok
10:40:38.0601 6100 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:40:38.0694 6100 sppsvc - ok
10:40:38.0726 6100 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:40:38.0757 6100 sppuinotify - ok
10:40:38.0819 6100 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS
10:40:38.0850 6100 SRTSP - ok
10:40:38.0882 6100 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS
10:40:38.0882 6100 SRTSPX - ok
10:40:38.0913 6100 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:40:38.0944 6100 srv - ok
10:40:39.0350 6100 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:40:39.0646 6100 srv2 - ok
10:40:39.0677 6100 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:40:39.0693 6100 srvnet - ok
10:40:39.0724 6100 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:40:39.0755 6100 SSDPSRV - ok
10:40:39.0786 6100 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:40:39.0818 6100 SstpSvc - ok
10:40:39.0849 6100 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:40:39.0849 6100 stexstor - ok
10:40:39.0880 6100 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:40:39.0911 6100 stisvc - ok
10:40:39.0927 6100 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:40:39.0942 6100 swenum - ok
10:40:39.0958 6100 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:40:39.0989 6100 swprv - ok
10:40:40.0098 6100 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS
10:40:40.0114 6100 SymDS - ok
10:40:40.0176 6100 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS
10:40:40.0223 6100 SymEFA - ok
10:40:40.0254 6100 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:40:40.0254 6100 SymEvent - ok
10:40:40.0301 6100 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS
10:40:40.0317 6100 SymIRON - ok
10:40:40.0332 6100 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS
10:40:40.0348 6100 SymNetS - ok
10:40:40.0395 6100 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:40:40.0473 6100 SysMain - ok
10:40:40.0504 6100 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:40:40.0520 6100 TabletInputService - ok
10:40:40.0551 6100 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:40:40.0582 6100 TapiSrv - ok
10:40:40.0582 6100 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:40:40.0613 6100 TBS - ok
10:40:40.0660 6100 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:40:40.0738 6100 Tcpip - ok
10:40:40.0785 6100 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:40:40.0816 6100 TCPIP6 - ok
10:40:40.0832 6100 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:40:40.0863 6100 tcpipreg - ok
10:40:40.0878 6100 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:40:40.0894 6100 TDPIPE - ok
10:40:40.0925 6100 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:40:40.0941 6100 TDTCP - ok
10:40:40.0972 6100 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:40:41.0003 6100 tdx - ok
10:40:41.0034 6100 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:40:41.0050 6100 TermDD - ok
10:40:41.0081 6100 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:40:41.0144 6100 TermService - ok
10:40:41.0159 6100 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:40:41.0159 6100 Themes - ok
10:40:41.0190 6100 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:40:41.0206 6100 THREADORDER - ok
10:40:41.0237 6100 tihub3 (ff879027c552a37897d107be6cedf6df) C:\Windows\system32\drivers\tihub3.sys
10:40:41.0237 6100 tihub3 - ok
10:40:41.0284 6100 tixhci (133c3b4a3e44616f8f571a0ebbef9b74) C:\Windows\system32\drivers\tixhci.sys
10:40:41.0315 6100 tixhci - ok
10:40:41.0331 6100 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:40:41.0378 6100 TrkWks - ok
10:40:41.0596 6100 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:40:41.0721 6100 TrustedInstaller - ok
10:40:41.0861 6100 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:40:41.0908 6100 tssecsrv - ok
10:40:41.0939 6100 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:40:41.0970 6100 TsUsbFlt - ok
10:40:41.0986 6100 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:40:42.0002 6100 TsUsbGD - ok
10:40:42.0033 6100 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:40:42.0080 6100 tunnel - ok
10:40:42.0111 6100 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:40:42.0111 6100 uagp35 - ok
10:40:42.0173 6100 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
10:40:42.0189 6100 uCamMonitor - ok
10:40:42.0204 6100 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:40:42.0251 6100 udfs - ok
10:40:42.0267 6100 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:40:42.0282 6100 UI0Detect - ok
10:40:42.0314 6100 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:40:42.0329 6100 uliagpkx - ok
10:40:42.0345 6100 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:40:42.0376 6100 umbus - ok
10:40:42.0392 6100 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:40:42.0407 6100 UmPass - ok
10:40:42.0485 6100 UNS (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:40:42.0532 6100 UNS - ok
10:40:42.0548 6100 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:40:42.0579 6100 upnphost - ok
10:40:42.0610 6100 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:40:42.0626 6100 usbaudio - ok
10:40:42.0657 6100 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:40:42.0688 6100 usbccgp - ok
10:40:42.0704 6100 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:40:42.0719 6100 usbcir - ok
10:40:42.0750 6100 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:40:42.0766 6100 usbehci - ok
10:40:42.0797 6100 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
10:40:42.0844 6100 usbhub - ok
10:40:42.0860 6100 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:40:42.0875 6100 usbohci - ok
10:40:42.0906 6100 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:40:42.0938 6100 usbprint - ok
10:40:42.0953 6100 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:40:42.0969 6100 usbscan - ok
10:40:42.0984 6100 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:40:43.0031 6100 USBSTOR - ok
10:40:43.0047 6100 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:40:43.0078 6100 usbuhci - ok
10:40:43.0094 6100 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:40:43.0140 6100 UxSms - ok
10:40:43.0172 6100 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:40:43.0187 6100 VaultSvc - ok
10:40:43.0218 6100 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:40:43.0234 6100 vdrvroot - ok
10:40:43.0250 6100 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:40:43.0312 6100 vds - ok
10:40:43.0343 6100 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:40:43.0343 6100 vga - ok
10:40:43.0374 6100 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:40:43.0421 6100 VgaSave - ok
10:40:43.0437 6100 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:40:43.0452 6100 vhdmp - ok
10:40:43.0468 6100 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:40:43.0484 6100 viaide - ok
10:40:43.0515 6100 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:40:43.0530 6100 volmgr - ok
10:40:43.0546 6100 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:40:43.0546 6100 volmgrx - ok
10:40:43.0562 6100 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
10:40:43.0577 6100 volsnap - ok
10:40:43.0749 6100 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:40:44.0014 6100 vsmraid - ok
10:40:44.0232 6100 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:40:44.0310 6100 VSS - ok
10:40:44.0310 6100 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:40:44.0342 6100 vwifibus - ok
10:40:44.0357 6100 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:40:44.0388 6100 vwififlt - ok
10:40:44.0420 6100 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:40:44.0466 6100 W32Time - ok
10:40:44.0482 6100 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:40:44.0498 6100 WacomPen - ok
10:40:44.0529 6100 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:40:44.0576 6100 WANARP - ok
10:40:44.0576 6100 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:40:44.0591 6100 Wanarpv6 - ok
10:40:44.0638 6100 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:40:44.0685 6100 WatAdminSvc - ok
10:40:44.0732 6100 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:40:44.0810 6100 wbengine - ok
10:40:44.0825 6100 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:40:44.0856 6100 WbioSrvc - ok
10:40:44.0872 6100 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:40:44.0903 6100 wcncsvc - ok
10:40:44.0919 6100 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:40:44.0950 6100 WcsPlugInService - ok
10:40:44.0966 6100 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:40:44.0966 6100 Wd - ok
10:40:44.0997 6100 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:40:45.0012 6100 Wdf01000 - ok
10:40:45.0028 6100 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:40:45.0106 6100 WdiServiceHost - ok
10:40:45.0106 6100 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:40:45.0122 6100 WdiSystemHost - ok
10:40:45.0137 6100 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:40:45.0168 6100 WebClient - ok
10:40:45.0200 6100 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:40:45.0246 6100 Wecsvc - ok
10:40:45.0262 6100 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:40:45.0278 6100 wercplsupport - ok
10:40:45.0309 6100 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:40:45.0356 6100 WerSvc - ok
10:40:45.0387 6100 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:40:45.0402 6100 WfpLwf - ok
10:40:45.0434 6100 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:40:45.0434 6100 WIMMount - ok
10:40:45.0449 6100 WinDefend - ok
10:40:45.0449 6100 WinHttpAutoProxySvc - ok
10:40:45.0496 6100 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:40:45.0512 6100 Winmgmt - ok
10:40:45.0558 6100 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:40:45.0621 6100 WinRM - ok
10:40:45.0652 6100 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:40:45.0668 6100 Wlansvc - ok
10:40:45.0730 6100 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:40:45.0746 6100 wlcrasvc - ok
10:40:45.0808 6100 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:40:45.0839 6100 wlidsvc - ok
10:40:45.0886 6100 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:40:45.0902 6100 WmiAcpi - ok
10:40:45.0933 6100 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:40:45.0964 6100 wmiApSrv - ok
10:40:45.0980 6100 WMPNetworkSvc - ok
10:40:45.0995 6100 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:40:46.0011 6100 WPCSvc - ok
10:40:46.0026 6100 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:40:46.0557 6100 WPDBusEnum - ok
10:40:46.0572 6100 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:40:46.0619 6100 ws2ifsl - ok
10:40:46.0635 6100 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:40:46.0650 6100 wscsvc - ok
10:40:46.0650 6100 WSearch - ok
10:40:46.0697 6100 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:40:46.0791 6100 wuauserv - ok
10:40:46.0806 6100 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:40:46.0838 6100 WudfPf - ok
10:40:46.0853 6100 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:40:46.0884 6100 WUDFRd - ok
10:40:46.0900 6100 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:40:46.0916 6100 wudfsvc - ok
10:40:46.0931 6100 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:40:46.0962 6100 WwanSvc - ok
10:40:46.0994 6100 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
10:40:47.0025 6100 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:40:47.0025 6100 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:40:47.0056 6100 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:40:47.0056 6100 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:40:47.0087 6100 Boot (0x1200) (ff7986750488392653084bae0a414e90) \Device\Harddisk0\DR0\Partition0
10:40:47.0087 6100 \Device\Harddisk0\DR0\Partition0 - ok
10:40:47.0087 6100 Boot (0x1200) (bce44d81d8ca8e17b546a9e308264b10) \Device\Harddisk0\DR0\Partition1
10:40:47.0087 6100 \Device\Harddisk0\DR0\Partition1 - ok
10:40:47.0118 6100 Boot (0x1200) (b26002cf8cf7f6bbd928a2e51f61a86e) \Device\Harddisk0\DR0\Partition2
10:40:47.0118 6100 \Device\Harddisk0\DR0\Partition2 - ok
10:40:47.0118 6100 ============================================================
10:40:47.0118 6100 Scan finished
10:40:47.0118 6100 ============================================================
10:40:47.0134 3820 Detected object count: 3
10:40:47.0134 3820 Actual detected object count: 3
10:41:58.0052 3820 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:41:58.0052 3820 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:41:58.0083 3820 \Device\Harddisk0\DR0\# - copied to quarantine
10:41:58.0083 3820 \Device\Harddisk0\DR0 - copied to quarantine
10:41:58.0114 3820 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:41:58.0114 3820 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
10:41:58.0145 3820 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
10:41:58.0145 3820 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
10:41:58.0145 3820 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
10:41:58.0145 3820 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
10:41:58.0145 3820 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
10:41:58.0161 3820 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
10:41:58.0161 3820 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
10:41:58.0161 3820 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:41:58.0161 3820 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
10:41:58.0161 3820 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:41:58.0161 3820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
10:41:58.0161 3820 \Device\Harddisk0\DR0 - ok
10:41:58.0270 3820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
10:41:58.0286 3820 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:41:58.0301 3820 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
10:41:58.0301 3820 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
10:41:58.0317 3820 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
10:41:58.0317 3820 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
10:41:58.0317 3820 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
10:41:58.0317 3820 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
10:41:58.0332 3820 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
10:41:58.0332 3820 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
10:41:58.0332 3820 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:41:58.0332 3820 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
10:41:58.0332 3820 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:41:58.0332 3820 \Device\Harddisk0\DR0\TDLFS - deleted
10:41:58.0332 3820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
10:42:29.0782 3596 Deinitialize success

[MrCharlie]

Good.....TDSSKiller found the rootkit.

Next......

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

[momofthree]

ComboFix 12-04-22.01 - Cindy 04/22/2012 11:13:20.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6089 [GMT -4:00]

Running from: c:\users\Cindy\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))

.

.

2012-04-22 15:17 . 2012-04-22 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-22 15:09 . 2012-04-22 15:15 -------- d-----w- c:\users\Cindy\AppData\Roaming\Free Download Manager

2012-04-22 15:09 . 2012-04-22 15:09 -------- d-----w- c:\program files (x86)\Free Download Manager

2012-04-22 15:09 . 2012-04-22 15:09 -------- d-----w- c:\program files (x86)\PC Speed Maximizer

2012-04-22 15:08 . 2012-04-22 15:08 -------- d-----w- c:\users\Cindy\AppData\Local\Google

2012-04-22 15:08 . 2012-04-22 15:08 -------- d-----w- c:\users\Cindy\AppData\Local\I Want This

2012-04-22 15:08 . 2012-04-22 15:08 -------- d-----w- c:\program files (x86)\I Want This

2012-04-22 15:08 . 2012-04-22 15:09 -------- d-----w- c:\users\Cindy\AppData\Local\antiphishing-vmninternethelper1_1dn

2012-04-22 15:08 . 2012-04-22 15:08 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor

2012-04-22 15:08 . 2012-04-22 15:08 -------- d-----w- c:\programdata\blekko toolbars

2012-04-22 15:08 . 2012-04-22 15:08 -------- d-----w- c:\program files (x86)\blekkotb_soc

2012-04-22 14:41 . 2012-04-22 14:41 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-22 02:13 . 2012-04-22 02:14 -------- d-----w- c:\users\Cindy\AppData\Local\Windows Live Writer

2012-04-22 02:13 . 2012-04-22 02:13 -------- d-----w- c:\users\Cindy\AppData\Roaming\Windows Live Writer

2012-04-22 00:05 . 2012-04-22 00:05 -------- d-----w- c:\users\Cindy\AppData\Roaming\SUPERAntiSpyware.com

2012-04-22 00:05 . 2012-04-22 02:34 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-04-22 00:05 . 2012-04-22 00:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-04-19 08:23 . 2012-04-19 08:23 -------- d-----w- c:\programdata\LSI

2012-04-16 16:02 . 2012-04-16 16:02 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\C3DB.tmp

2012-04-16 16:02 . 2012-04-16 16:02 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\C3CB.tmp

2012-04-11 07:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 07:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 07:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 07:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-11 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 19:56 . 2012-02-02 22:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-23 13:49 . 2012-01-09 22:16 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-03-06 15:18 . 2012-03-06 15:18 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin

2012-02-28 20:41 . 2012-02-28 20:41 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2012-02-28 20:41 . 2012-02-28 20:41 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-02-28 20:41 . 2012-02-28 20:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-02-28 20:41 . 2012-02-28 20:41 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-02-19 15:02 . 2011-08-12 20:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-19 03:20 . 2012-02-19 03:20 471 ----a-w- c:\program files (x86)\0218201222205025.bat

2012-02-18 03:27 . 2012-02-18 03:27 494 ----a-w- c:\program files (x86)\0217201222275287.bat

2012-02-17 06:38 . 2012-03-14 13:50 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 13:50 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 13:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 13:50 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-13 03:14 . 2012-02-13 03:14 499 ----a-w- c:\program files (x86)\0212201222142977.bat

2012-02-10 06:36 . 2012-03-14 13:50 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 13:50 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-10 02:51 . 2012-02-10 02:51 467 ----a-w- c:\program files (x86)\0209201221514409.bat

2012-02-03 04:34 . 2012-03-14 13:50 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 06:38 . 2012-03-14 13:50 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 06:38 . 2012-03-14 13:50 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 06:33 . 2012-03-14 13:50 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2011-12-07 03:29 . 2011-12-07 03:29 493 ----a-w- c:\program files (x86)\1206201122295228.bat

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}]

2012-03-14 19:42 85288 ----a-w- c:\program files (x86)\blekkotb_soc\blekkotb_019X.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}"= "c:\program files (x86)\blekkotb_soc\blekkotb_019X.dll" [2012-03-14 85288]

.

[HKEY_CLASSES_ROOT\clsid\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]

"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2011-12-28 6148096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-01 336384]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-05 658424]

"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]

"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]

"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [x]

R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]

R3 rstescu1;rstescu1;c:\windows\system32\drivers\rstescu1.sys [x]

R3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [x]

R3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]

S0 megasas2;megasas2;c:\windows\system32\drivers\megasas2.sys [x]

S0 rsteahci;rsteahci;c:\windows\system32\drivers\rsteahci.sys [x]

S0 rstescu;rstescu;c:\windows\system32\drivers\rstescu.sys [x]

S0 rstfltr;rstfltr;c:\windows\system32\drivers\rstfltr.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120420.001\IDSvia64.sys [2012-03-06 488568]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-05 1128952]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-22 c:\windows\Tasks\HPCeeScheduleForCindy.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=20120422712B436E863179BE91014C30&tbp=homepage

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-PC Speed Maximizer - c:\program files (x86)\PC Speed Maximizer\SPMStarter.exe

Wow6432Node-HKCU-Run-SPMTray - c:\program files (x86)\PC Speed Maximizer\SPMTray.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-22 11:18:14

ComboFix-quarantined-files.txt 2012-04-22 15:18

.

Pre-Run: 858,921,136,128 bytes free

Post-Run: 858,930,081,792 bytes free

.

- - End Of File - - 9A07D217232A0C61E3975A0236DF2AF0

[momofthree]

I ran my malwarebytes and the virus is gone. I have rebooted several times and it is still gone Thank you!!!

[MrCharlie]

OK, we have a little clean up to do.


Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panel > Java > Update Tab > Update Now


Java™ 6 Update 30 <---should be Java™ 6 Update 31.


http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!