momofthree Posted April 19, 2012 ID:544152 Share Posted April 19, 2012 My Malware keeps blocking an outgoing threat. Its coming from IP address 206.161.121.5 and coming from Port: svchost.exeI have run my Malware and it sees it but when I reboot to have it removed it comes right back. I am not very tech savvy so please bear with me.Attach.txtDDS.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 20, 2012 ID:544504 Share Posted April 20, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system (don't run any other options)Post back the report.MrC Link to post Share on other sites More sharing options...
momofthree Posted April 21, 2012 Author ID:544774 Share Posted April 21, 2012 I'm trying to run the Roguekiller but my computer keeps stopping it. I have turned off my SmartScreen Filter and my Norton security but windows keeps stopping it. What else do I need to turn off to run this program? Link to post Share on other sites More sharing options...
MrCharlie Posted April 21, 2012 ID:544776 Share Posted April 21, 2012 Can you disable it?Information on disabling your malware programs can be found Here.MrC Link to post Share on other sites More sharing options...
momofthree Posted April 22, 2012 Author ID:544867 Share Posted April 22, 2012 Thank you for bearing with me. I really don't know what else to disable. I have gone into my security folder and made sure everything has been disabled. The pop up that I get is that Roguekiller has stopped working correctly and windows willl close the problem. I'm not sure what I am doing wrong. I can get it to come up but once it starts to scan my computer I get that pop up. I'm sorry I'm not really tech savvy but I am trying. I just don't know what else to do. I don't know what else to disable or what is causing the problem. Thank you for taking the time to help me out. Link to post Share on other sites More sharing options...
MrCharlie Posted April 22, 2012 ID:544887 Share Posted April 22, 2012 See post below, MrC Link to post Share on other sites More sharing options...
MrCharlie Posted April 22, 2012 ID:544888 Share Posted April 22, 2012 Try renaming it to userinit.exe or abc.com, if it still won't run just do this.....---------------------------------Please make sure system restore is running and create a new restore point before continuing.Please download and run TDSSKiller to your desktop as outlined below:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.-------------------------Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.------------------------Click the Start Scan button.-----------------------If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.----------------------If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.--------------------A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply. MrC Link to post Share on other sites More sharing options...
momofthree Posted April 22, 2012 Author ID:544942 Share Posted April 22, 2012 10:35:39.0127 5304 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:4710:35:39.0423 5304 ============================================================10:35:39.0423 5304 Current date / time: 2012/04/22 10:35:39.042310:35:39.0423 5304 SystemInfo:10:35:39.0423 5304 10:35:39.0423 5304 OS Version: 6.1.7601 ServicePack: 1.010:35:39.0423 5304 Product type: Workstation10:35:39.0423 5304 ComputerName: CINDY-HP10:35:39.0423 5304 UserName: Cindy10:35:39.0423 5304 Windows directory: C:\Windows10:35:39.0423 5304 System windows directory: C:\Windows10:35:39.0423 5304 Running under WOW6410:35:39.0423 5304 Processor architecture: Intel x6410:35:39.0423 5304 Number of processors: 810:35:39.0423 5304 Page size: 0x100010:35:39.0423 5304 Boot type: Normal boot10:35:39.0423 5304 ============================================================10:35:39.0845 5304 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004010:35:39.0845 5304 \Device\Harddisk0\DR0:10:35:39.0845 5304 MBR partitions:10:35:39.0845 5304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200010:35:39.0845 5304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72EE180010:35:39.0845 5304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72F14000, BlocksNum 0x17F200010:35:39.0876 5304 C: <-> \Device\Harddisk0\DR0\Partition110:35:39.0923 5304 D: <-> \Device\Harddisk0\DR0\Partition210:35:39.0923 5304 Initialize success10:35:39.0923 5304 ============================================================10:40:11.0363 6100 ============================================================10:40:11.0363 6100 Scan started10:40:11.0363 6100 Mode: Manual; SigCheck; TDLFS; 10:40:11.0363 6100 ============================================================10:40:11.0566 6100 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE10:40:11.0613 6100 !SASCORE - ok10:40:12.0439 6100 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys10:40:13.0235 6100 1394ohci - ok10:40:13.0313 6100 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe10:40:13.0344 6100 ACDaemon - ok10:40:13.0407 6100 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys10:40:13.0438 6100 ACPI - ok10:40:13.0453 6100 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys10:40:13.0500 6100 AcpiPmi - ok10:40:13.0594 6100 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe10:40:13.0609 6100 AdobeARMservice - ok10:40:13.0641 6100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys10:40:13.0656 6100 adp94xx - ok10:40:13.0687 6100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys10:40:13.0719 6100 adpahci - ok10:40:13.0734 6100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys10:40:13.0750 6100 adpu320 - ok10:40:13.0781 6100 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll10:40:13.0828 6100 AeLookupSvc - ok10:40:13.0875 6100 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys10:40:13.0921 6100 AFD - ok10:40:13.0953 6100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys10:40:13.0968 6100 agp440 - ok10:40:13.0999 6100 ahcix64s (a31f4d7c3243341e06155d1ac09a7e98) C:\Windows\system32\drivers\ahcix64s.sys10:40:14.0015 6100 ahcix64s - ok10:40:14.0031 6100 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe10:40:14.0062 6100 ALG - ok10:40:14.0093 6100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys10:40:14.0109 6100 aliide - ok10:40:14.0140 6100 AMD External Events Utility (998021e7c3de3e97e441abace498ffb6) C:\Windows\system32\atiesrxx.exe10:40:14.0187 6100 AMD External Events Utility - ok10:40:14.0233 6100 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\drivers\amdhub30.sys10:40:14.0233 6100 amdhub30 - ok10:40:14.0249 6100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys10:40:14.0265 6100 amdide - ok10:40:14.0296 6100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys10:40:14.0311 6100 AmdK8 - ok10:40:14.0467 6100 amdkmdag (250d5b746fff9b7d88591ee60b63b3e4) C:\Windows\system32\DRIVERS\atikmdag.sys10:40:14.0639 6100 amdkmdag - ok10:40:14.0655 6100 amdkmdap (781daec0c3e63950cca53d193582f2e8) C:\Windows\system32\DRIVERS\atikmpag.sys10:40:14.0670 6100 amdkmdap - ok10:40:14.0717 6100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys10:40:14.0748 6100 AmdPPM - ok10:40:14.0795 6100 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys10:40:14.0811 6100 amdsata - ok10:40:14.0857 6100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys10:40:14.0873 6100 amdsbs - ok10:40:14.0889 6100 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys10:40:14.0904 6100 amdxata - ok10:40:14.0935 6100 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\drivers\amdxhc.sys10:40:14.0951 6100 amdxhc - ok10:40:15.0013 6100 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\drivers\amd_sata.sys10:40:15.0029 6100 amd_sata - ok10:40:15.0045 6100 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\drivers\amd_xata.sys10:40:15.0045 6100 amd_xata - ok10:40:15.0076 6100 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys10:40:15.0185 6100 AppID - ok10:40:15.0216 6100 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll10:40:15.0341 6100 AppIDSvc - ok10:40:15.0637 6100 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll10:40:15.0715 6100 Appinfo - ok10:40:15.0762 6100 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys10:40:15.0778 6100 arc - ok10:40:15.0809 6100 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys10:40:15.0825 6100 arcsas - ok10:40:15.0871 6100 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys10:40:15.0871 6100 ArcSoftKsUFilter - ok10:40:15.0949 6100 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe10:40:15.0981 6100 aspnet_state - ok10:40:16.0012 6100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys10:40:16.0059 6100 AsyncMac - ok10:40:16.0105 6100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys10:40:16.0105 6100 atapi - ok10:40:16.0137 6100 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys10:40:16.0152 6100 AtiHDAudioService - ok10:40:16.0199 6100 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll10:40:16.0261 6100 AudioEndpointBuilder - ok10:40:16.0261 6100 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll10:40:16.0293 6100 AudioSrv - ok10:40:16.0308 6100 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll10:40:16.0371 6100 AxInstSV - ok10:40:16.0402 6100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys10:40:16.0433 6100 b06bdrv - ok10:40:16.0480 6100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys10:40:16.0511 6100 b57nd60a - ok10:40:16.0558 6100 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE10:40:16.0573 6100 BBSvc - ok10:40:16.0651 6100 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys10:40:16.0698 6100 BCM43XX - ok10:40:16.0714 6100 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll10:40:16.0729 6100 BDESVC - ok10:40:16.0745 6100 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys10:40:16.0807 6100 Beep - ok10:40:16.0854 6100 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll10:40:16.0901 6100 BFE - ok10:40:17.0026 6100 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120413.001\BHDrvx64.sys10:40:17.0057 6100 BHDrvx64 - ok10:40:17.0088 6100 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll10:40:17.0166 6100 BITS - ok10:40:17.0197 6100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys10:40:17.0213 6100 blbdrive - ok10:40:17.0229 6100 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys10:40:17.0260 6100 bowser - ok10:40:17.0291 6100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys10:40:17.0307 6100 BrFiltLo - ok10:40:17.0322 6100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys10:40:17.0338 6100 BrFiltUp - ok10:40:17.0353 6100 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll10:40:17.0416 6100 Browser - ok10:40:17.0447 6100 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys10:40:17.0494 6100 Brserid - ok10:40:17.0509 6100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys10:40:17.0541 6100 BrSerWdm - ok10:40:17.0572 6100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys10:40:17.0587 6100 BrUsbMdm - ok10:40:17.0619 6100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys10:40:17.0728 6100 BrUsbSer - ok10:40:18.0087 6100 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe10:40:18.0102 6100 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning10:40:18.0102 6100 BrYNSvc - detected UnsignedFile.Multi.Generic (1)10:40:18.0133 6100 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys10:40:18.0165 6100 BthEnum - ok10:40:18.0196 6100 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys10:40:18.0227 6100 BTHMODEM - ok10:40:18.0243 6100 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys10:40:18.0274 6100 BthPan - ok10:40:18.0289 6100 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys10:40:18.0321 6100 BTHPORT - ok10:40:18.0367 6100 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll10:40:18.0414 6100 bthserv - ok10:40:18.0445 6100 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys10:40:18.0477 6100 BTHUSB - ok10:40:18.0523 6100 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys10:40:18.0539 6100 BTWAMPFL - ok10:40:18.0570 6100 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\Windows\system32\drivers\btwaudio.sys10:40:18.0586 6100 btwaudio - ok10:40:18.0633 6100 btwavdt (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys10:40:18.0648 6100 btwavdt - ok10:40:18.0711 6100 btwdins (1ad3a2baf31c4327dcbb2b0eca4a23bb) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe10:40:18.0742 6100 btwdins - ok10:40:18.0773 6100 btwl2cap (346b4051b3d7ff70e8f027869b8eca6e) C:\Windows\system32\DRIVERS\btwl2cap.sys10:40:18.0773 6100 btwl2cap - ok10:40:18.0804 6100 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys10:40:18.0820 6100 btwrchid - ok10:40:18.0898 6100 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys10:40:18.0913 6100 ccSet_NIS - ok10:40:18.0929 6100 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys10:40:18.0976 6100 cdfs - ok10:40:19.0007 6100 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys10:40:19.0023 6100 cdrom - ok10:40:19.0069 6100 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll10:40:19.0116 6100 CertPropSvc - ok10:40:19.0147 6100 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys10:40:19.0163 6100 circlass - ok10:40:19.0194 6100 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys10:40:19.0210 6100 CLFS - ok10:40:19.0272 6100 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe10:40:19.0288 6100 clr_optimization_v2.0.50727_32 - ok10:40:19.0335 6100 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe10:40:19.0350 6100 clr_optimization_v2.0.50727_64 - ok10:40:19.0397 6100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe10:40:19.0428 6100 clr_optimization_v4.0.30319_32 - ok10:40:19.0459 6100 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe10:40:19.0491 6100 clr_optimization_v4.0.30319_64 - ok10:40:19.0522 6100 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys10:40:19.0553 6100 CmBatt - ok10:40:19.0569 6100 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys10:40:19.0584 6100 cmdide - ok10:40:19.0615 6100 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys10:40:19.0647 6100 CNG - ok10:40:19.0678 6100 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys10:40:19.0693 6100 Compbatt - ok10:40:19.0725 6100 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys10:40:19.0756 6100 CompositeBus - ok10:40:19.0771 6100 COMSysApp - ok10:40:19.0787 6100 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys10:40:19.0803 6100 crcdisk - ok10:40:19.0834 6100 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll10:40:19.0896 6100 CryptSvc - ok10:40:19.0927 6100 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys10:40:19.0943 6100 dc3d - ok10:40:20.0021 6100 DCamUSBNovatek (87a70750325afc300f0977dc3137a350) C:\Windows\system32\Drivers\nvtcam.sys10:40:20.0442 6100 DCamUSBNovatek - ok10:40:20.0505 6100 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll10:40:20.0567 6100 DcomLaunch - ok10:40:20.0598 6100 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll10:40:20.0645 6100 defragsvc - ok10:40:20.0676 6100 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys10:40:20.0707 6100 DfsC - ok10:40:20.0723 6100 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll10:40:20.0785 6100 Dhcp - ok10:40:20.0848 6100 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys10:40:20.0895 6100 discache - ok10:40:20.0910 6100 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys10:40:20.0910 6100 Disk - ok10:40:20.0941 6100 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll10:40:20.0973 6100 Dnscache - ok10:40:20.0988 6100 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll10:40:21.0035 6100 dot3svc - ok10:40:21.0051 6100 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll10:40:21.0097 6100 DPS - ok10:40:21.0129 6100 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys10:40:21.0160 6100 drmkaud - ok10:40:21.0191 6100 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys10:40:21.0207 6100 DXGKrnl - ok10:40:21.0222 6100 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll10:40:21.0253 6100 EapHost - ok10:40:21.0331 6100 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys10:40:21.0425 6100 ebdrv - ok10:40:21.0503 6100 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys10:40:21.0519 6100 eeCtrl - ok10:40:21.0565 6100 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe10:40:21.0612 6100 EFS - ok10:40:21.0659 6100 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe10:40:21.0706 6100 ehRecvr - ok10:40:21.0706 6100 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe10:40:21.0737 6100 ehSched - ok10:40:21.0768 6100 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys10:40:21.0784 6100 elxstor - ok10:40:21.0815 6100 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys10:40:21.0831 6100 EraserUtilRebootDrv - ok10:40:21.0862 6100 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys10:40:21.0877 6100 ErrDev - ok10:40:21.0909 6100 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll10:40:21.0955 6100 EventSystem - ok10:40:22.0002 6100 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys10:40:22.0049 6100 exfat - ok10:40:22.0065 6100 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys10:40:22.0111 6100 fastfat - ok10:40:22.0143 6100 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe10:40:22.0158 6100 Fax - ok10:40:22.0189 6100 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys10:40:22.0189 6100 fdc - ok10:40:22.0221 6100 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll10:40:22.0267 6100 fdPHost - ok10:40:22.0283 6100 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll10:40:22.0299 6100 FDResPub - ok10:40:22.0330 6100 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys10:40:22.0330 6100 FileInfo - ok10:40:22.0345 6100 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys10:40:22.0361 6100 Filetrace - ok10:40:22.0392 6100 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys10:40:22.0392 6100 flpydisk - ok10:40:22.0423 6100 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys10:40:22.0423 6100 FltMgr - ok10:40:23.0079 6100 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll10:40:23.0110 6100 FontCache - ok10:40:23.0172 6100 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe10:40:23.0188 6100 FontCache3.0.0.0 - ok10:40:23.0235 6100 FPLService (71cdc1d7f58d5ec49ebc2e2332ad3fae) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe10:40:23.0250 6100 FPLService - ok10:40:23.0281 6100 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys10:40:23.0297 6100 FsDepends - ok10:40:23.0344 6100 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys10:40:23.0359 6100 Fs_Rec - ok10:40:23.0375 6100 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys10:40:23.0391 6100 fvevol - ok10:40:23.0422 6100 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys10:40:23.0422 6100 gagp30kx - ok10:40:23.0484 6100 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe10:40:23.0500 6100 GamesAppService - ok10:40:23.0547 6100 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll10:40:23.0578 6100 gpsvc - ok10:40:23.0609 6100 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys10:40:23.0625 6100 hcw85cir - ok10:40:23.0671 6100 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys10:40:23.0703 6100 HdAudAddService - ok10:40:23.0734 6100 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys10:40:23.0749 6100 HDAudBus - ok10:40:23.0781 6100 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys10:40:23.0796 6100 HidBatt - ok10:40:23.0812 6100 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys10:40:23.0843 6100 HidBth - ok10:40:23.0874 6100 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys10:40:23.0890 6100 HidIr - ok10:40:23.0921 6100 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll10:40:23.0968 6100 hidserv - ok10:40:23.0983 6100 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys10:40:23.0999 6100 HidUsb - ok10:40:24.0015 6100 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll10:40:24.0061 6100 hkmsvc - ok10:40:24.0093 6100 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll10:40:24.0124 6100 HomeGroupListener - ok10:40:24.0139 6100 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll10:40:24.0155 6100 HomeGroupProvider - ok10:40:24.0233 6100 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe10:40:24.0249 6100 HP Support Assistant Service - ok10:40:24.0295 6100 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe10:40:24.0311 6100 HPClientSvc - ok10:40:24.0342 6100 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe10:40:24.0358 6100 HPDrvMntSvc.exe - ok10:40:24.0373 6100 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe10:40:24.0405 6100 hpqwmiex - ok10:40:24.0451 6100 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys10:40:24.0467 6100 HpSAMD - ok10:40:24.0498 6100 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys10:40:24.0561 6100 HTTP - ok10:40:24.0576 6100 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys10:40:24.0576 6100 hwpolicy - ok10:40:24.0607 6100 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys10:40:24.0623 6100 i8042prt - ok10:40:24.0670 6100 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys10:40:24.0685 6100 iaStor - ok10:40:24.0717 6100 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys10:40:24.0748 6100 iaStorV - ok10:40:24.0810 6100 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe10:40:24.0841 6100 idsvc - ok10:40:24.0966 6100 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120420.001\IDSvia64.sys10:40:24.0982 6100 IDSVia64 - ok10:40:25.0668 6100 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys10:40:25.0824 6100 igfx - ok10:40:25.0871 6100 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys10:40:25.0887 6100 iirsp - ok10:40:25.0918 6100 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll10:40:25.0980 6100 IKEEXT - ok10:40:26.0058 6100 IntcAzAudAddService (c7124da48e557d8f88d0d7f1254557f4) C:\Windows\system32\drivers\RTKVHD64.sys10:40:26.0105 6100 IntcAzAudAddService - ok10:40:26.0121 6100 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys10:40:26.0136 6100 intelide - ok10:40:26.0167 6100 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys10:40:26.0183 6100 intelppm - ok10:40:26.0199 6100 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll10:40:26.0245 6100 IPBusEnum - ok10:40:26.0261 6100 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys10:40:26.0292 6100 IpFilterDriver - ok10:40:26.0339 6100 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll10:40:26.0401 6100 iphlpsvc - ok10:40:26.0417 6100 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys10:40:26.0417 6100 IPMIDRV - ok10:40:26.0448 6100 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys10:40:26.0464 6100 IPNAT - ok10:40:26.0479 6100 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys10:40:26.0479 6100 IRENUM - ok10:40:26.0511 6100 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys10:40:26.0526 6100 isapnp - ok10:40:26.0542 6100 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys10:40:26.0557 6100 iScsiPrt - ok10:40:26.0620 6100 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe10:40:26.0635 6100 jhi_service - ok10:40:26.0667 6100 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys10:40:26.0682 6100 kbdclass - ok10:40:26.0729 6100 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys10:40:26.0745 6100 kbdhid - ok10:40:26.0776 6100 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe10:40:26.0791 6100 KeyIso - ok10:40:26.0807 6100 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys10:40:26.0823 6100 KSecDD - ok10:40:26.0854 6100 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys10:40:26.0869 6100 KSecPkg - ok10:40:26.0885 6100 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys10:40:26.0916 6100 ksthunk - ok10:40:26.0963 6100 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll10:40:26.0994 6100 KtmRm - ok10:40:27.0025 6100 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll10:40:27.0057 6100 LanmanServer - ok10:40:27.0088 6100 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll10:40:27.0103 6100 LanmanWorkstation - ok10:40:27.0275 6100 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe10:40:27.0400 6100 LeapFrog Connect Device Service - ok10:40:27.0462 6100 LeapFrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\Windows\system32\DRIVERS\btblan.sys10:40:27.0478 6100 LeapFrog-USBLAN - ok10:40:27.0509 6100 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys10:40:27.0571 6100 lltdio - ok10:40:27.0993 6100 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll10:40:28.0024 6100 lltdsvc - ok10:40:28.0055 6100 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll10:40:28.0071 6100 lmhosts - ok10:40:28.0086 6100 LMS (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe10:40:28.0102 6100 LMS - ok10:40:28.0117 6100 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys10:40:28.0133 6100 LSI_FC - ok10:40:28.0164 6100 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys10:40:28.0180 6100 LSI_SAS - ok10:40:28.0195 6100 LSI_SAS2 (b36dcc1517afc724c3cad4d0dcccabec) C:\Windows\system32\drivers\lsi_sas2.sys10:40:28.0211 6100 LSI_SAS2 - ok10:40:28.0227 6100 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys10:40:28.0242 6100 LSI_SCSI - ok10:40:28.0273 6100 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys10:40:28.0320 6100 luafv - ok10:40:28.0367 6100 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys10:40:28.0367 6100 MBAMProtector - ok10:40:28.0461 6100 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe10:40:28.0476 6100 MBAMService - ok10:40:28.0492 6100 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll10:40:28.0507 6100 Mcx2Svc - ok10:40:28.0523 6100 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys10:40:28.0523 6100 megasas - ok10:40:28.0554 6100 megasas2 (5e886be4014cf9082054acb2c02aeffd) C:\Windows\system32\drivers\megasas2.sys10:40:28.0570 6100 megasas2 - ok10:40:28.0585 6100 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys10:40:28.0601 6100 MegaSR - ok10:40:28.0617 6100 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys10:40:28.0617 6100 MEIx64 - ok10:40:28.0695 6100 MemeoBackgroundService (671a03ca9cd0259ccbb7b78a9ce234ec) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe10:40:28.0695 6100 MemeoBackgroundService - ok10:40:28.0710 6100 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll10:40:28.0773 6100 MMCSS - ok10:40:28.0788 6100 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys10:40:28.0819 6100 Modem - ok10:40:28.0851 6100 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys10:40:28.0866 6100 monitor - ok10:40:28.0897 6100 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys10:40:28.0913 6100 mouclass - ok10:40:28.0929 6100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys10:40:28.0944 6100 mouhid - ok10:40:28.0975 6100 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys10:40:28.0991 6100 mountmgr - ok10:40:29.0007 6100 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys10:40:29.0022 6100 mpio - ok10:40:29.0038 6100 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys10:40:29.0085 6100 mpsdrv - ok10:40:29.0116 6100 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll10:40:29.0131 6100 MpsSvc - ok10:40:29.0163 6100 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys10:40:29.0194 6100 MRxDAV - ok10:40:29.0209 6100 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys10:40:29.0225 6100 mrxsmb - ok10:40:29.0241 6100 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys10:40:29.0272 6100 mrxsmb10 - ok10:40:29.0287 6100 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys10:40:29.0303 6100 mrxsmb20 - ok10:40:29.0319 6100 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys10:40:29.0334 6100 msahci - ok10:40:29.0365 6100 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys10:40:29.0365 6100 msdsm - ok10:40:29.0397 6100 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe10:40:29.0412 6100 MSDTC - ok10:40:29.0443 6100 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys10:40:29.0490 6100 Msfs - ok10:40:29.0506 6100 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys10:40:29.0521 6100 mshidkmdf - ok10:40:29.0537 6100 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys10:40:29.0537 6100 msisadrv - ok10:40:29.0568 6100 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll10:40:29.0615 6100 MSiSCSI - ok10:40:29.0615 6100 msiserver - ok10:40:29.0646 6100 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys10:40:29.0693 6100 MSKSSRV - ok10:40:29.0709 6100 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys10:40:29.0724 6100 MSPCLOCK - ok10:40:29.0740 6100 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys10:40:29.0771 6100 MSPQM - ok10:40:29.0787 6100 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys10:40:29.0802 6100 MsRPC - ok10:40:29.0818 6100 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys10:40:29.0833 6100 mssmbios - ok10:40:30.0348 6100 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys10:40:30.0395 6100 MSTEE - ok10:40:30.0426 6100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys10:40:30.0426 6100 MTConfig - ok10:40:30.0442 6100 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys10:40:30.0442 6100 Mup - ok10:40:30.0473 6100 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll10:40:30.0535 6100 napagent - ok10:40:30.0567 6100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys10:40:30.0582 6100 NativeWifiP - ok10:40:30.0723 6100 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120421.017\ENG64.SYS10:40:30.0738 6100 NAVENG - ok10:40:30.0816 6100 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120421.017\EX64.SYS10:40:30.0847 6100 NAVEX15 - ok10:40:30.0894 6100 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys10:40:30.0925 6100 NDIS - ok10:40:30.0957 6100 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys10:40:30.0972 6100 NdisCap - ok10:40:31.0003 6100 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys10:40:31.0050 6100 NdisTapi - ok10:40:31.0066 6100 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys10:40:31.0081 6100 Ndisuio - ok10:40:31.0144 6100 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys10:40:31.0206 6100 NdisWan - ok10:40:31.0222 6100 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys10:40:31.0237 6100 NDProxy - ok10:40:31.0269 6100 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys10:40:31.0284 6100 NetBIOS - ok10:40:31.0315 6100 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys10:40:31.0331 6100 NetBT - ok10:40:31.0362 6100 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe10:40:31.0378 6100 Netlogon - ok10:40:31.0440 6100 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll10:40:31.0471 6100 Netman - ok10:40:31.0549 6100 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe10:40:31.0565 6100 NetMsmqActivator - ok10:40:31.0565 6100 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe10:40:31.0581 6100 NetPipeActivator - ok10:40:31.0612 6100 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll10:40:31.0659 6100 netprofm - ok10:40:31.0659 6100 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe10:40:31.0659 6100 NetTcpActivator - ok10:40:31.0659 6100 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe10:40:31.0674 6100 NetTcpPortSharing - ok10:40:31.0690 6100 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys10:40:31.0705 6100 nfrd960 - ok10:40:31.0768 6100 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe10:40:31.0783 6100 NIS - ok10:40:31.0815 6100 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll10:40:31.0861 6100 NlaSvc - ok10:40:31.0877 6100 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys10:40:31.0893 6100 Npfs - ok10:40:31.0893 6100 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll10:40:31.0939 6100 nsi - ok10:40:31.0939 6100 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys10:40:31.0971 6100 nsiproxy - ok10:40:32.0033 6100 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys10:40:32.0095 6100 Ntfs - ok10:40:32.0111 6100 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys10:40:32.0127 6100 Null - ok10:40:32.0142 6100 nusb3hub (c25cc69829e976c67b34152334eeddd1) C:\Windows\system32\drivers\nusb3hub.sys10:40:32.0158 6100 nusb3hub - ok10:40:32.0626 6100 nusb3xhc (20bc4b57a6dba0447adb3b623c200f8e) C:\Windows\system32\drivers\nusb3xhc.sys10:40:32.0673 6100 nusb3xhc - ok10:40:32.0719 6100 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys10:40:32.0735 6100 nvraid - ok10:40:32.0782 6100 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys10:40:32.0797 6100 nvstor - ok10:40:32.0829 6100 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\drivers\nvstor64.sys10:40:32.0844 6100 nvstor64 - ok10:40:32.0860 6100 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys10:40:32.0860 6100 nv_agp - ok10:40:32.0891 6100 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys10:40:32.0907 6100 ohci1394 - ok10:40:32.0953 6100 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE10:40:32.0969 6100 ose - ok10:40:33.0109 6100 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE10:40:33.0156 6100 osppsvc - ok10:40:33.0187 6100 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll10:40:33.0203 6100 p2pimsvc - ok10:40:33.0234 6100 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll10:40:33.0250 6100 p2psvc - ok10:40:33.0297 6100 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys10:40:33.0312 6100 Parport - ok10:40:33.0343 6100 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys10:40:33.0343 6100 partmgr - ok10:40:33.0375 6100 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll10:40:33.0406 6100 PcaSvc - ok10:40:33.0421 6100 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys10:40:33.0437 6100 pci - ok10:40:33.0468 6100 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys10:40:33.0484 6100 pciide - ok10:40:33.0515 6100 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys10:40:33.0531 6100 pcmcia - ok10:40:33.0546 6100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys10:40:33.0546 6100 pcw - ok10:40:33.0577 6100 pdfcDispatcher - ok10:40:33.0609 6100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys10:40:33.0655 6100 PEAUTH - ok10:40:33.0687 6100 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe10:40:33.0718 6100 PerfHost - ok10:40:33.0780 6100 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll10:40:33.0843 6100 pla - ok10:40:33.0889 6100 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll10:40:33.0921 6100 PlugPlay - ok10:40:33.0936 6100 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys10:40:33.0952 6100 pmxdrv - ok10:40:33.0983 6100 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll10:40:34.0014 6100 PNRPAutoReg - ok10:40:34.0030 6100 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll10:40:34.0045 6100 PNRPsvc - ok10:40:34.0077 6100 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys10:40:34.0092 6100 Point64 - ok10:40:34.0123 6100 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll10:40:34.0170 6100 PolicyAgent - ok10:40:34.0201 6100 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll10:40:34.0264 6100 Power - ok10:40:34.0295 6100 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys10:40:34.0357 6100 PptpMiniport - ok10:40:34.0373 6100 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys10:40:34.0404 6100 Processor - ok10:40:34.0435 6100 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll10:40:34.0498 6100 ProfSvc - ok10:40:34.0872 6100 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe10:40:34.0888 6100 ProtectedStorage - ok10:40:34.0903 6100 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys10:40:34.0950 6100 Psched - ok10:40:34.0997 6100 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys10:40:35.0044 6100 ql2300 - ok10:40:35.0075 6100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys10:40:35.0075 6100 ql40xx - ok10:40:35.0106 6100 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll10:40:35.0122 6100 QWAVE - ok10:40:35.0122 6100 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys10:40:35.0137 6100 QWAVEdrv - ok10:40:35.0169 6100 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys10:40:35.0215 6100 RasAcd - ok10:40:35.0247 6100 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys10:40:35.0262 6100 RasAgileVpn - ok10:40:35.0278 6100 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll10:40:35.0294 6100 RasAuto - ok10:40:35.0309 6100 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys10:40:35.0372 6100 Rasl2tp - ok10:40:35.0418 6100 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll10:40:35.0450 6100 RasMan - ok10:40:35.0465 6100 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys10:40:35.0496 6100 RasPppoe - ok10:40:35.0512 6100 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys10:40:35.0528 6100 RasSstp - ok10:40:35.0543 6100 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys10:40:35.0574 6100 rdbss - ok10:40:35.0590 6100 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys10:40:35.0606 6100 rdpbus - ok10:40:35.0621 6100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys10:40:35.0637 6100 RDPCDD - ok10:40:35.0684 6100 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys10:40:35.0746 6100 RDPENCDD - ok10:40:35.0777 6100 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys10:40:35.0808 6100 RDPREFMP - ok10:40:35.0855 6100 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys10:40:35.0902 6100 RDPWD - ok10:40:35.0918 6100 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys10:40:35.0933 6100 rdyboost - ok10:40:35.0964 6100 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll10:40:36.0027 6100 RemoteAccess - ok10:40:36.0042 6100 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll10:40:36.0089 6100 RemoteRegistry - ok10:40:36.0136 6100 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys10:40:36.0167 6100 RFCOMM - ok10:40:36.0214 6100 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe10:40:36.0230 6100 RoxioNow Service - ok10:40:36.0292 6100 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll10:40:36.0339 6100 RpcEptMapper - ok10:40:36.0354 6100 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe10:40:36.0354 6100 RpcLocator - ok10:40:36.0370 6100 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll10:40:36.0401 6100 RpcSs - ok10:40:36.0417 6100 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys10:40:36.0432 6100 rspndr - ok10:40:36.0464 6100 rsteahci (3801f80b38a08ec0be283093644e5a09) C:\Windows\system32\drivers\rsteahci.sys10:40:36.0495 6100 rsteahci - ok10:40:36.0510 6100 rstescu (e5d8afc13a276114660cb4adb3e2d6a3) C:\Windows\system32\drivers\rstescu.sys10:40:36.0526 6100 rstescu - ok10:40:36.0557 6100 rstescu1 (828572882dbd58d35417daeed07bc8b6) C:\Windows\system32\drivers\rstescu1.sys10:40:36.0588 6100 rstescu1 - ok10:40:36.0620 6100 rstfltr (397cffcd9c8b9978b38163d727c78aa1) C:\Windows\system32\drivers\rstfltr.sys10:40:36.0635 6100 rstfltr - ok10:40:36.0666 6100 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys10:40:36.0682 6100 RTL8167 - ok10:40:37.0119 6100 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe10:40:37.0134 6100 SamSs - ok10:40:37.0212 6100 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS10:40:37.0228 6100 SASDIFSV - ok10:40:37.0259 6100 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS10:40:37.0275 6100 SASKUTIL - ok10:40:37.0306 6100 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys10:40:37.0322 6100 sbp2port - ok10:40:37.0353 6100 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll10:40:37.0384 6100 SCardSvr - ok10:40:37.0400 6100 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys10:40:37.0431 6100 scfilter - ok10:40:37.0462 6100 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll10:40:37.0509 6100 Schedule - ok10:40:37.0540 6100 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll10:40:37.0571 6100 SCPolicySvc - ok10:40:37.0571 6100 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll10:40:37.0587 6100 SDRSVC - ok10:40:37.0618 6100 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe10:40:37.0618 6100 SeagateDashboardService - ok10:40:37.0649 6100 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE10:40:37.0680 6100 SeaPort - ok10:40:37.0696 6100 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys10:40:37.0758 6100 secdrv - ok10:40:37.0774 6100 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll10:40:37.0805 6100 seclogon - ok10:40:37.0821 6100 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll10:40:37.0852 6100 SENS - ok10:40:37.0852 6100 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll10:40:37.0868 6100 SensrSvc - ok10:40:37.0899 6100 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys10:40:37.0914 6100 Serenum - ok10:40:37.0930 6100 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys10:40:37.0961 6100 Serial - ok10:40:37.0992 6100 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys10:40:38.0024 6100 sermouse - ok10:40:38.0039 6100 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll10:40:38.0102 6100 SessionEnv - ok10:40:38.0117 6100 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys10:40:38.0133 6100 sffdisk - ok10:40:38.0148 6100 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys10:40:38.0164 6100 sffp_mmc - ok10:40:38.0180 6100 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys10:40:38.0195 6100 sffp_sd - ok10:40:38.0211 6100 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys10:40:38.0211 6100 sfloppy - ok10:40:38.0242 6100 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll10:40:38.0258 6100 SharedAccess - ok10:40:38.0289 6100 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll10:40:38.0304 6100 ShellHWDetection - ok10:40:38.0336 6100 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys10:40:38.0351 6100 SiSRaid2 - ok10:40:38.0367 6100 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys10:40:38.0382 6100 SiSRaid4 - ok10:40:38.0398 6100 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys10:40:38.0429 6100 Smb - ok10:40:38.0460 6100 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe10:40:38.0476 6100 SNMPTRAP - ok10:40:38.0507 6100 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys10:40:38.0507 6100 spldr - ok10:40:38.0538 6100 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe10:40:38.0554 6100 Spooler - ok10:40:38.0601 6100 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe10:40:38.0694 6100 sppsvc - ok10:40:38.0726 6100 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll10:40:38.0757 6100 sppuinotify - ok10:40:38.0819 6100 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS10:40:38.0850 6100 SRTSP - ok10:40:38.0882 6100 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS10:40:38.0882 6100 SRTSPX - ok10:40:38.0913 6100 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys10:40:38.0944 6100 srv - ok10:40:39.0350 6100 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys10:40:39.0646 6100 srv2 - ok10:40:39.0677 6100 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys10:40:39.0693 6100 srvnet - ok10:40:39.0724 6100 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll10:40:39.0755 6100 SSDPSRV - ok10:40:39.0786 6100 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll10:40:39.0818 6100 SstpSvc - ok10:40:39.0849 6100 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys10:40:39.0849 6100 stexstor - ok10:40:39.0880 6100 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll10:40:39.0911 6100 stisvc - ok10:40:39.0927 6100 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys10:40:39.0942 6100 swenum - ok10:40:39.0958 6100 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll10:40:39.0989 6100 swprv - ok10:40:40.0098 6100 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS10:40:40.0114 6100 SymDS - ok10:40:40.0176 6100 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS10:40:40.0223 6100 SymEFA - ok10:40:40.0254 6100 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS10:40:40.0254 6100 SymEvent - ok10:40:40.0301 6100 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS10:40:40.0317 6100 SymIRON - ok10:40:40.0332 6100 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS10:40:40.0348 6100 SymNetS - ok10:40:40.0395 6100 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll10:40:40.0473 6100 SysMain - ok10:40:40.0504 6100 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll10:40:40.0520 6100 TabletInputService - ok10:40:40.0551 6100 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll10:40:40.0582 6100 TapiSrv - ok10:40:40.0582 6100 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll10:40:40.0613 6100 TBS - ok10:40:40.0660 6100 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys10:40:40.0738 6100 Tcpip - ok10:40:40.0785 6100 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys10:40:40.0816 6100 TCPIP6 - ok10:40:40.0832 6100 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys10:40:40.0863 6100 tcpipreg - ok10:40:40.0878 6100 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys10:40:40.0894 6100 TDPIPE - ok10:40:40.0925 6100 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys10:40:40.0941 6100 TDTCP - ok10:40:40.0972 6100 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys10:40:41.0003 6100 tdx - ok10:40:41.0034 6100 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys10:40:41.0050 6100 TermDD - ok10:40:41.0081 6100 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll10:40:41.0144 6100 TermService - ok10:40:41.0159 6100 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll10:40:41.0159 6100 Themes - ok10:40:41.0190 6100 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll10:40:41.0206 6100 THREADORDER - ok10:40:41.0237 6100 tihub3 (ff879027c552a37897d107be6cedf6df) C:\Windows\system32\drivers\tihub3.sys10:40:41.0237 6100 tihub3 - ok10:40:41.0284 6100 tixhci (133c3b4a3e44616f8f571a0ebbef9b74) C:\Windows\system32\drivers\tixhci.sys10:40:41.0315 6100 tixhci - ok10:40:41.0331 6100 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll10:40:41.0378 6100 TrkWks - ok10:40:41.0596 6100 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe10:40:41.0721 6100 TrustedInstaller - ok10:40:41.0861 6100 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys10:40:41.0908 6100 tssecsrv - ok10:40:41.0939 6100 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys10:40:41.0970 6100 TsUsbFlt - ok10:40:41.0986 6100 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys10:40:42.0002 6100 TsUsbGD - ok10:40:42.0033 6100 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys10:40:42.0080 6100 tunnel - ok10:40:42.0111 6100 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys10:40:42.0111 6100 uagp35 - ok10:40:42.0173 6100 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe10:40:42.0189 6100 uCamMonitor - ok10:40:42.0204 6100 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys10:40:42.0251 6100 udfs - ok10:40:42.0267 6100 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe10:40:42.0282 6100 UI0Detect - ok10:40:42.0314 6100 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys10:40:42.0329 6100 uliagpkx - ok10:40:42.0345 6100 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys10:40:42.0376 6100 umbus - ok10:40:42.0392 6100 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys10:40:42.0407 6100 UmPass - ok10:40:42.0485 6100 UNS (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe10:40:42.0532 6100 UNS - ok10:40:42.0548 6100 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll10:40:42.0579 6100 upnphost - ok10:40:42.0610 6100 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys10:40:42.0626 6100 usbaudio - ok10:40:42.0657 6100 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys10:40:42.0688 6100 usbccgp - ok10:40:42.0704 6100 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys10:40:42.0719 6100 usbcir - ok10:40:42.0750 6100 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys10:40:42.0766 6100 usbehci - ok10:40:42.0797 6100 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys10:40:42.0844 6100 usbhub - ok10:40:42.0860 6100 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys10:40:42.0875 6100 usbohci - ok10:40:42.0906 6100 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys10:40:42.0938 6100 usbprint - ok10:40:42.0953 6100 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys10:40:42.0969 6100 usbscan - ok10:40:42.0984 6100 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS10:40:43.0031 6100 USBSTOR - ok10:40:43.0047 6100 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys10:40:43.0078 6100 usbuhci - ok10:40:43.0094 6100 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll10:40:43.0140 6100 UxSms - ok10:40:43.0172 6100 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe10:40:43.0187 6100 VaultSvc - ok10:40:43.0218 6100 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys10:40:43.0234 6100 vdrvroot - ok10:40:43.0250 6100 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe10:40:43.0312 6100 vds - ok10:40:43.0343 6100 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys10:40:43.0343 6100 vga - ok10:40:43.0374 6100 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys10:40:43.0421 6100 VgaSave - ok10:40:43.0437 6100 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys10:40:43.0452 6100 vhdmp - ok10:40:43.0468 6100 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys10:40:43.0484 6100 viaide - ok10:40:43.0515 6100 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys10:40:43.0530 6100 volmgr - ok10:40:43.0546 6100 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys10:40:43.0546 6100 volmgrx - ok10:40:43.0562 6100 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys10:40:43.0577 6100 volsnap - ok10:40:43.0749 6100 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys10:40:44.0014 6100 vsmraid - ok10:40:44.0232 6100 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe10:40:44.0310 6100 VSS - ok10:40:44.0310 6100 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys10:40:44.0342 6100 vwifibus - ok10:40:44.0357 6100 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys10:40:44.0388 6100 vwififlt - ok10:40:44.0420 6100 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll10:40:44.0466 6100 W32Time - ok10:40:44.0482 6100 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys10:40:44.0498 6100 WacomPen - ok10:40:44.0529 6100 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys10:40:44.0576 6100 WANARP - ok10:40:44.0576 6100 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys10:40:44.0591 6100 Wanarpv6 - ok10:40:44.0638 6100 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe10:40:44.0685 6100 WatAdminSvc - ok10:40:44.0732 6100 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe10:40:44.0810 6100 wbengine - ok10:40:44.0825 6100 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll10:40:44.0856 6100 WbioSrvc - ok10:40:44.0872 6100 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll10:40:44.0903 6100 wcncsvc - ok10:40:44.0919 6100 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll10:40:44.0950 6100 WcsPlugInService - ok10:40:44.0966 6100 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys10:40:44.0966 6100 Wd - ok10:40:44.0997 6100 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys10:40:45.0012 6100 Wdf01000 - ok10:40:45.0028 6100 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll10:40:45.0106 6100 WdiServiceHost - ok10:40:45.0106 6100 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll10:40:45.0122 6100 WdiSystemHost - ok10:40:45.0137 6100 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll10:40:45.0168 6100 WebClient - ok10:40:45.0200 6100 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll10:40:45.0246 6100 Wecsvc - ok10:40:45.0262 6100 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll10:40:45.0278 6100 wercplsupport - ok10:40:45.0309 6100 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll10:40:45.0356 6100 WerSvc - ok10:40:45.0387 6100 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys10:40:45.0402 6100 WfpLwf - ok10:40:45.0434 6100 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys10:40:45.0434 6100 WIMMount - ok10:40:45.0449 6100 WinDefend - ok10:40:45.0449 6100 WinHttpAutoProxySvc - ok10:40:45.0496 6100 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll10:40:45.0512 6100 Winmgmt - ok10:40:45.0558 6100 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll10:40:45.0621 6100 WinRM - ok10:40:45.0652 6100 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll10:40:45.0668 6100 Wlansvc - ok10:40:45.0730 6100 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe10:40:45.0746 6100 wlcrasvc - ok10:40:45.0808 6100 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE10:40:45.0839 6100 wlidsvc - ok10:40:45.0886 6100 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys10:40:45.0902 6100 WmiAcpi - ok10:40:45.0933 6100 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe10:40:45.0964 6100 wmiApSrv - ok10:40:45.0980 6100 WMPNetworkSvc - ok10:40:45.0995 6100 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll10:40:46.0011 6100 WPCSvc - ok10:40:46.0026 6100 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll10:40:46.0557 6100 WPDBusEnum - ok10:40:46.0572 6100 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys10:40:46.0619 6100 ws2ifsl - ok10:40:46.0635 6100 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll10:40:46.0650 6100 wscsvc - ok10:40:46.0650 6100 WSearch - ok10:40:46.0697 6100 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll10:40:46.0791 6100 wuauserv - ok10:40:46.0806 6100 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys10:40:46.0838 6100 WudfPf - ok10:40:46.0853 6100 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys10:40:46.0884 6100 WUDFRd - ok10:40:46.0900 6100 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll10:40:46.0916 6100 wudfsvc - ok10:40:46.0931 6100 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll10:40:46.0962 6100 WwanSvc - ok10:40:46.0994 6100 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR010:40:47.0025 6100 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected10:40:47.0025 6100 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)10:40:47.0056 6100 \Device\Harddisk0\DR0 ( TDSS File System ) - warning10:40:47.0056 6100 \Device\Harddisk0\DR0 - detected TDSS File System (1)10:40:47.0087 6100 Boot (0x1200) (ff7986750488392653084bae0a414e90) \Device\Harddisk0\DR0\Partition010:40:47.0087 6100 \Device\Harddisk0\DR0\Partition0 - ok10:40:47.0087 6100 Boot (0x1200) (bce44d81d8ca8e17b546a9e308264b10) \Device\Harddisk0\DR0\Partition110:40:47.0087 6100 \Device\Harddisk0\DR0\Partition1 - ok10:40:47.0118 6100 Boot (0x1200) (b26002cf8cf7f6bbd928a2e51f61a86e) \Device\Harddisk0\DR0\Partition210:40:47.0118 6100 \Device\Harddisk0\DR0\Partition2 - ok10:40:47.0118 6100 ============================================================10:40:47.0118 6100 Scan finished10:40:47.0118 6100 ============================================================10:40:47.0134 3820 Detected object count: 310:40:47.0134 3820 Actual detected object count: 310:41:58.0052 3820 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user10:41:58.0052 3820 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 10:41:58.0083 3820 \Device\Harddisk0\DR0\# - copied to quarantine10:41:58.0083 3820 \Device\Harddisk0\DR0 - copied to quarantine10:41:58.0114 3820 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine10:41:58.0114 3820 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine10:41:58.0145 3820 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine10:41:58.0145 3820 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine10:41:58.0145 3820 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine10:41:58.0145 3820 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine10:41:58.0145 3820 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine10:41:58.0161 3820 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine10:41:58.0161 3820 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine10:41:58.0161 3820 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine10:41:58.0161 3820 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine10:41:58.0161 3820 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine10:41:58.0161 3820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot10:41:58.0161 3820 \Device\Harddisk0\DR0 - ok10:41:58.0270 3820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 10:41:58.0286 3820 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine10:41:58.0301 3820 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine10:41:58.0301 3820 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine10:41:58.0317 3820 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine10:41:58.0317 3820 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine10:41:58.0317 3820 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine10:41:58.0317 3820 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine10:41:58.0332 3820 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine10:41:58.0332 3820 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine10:41:58.0332 3820 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine10:41:58.0332 3820 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine10:41:58.0332 3820 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine10:41:58.0332 3820 \Device\Harddisk0\DR0\TDLFS - deleted10:41:58.0332 3820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete 10:42:29.0782 3596 Deinitialize success Link to post Share on other sites More sharing options...
MrCharlie Posted April 22, 2012 ID:544943 Share Posted April 22, 2012 Good.....TDSSKiller found the rootkit.Next......Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Please include the C:\ComboFix.txt in your next reply for further review.Note:If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
momofthree Posted April 22, 2012 Author ID:544948 Share Posted April 22, 2012 ComboFix 12-04-22.01 - Cindy 04/22/2012 11:13:20.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6089 [GMT -4:00]Running from: c:\users\Cindy\Desktop\ComboFix.exeAV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}* Created a new restore point..((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))..2012-04-22 15:17 . 2012-04-22 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp2012-04-22 15:09 . 2012-04-22 15:15 -------- d-----w- c:\users\Cindy\AppData\Roaming\Free Download Manager2012-04-22 15:09 . 2012-04-22 15:09 -------- d-----w- c:\program files (x86)\Free Download Manager2012-04-22 15:09 . 2012-04-22 15:09 -------- d-----w- c:\program files (x86)\PC Speed Maximizer2012-04-22 15:08 . 2012-04-22 15:08 -------- d-----w- c:\users\Cindy\AppData\Local\Google2012-04-22 15:08 . 2012-04-22 15:08 -------- d-----w- c:\users\Cindy\AppData\Local\I Want This2012-04-22 15:08 . 2012-04-22 15:08 -------- d-----w- c:\program files (x86)\I Want This2012-04-22 15:08 . 2012-04-22 15:09 -------- d-----w- c:\users\Cindy\AppData\Local\antiphishing-vmninternethelper1_1dn2012-04-22 15:08 . 2012-04-22 15:08 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor2012-04-22 15:08 . 2012-04-22 15:08 -------- d-----w- c:\programdata\blekko toolbars2012-04-22 15:08 . 2012-04-22 15:08 -------- d-----w- c:\program files (x86)\blekkotb_soc2012-04-22 14:41 . 2012-04-22 14:41 -------- d-----w- C:\TDSSKiller_Quarantine2012-04-22 02:13 . 2012-04-22 02:14 -------- d-----w- c:\users\Cindy\AppData\Local\Windows Live Writer2012-04-22 02:13 . 2012-04-22 02:13 -------- d-----w- c:\users\Cindy\AppData\Roaming\Windows Live Writer2012-04-22 00:05 . 2012-04-22 00:05 -------- d-----w- c:\users\Cindy\AppData\Roaming\SUPERAntiSpyware.com2012-04-22 00:05 . 2012-04-22 02:34 -------- d-----w- c:\program files\SUPERAntiSpyware2012-04-22 00:05 . 2012-04-22 00:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com2012-04-19 08:23 . 2012-04-19 08:23 -------- d-----w- c:\programdata\LSI2012-04-16 16:02 . 2012-04-16 16:02 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\C3DB.tmp2012-04-16 16:02 . 2012-04-16 16:02 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\C3CB.tmp2012-04-11 07:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-11 07:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll2012-04-11 07:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll2012-04-11 07:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-11 07:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-04-11 07:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-04-11 07:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-04-04 19:56 . 2012-02-02 22:14 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-03-23 13:49 . 2012-01-09 22:16 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS2012-03-06 15:18 . 2012-03-06 15:18 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin2012-02-28 20:41 . 2012-02-28 20:41 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2012-02-28 20:41 . 2012-02-28 20:41 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll2012-02-28 20:41 . 2012-02-28 20:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll2012-02-28 20:41 . 2012-02-28 20:41 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2012-02-19 15:02 . 2011-08-12 20:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-02-19 03:20 . 2012-02-19 03:20 471 ----a-w- c:\program files (x86)\0218201222205025.bat2012-02-18 03:27 . 2012-02-18 03:27 494 ----a-w- c:\program files (x86)\0217201222275287.bat2012-02-17 06:38 . 2012-03-14 13:50 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-02-17 05:34 . 2012-03-14 13:50 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-02-17 04:58 . 2012-03-14 13:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-02-17 04:57 . 2012-03-14 13:50 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2012-02-13 03:14 . 2012-02-13 03:14 499 ----a-w- c:\program files (x86)\0212201222142977.bat2012-02-10 06:36 . 2012-03-14 13:50 1544192 ----a-w- c:\windows\system32\DWrite.dll2012-02-10 05:38 . 2012-03-14 13:50 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll2012-02-10 02:51 . 2012-02-10 02:51 467 ----a-w- c:\program files (x86)\0209201221514409.bat2012-02-03 04:34 . 2012-03-14 13:50 3145728 ----a-w- c:\windows\system32\win32k.sys2012-01-25 06:38 . 2012-03-14 13:50 77312 ----a-w- c:\windows\system32\rdpwsx.dll2012-01-25 06:38 . 2012-03-14 13:50 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-01-25 06:33 . 2012-03-14 13:50 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe2011-12-07 03:29 . 2011-12-07 03:29 493 ----a-w- c:\program files (x86)\1206201122295228.bat..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}]2012-03-14 19:42 85288 ----a-w- c:\program files (x86)\blekkotb_soc\blekkotb_019X.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}"= "c:\program files (x86)\blekkotb_soc\blekkotb_019X.dll" [2012-03-14 85288].[HKEY_CLASSES_ROOT\clsid\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2011-12-28 6148096].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-01 336384]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-05 658424]"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [x]R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [x]R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [x]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]R3 rstescu1;rstescu1;c:\windows\system32\drivers\rstescu1.sys [x]R3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [x]R3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]S0 megasas2;megasas2;c:\windows\system32\drivers\megasas2.sys [x]S0 rsteahci;rsteahci;c:\windows\system32\drivers\rsteahci.sys [x]S0 rstescu;rstescu;c:\windows\system32\drivers\rstescu.sys [x]S0 rstfltr;rstfltr;c:\windows\system32\drivers\rstfltr.sys [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-04-02 1160824]S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120420.001\IDSvia64.sys [2012-03-06 488568]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-05 1128952]S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]..Contents of the 'Scheduled Tasks' folder.2012-04-22 c:\windows\Tasks\HPCeeScheduleForCindy.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uStart Page = hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=86adbc52&toolbarid=blekkotb_soc&u=20120422712B436E863179BE91014C30&tbp=homepageuLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htmIE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htmIE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htmIE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.0.1.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-PC Speed Maximizer - c:\program files (x86)\PC Speed Maximizer\SPMStarter.exeWow6432Node-HKCU-Run-SPMTray - c:\program files (x86)\PC Speed Maximizer\SPMTray.exeAddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"--.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-04-22 11:18:14ComboFix-quarantined-files.txt 2012-04-22 15:18.Pre-Run: 858,921,136,128 bytes freePost-Run: 858,930,081,792 bytes free.- - End Of File - - 9A07D217232A0C61E3975A0236DF2AF0 Link to post Share on other sites More sharing options...
momofthree Posted April 22, 2012 Author ID:544950 Share Posted April 22, 2012 I ran my malwarebytes and the virus is gone. I have rebooted several times and it is still gone Thank you!!! Link to post Share on other sites More sharing options...
MrCharlie Posted April 22, 2012 ID:544951 Share Posted April 22, 2012 OK, we have a little clean up to do.Please Uninstall ComboFix:Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point---------------------------------Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.-------------------------------You have out date Java on the system, older versions are vulnerable to malware.Please go to your control panel > Java > Update Tab > Update NowJava™ 6 Update 30 <---should be Java™ 6 Update 31.http://www.java.com/...d/installed.jsp <---verify your Java-----------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
LDTate Posted April 23, 2012 ID:545165 Share Posted April 23, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts