Malwarebytes has blocked access to maliscious website....TCPSVCS.EXE

LenardFleming · May 14, 2012

Hello,

I'm pulling my hair out over a suspicious occurrence of MWB alerting me that it has blocked access to potentially malicious websites, and notices of "High CPU usage by MWB." I have NORTON 360 (and it’s all up to date), and MWB. I have run scan after scan with both and all comes back clean. I have also run Norton’s, NPE program, as well as ComboFix. The issue is still occurring. I do not have a static IP address. I cannot figure for the life of me, whether this activity is originating on my end, or if these websites are coming to me. The alert generally references: Incoming, Port 19 (sometimes other ports too), and TCPSVCS.EXE. I have looked up the IP address that the alert shows, and it says it’s in the Netherlands.

I'm not a techie type guy, but this is beginning to wear me out. I have a business to run on this machine and need more knowledgeable advice from someone that knows what they are doing. Anything this community could do would be greatly appreciated.

Thanks,

L.Fleming

MrCharlie · May 14, 2012

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

LenardFleming · May 14, 2012

Hope I did all this right...Thanks for the fast reply and help!

Scan Results are as follows:

DDS.txt

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Lenard at 12:45:57 on 2012-05-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2048.701 [GMT -5:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Windows\system32\atashost.exe

C:\Program Files\Microsoft\BingBar\7.1.352.0\BBSvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Windows\system32\CISVC.EXE

C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k ipripsvc

C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Windows\System32\tcpsvcs.exe

C:\Windows\System32\snmp.exe

C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

C:\Program Files\TightVNC\tvnserver.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe

C:\Windows\Explorer.EXE

C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe

C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\TightVNC\tvnserver.exe

C:\Program Files\Android-Sync\AndroidSync.exe

C:\Program Files\Wyse\PocketCloud Windows Companion\WyseBrowser.exe

C:\Program Files\MozyPro\mozyprostat.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Android-Sync\bin\adb.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe

C:\Program Files\MozyPro\mozyprobackup.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.suddenlink.net/

uInternet Settings,ProxyOverride = *.local;<local>

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.0.9\ips\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.352.0\BingExt.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.0.9\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.352.0\BingExt.dll"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave

mRun: [AndroidSync] c:\program files\android-sync\AndroidSync.exe -m

mRun: [PocketCloud Location] c:\program files\wyse\pocketcloud windows companion\WyseBrowser.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozypr~1.lnk - c:\program files\mozypro\mozyprostat.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

Trusted Zone: motive.com\pattta.att

Trusted Zone: motive.com\patttbc.att

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271554470514

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://rim.webex.com/client/T27LB/support/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 208.180.42.68 208.180.42.100

TCP: Interfaces\{AE641B68-4657-4CCC-8018-56144A401206} : DhcpNameServer = 208.180.42.68 208.180.42.100

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\lenard\appdata\roaming\mozilla\firefox\profiles\piw7qjma.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://home.suddenlink.net/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=66604&q=

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll

FF - plugin: c:\programdata\best buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: c:\users\lenard\appdata\roaming\mozilla\firefox\profiles\piw7qjma.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 6dbad97e-9741-43d1-8783-0293a5144e86

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602000.009\SymDS.sys [2012-5-2 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602000.009\SymEFA.sys [2012-5-2 905336]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-8 821880]

R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602000.009\ccSetx86.sys [2012-5-2 132744]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.0.9\definitions\ipsdefs\20120511.001\IDSvix86.sys [2012-5-12 368248]

R1 mozyproFilter;mozyproFilter;c:\windows\system32\drivers\mozypro.sys [2012-2-14 54776]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602000.009\Ironx86.sys [2012-5-2 149624]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0602000.009\symnets.sys [2012-5-2 318584]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-9-9 43912]

R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.352.0\BBSvc.EXE [2012-1-21 192792]

R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\norton utilities 15\tools\disk doctor\DiskDoctorSrv.exe [2011-11-28 1029480]

R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-14 654408]

R2 mozyprobackup;MozyPro Backup Service;c:\program files\mozypro\mozyprobackup.exe [2011-9-29 53016]

R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.0.9\ccSvcHst.exe [2012-5-2 138232]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]

R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\norton utilities 15\tools\speeddisk\SpeedDiskSrv.exe [2011-11-28 1037672]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-12-14 1514304]

R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2011-8-3 828944]

R2 WysePocketCloud;Wyse PocketCloud;c:\program files\wyse\pocketcloud windows companion\PocketCloudService.exe [2012-3-20 175520]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-11-10 8913920]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-11-10 263680]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-2 106104]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-24 22344]

R3 QuickBooksDB21;QuickBooksDB21;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb21 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB21 [?]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 257696]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.352.0\SeaPort.EXE [2012-1-21 240408]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2012-3-7 6016]

S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2012-3-7 25856]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-3-7 20480]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-3-7 8320]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-3-7 23424]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 129976]

S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2012-2-3 38976]

S3 PSSDKLBF;PSSDKLBF;c:\windows\system32\drivers\pssdklbf.sys [2012-2-3 53312]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-9-24 27192]

S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2011-11-28 128248]

S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2011-11-28 108800]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-25 1343400]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-1-18 25704]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-1-18 25704]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-1-18 25704]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-1-18 25704]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-1-18 25704]

.

=============== Created Last 30 ================

.

2012-05-14 17:35:53 711240 ----a-w- c:\windows\isRS-000.tmp

2012-05-14 13:58:13 -------- d-sh--w- C:\$RECYCLE.BIN

2012-05-14 13:50:20 -------- d-----w- c:\users\lenard\appdata\local\temp

2012-05-14 13:32:18 98816 ----a-w- c:\windows\sed.exe

2012-05-14 13:32:18 518144 ----a-w- c:\windows\SWREG.exe

2012-05-14 13:32:18 256000 ----a-w- c:\windows\PEV.exe

2012-05-14 13:32:18 208896 ----a-w- c:\windows\MBR.exe

2012-05-09 20:34:02 -------- d-----w- c:\program files\InterActual

2012-05-09 09:47:40 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 09:47:38 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2012-05-09 09:47:38 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll

2012-05-09 09:47:38 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2012-05-09 09:47:38 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL

2012-05-09 09:47:35 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-09 09:47:34 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 09:47:34 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-05-09 09:47:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 09:47:27 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-05-05 18:01:07 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-05-02 23:31:47 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-05-02 23:31:41 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-05-02 23:31:41 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2012-05-02 15:37:43 318584 ----a-r- c:\windows\system32\drivers\n360\0602000.009\symnets.sys

2012-05-02 15:37:42 905336 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymEFA.sys

2012-05-02 15:37:42 574072 ----a-r- c:\windows\system32\drivers\n360\0602000.009\srtsp.sys

2012-05-02 15:37:42 340088 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymDS.sys

2012-05-02 15:37:42 32888 ----a-r- c:\windows\system32\drivers\n360\0602000.009\srtspx.sys

2012-05-02 15:37:42 149624 ----a-r- c:\windows\system32\drivers\n360\0602000.009\Ironx86.sys

2012-05-02 15:37:42 132744 ----a-r- c:\windows\system32\drivers\n360\0602000.009\ccSetx86.sys

2012-05-02 15:37:29 4782 ----a-r- c:\windows\system32\drivers\n360\0602000.009\SymVTcer.dat

2012-05-02 15:37:28 -------- d-----w- c:\windows\system32\drivers\n360\0602000.009

2012-05-01 07:05:04 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9269f4f4-1f47-4b79-91f6-aa1e26ff7753}\mpengine.dll

2012-04-19 14:06:36 -------- d-----w- c:\users\lenard\appdata\roaming\TightVNC

.

==================== Find3M ====================

.

2012-05-05 19:01:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 19:01:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-02 15:42:49 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-29 06:28:34 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2012-03-19 15:10:30 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

.

============= FINISH: 12:48:06.38 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/24/2011 9:57:15 PM

System Uptime: 5/14/2012 12:37:37 PM (0 hours ago)

.

Motherboard: ELITEGROUP | | 945GCT-M3

Processor: Genuine Intel® CPU 2160 @ 1.80GHz | Socket 775 | 1800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 363 GiB total, 228.881 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 4.511 GiB free.

E: is CDROM (UDF)

I: is Removable

J: is Removable

L: is Removable

M: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP168: 5/14/2012 8:32:35 AM - ComboFix created restore point

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Alocet PDF Writer

Amazon MP3 Downloader 1.0.15

Android-Sync v0.385

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AudibleManager

BeerSmith 2

Bing Bar

BlackBerry Desktop Software 6.1

Bonjour

Google Toolbar for Internet Explorer

GoToMeeting 4.8.0.723

iCloud

iTunes

Java Auto Updater

Java™ 6 Update 31

Malwarebytes Anti-Malware version 1.61.0.1400

Marshall Plan® Novel Writing Software

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Store Download Manager

MobileMe Control Panel

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MozyPro

Norton Utilities 15

PocketCloud Windows Companion

ProMash

QuickBooks

QuickBooks Contact Sync

QuickBooks Pro 2011

QuickTime

Realtek High Definition Audio Driver

RegZooka

Revo Uninstaller Pro 2.5.8

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.8

Soft Data Fax Modem with SmartCP

Star Trek Online

StrangeBrew

TightVNC 2.0.4

TuneUp Utilities 2012

TuneUp Utilities Language Pack (en-US)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Ventrilo Client

Windows Driver Package - Motorola (bqusbser) Modem (02/24/2009 1.1.0.0)

Windows Driver Package - Motorola (bqusbser) Ports (02/24/2009 1.1.0.0)

Windows Driver Package - Motorola (motandroidusb) USB (11/08/2011 1.2.9.0)

Windows Driver Package - Motorola (motccgp) USB (11/08/2011 3.1.2.0)

Windows Driver Package - Motorola (motmodem) Modem (11/08/2011 4.8.2.0)

Windows Driver Package - Motorola (Motousbnet) Net (07/01/2011 2.4.7.0)

Windows Driver Package - Motorola (motport) Ports (11/08/2011 4.8.2.0)

Windows Driver Package - Motorola (motusbdevice) USB (11/08/2011 1.1.0.0)

Windows Driver Package - Motorola Inc (MotDev) MOTUSB (11/08/2011 3.2.12.0)

Windows Driver Package - Motorola Net (11/08/2011 1.0.5.0)

ZumoCast

.

==== Event Viewer Messages From Past Week ========

.

5/9/2012 12:52:09 AM, Error: IPRIP [29012] - IPRIP was unable to bind a socket to IP address 74.197.174.183. The data is the error code.

5/8/2012 2:07:40 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

5/8/2012 2:07:40 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.

5/14/2012 8:50:47 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/14/2012 8:35:07 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).

5/14/2012 8:31:39 AM, Error: Service Control Manager [7034] - The QuickBooksDB21 service terminated unexpectedly. It has done this 1 time(s).

5/14/2012 7:51:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

5/14/2012 7:51:57 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

5/14/2012 7:51:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/14/2012 7:51:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/14/2012 7:51:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/14/2012 7:51:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/14/2012 7:51:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 discache eeCtrl IDSVix86 mozyproFilter spldr SRTSP SRTSPX SymIRON SymNetS truecrypt Wanarpv6

5/14/2012 12:46:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

5/14/2012 12:38:22 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

5/12/2012 9:42:16 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

5/11/2012 1:10:49 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.

.

==== End Of File ===========================

RogueKiller.txt

RogueKiller V7.4.4 [05/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User: Lenard [Admin rights]

Mode: Scan -- Date: 05/14/2012 13:13:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @QBDataServiceUser21 : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x832E24E1 -> HOOKED (Unknown @ 0x867B3640)

SSDT[14] : NtAlertThread @ 0x8326AB0F -> HOOKED (Unknown @ 0x85EA3E80)

SSDT[19] : NtAllocateVirtualMemory @ 0x83217F65 -> HOOKED (Unknown @ 0x866211A0)

SSDT[22] : NtAlpcConnectPort @ 0x8322B26B -> HOOKED (Unknown @ 0x866C5DB8)

SSDT[43] : NtAssignProcessToJobObject @ 0x832837B4 -> HOOKED (Unknown @ 0x865FD248)

SSDT[74] : NtCreateMutant @ 0x8327A1CE -> HOOKED (Unknown @ 0x86600E88)

SSDT[86] : NtCreateSymbolicLinkObject @ 0x831F9189 -> HOOKED (Unknown @ 0x866248B0)

SSDT[87] : NtCreateThread @ 0x832E0702 -> HOOKED (Unknown @ 0x867D72F0)

SSDT[88] : NtCreateThreadEx @ 0x83269801 -> HOOKED (Unknown @ 0x86600460)

SSDT[96] : NtDebugActiveProcess @ 0x832B2E88 -> HOOKED (Unknown @ 0x86600310)

SSDT[111] : NtDuplicateObject @ 0x832658B5 -> HOOKED (Unknown @ 0x86621370)

SSDT[131] : NtFreeVirtualMemory @ 0x8308B32E -> HOOKED (Unknown @ 0x86600D28)

SSDT[145] : NtImpersonateAnonymousToken @ 0x8325E236 -> HOOKED (Unknown @ 0x86600F90)

SSDT[147] : NtImpersonateThread @ 0x8323C252 -> HOOKED (Unknown @ 0x864B7250)

SSDT[155] : NtLoadDriver @ 0x831AF442 -> HOOKED (Unknown @ 0x86527058)

SSDT[168] : NtMapViewOfSection @ 0x83244B6D -> HOOKED (Unknown @ 0x86600C28)

SSDT[177] : NtOpenEvent @ 0x8323AF76 -> HOOKED (Unknown @ 0x866244E0)

SSDT[190] : NtOpenProcess @ 0x83226F07 -> HOOKED (Unknown @ 0x86621008)

SSDT[191] : NtOpenProcessToken @ 0x8326425D -> HOOKED (Unknown @ 0x86621290)

SSDT[194] : NtOpenSection @ 0x832739F0 -> HOOKED (Unknown @ 0x866FC008)

SSDT[198] : NtOpenThread @ 0x8327CAF8 -> HOOKED (Unknown @ 0x86621460)

SSDT[215] : NtProtectVirtualMemory @ 0x8324B483 -> HOOKED (Unknown @ 0x86600598)

SSDT[304] : NtResumeThread @ 0x83236EF5 -> HOOKED (Unknown @ 0x866210C0)

SSDT[316] : NtSetContextThread @ 0x832E1F8D -> HOOKED (Unknown @ 0x866006D0)

SSDT[333] : NtSetInformationProcess @ 0x8321528F -> HOOKED (Unknown @ 0x86600A58)

SSDT[350] : NtSetSystemInformation @ 0x831F2618 -> HOOKED (Unknown @ 0x866FCEC0)

SSDT[366] : NtSuspendProcess @ 0x832E241B -> HOOKED (Unknown @ 0x86624380)

SSDT[367] : NtSuspendThread @ 0x8329C333 -> HOOKED (Unknown @ 0x86624D10)

SSDT[370] : NtTerminateProcess @ 0x832273E6 -> HOOKED (Unknown @ 0x86621990)

SSDT[371] : NtTerminateThread @ 0x8323E936 -> HOOKED (Unknown @ 0x86600348)

SSDT[385] : NtUnmapViewOfSection @ 0x83267508 -> HOOKED (Unknown @ 0x86600B48)

SSDT[399] : NtWriteVirtualMemory @ 0x83257295 -> HOOKED (Unknown @ 0x86600DF8)

S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x871DC868)

S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x87036DE0)

S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x871EAB80)

S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x85E8E688)

S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x871ED648)

S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x871E8640)

S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x871EAAB0)

S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x871EA9E0)

S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x87036EE8)

S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x871E82B8)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT725040VLA380 ATA Device +++++

--- User ---

[MBR] fd8deb240bf8098a38ec337a10315105

[bSP] 4c00e8bb74ce040920247e26d3ccae2b : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 10032 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20547135 | Size: 371518 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · May 14, 2012

Please do this........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

LenardFleming · May 14, 2012

14:02:08.0193 5176 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

14:02:08.0974 5176 ============================================================

14:02:08.0974 5176 Current date / time: 2012/05/14 14:02:08.0974

14:02:08.0974 5176 SystemInfo:

14:02:08.0974 5176

14:02:08.0974 5176 OS Version: 6.1.7601 ServicePack: 1.0

14:02:08.0974 5176 Product type: Workstation

14:02:08.0974 5176 ComputerName: SERENITY

14:02:08.0974 5176 UserName: Lenard

14:02:08.0974 5176 Windows directory: C:\Windows

14:02:08.0974 5176 System windows directory: C:\Windows

14:02:08.0974 5176 Processor architecture: Intel x86

14:02:08.0974 5176 Number of processors: 2

14:02:08.0974 5176 Page size: 0x1000

14:02:08.0974 5176 Boot type: Normal boot

14:02:08.0974 5176 ============================================================

14:02:11.0958 5176 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:02:11.0974 5176 ============================================================

14:02:11.0974 5176 \Device\Harddisk0\DR0:

14:02:11.0974 5176 MBR partitions:

14:02:11.0974 5176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1398600

14:02:11.0974 5176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139863F, BlocksNum 0x2D59F682

14:02:11.0974 5176 ============================================================

14:02:12.0005 5176 C: <-> \Device\Harddisk0\DR0\Partition1

14:02:12.0021 5176 D: <-> \Device\Harddisk0\DR0\Partition0

14:02:12.0021 5176 ============================================================

14:02:12.0021 5176 Initialize success

14:02:12.0021 5176 ============================================================

14:02:17.0771 4400 ============================================================

14:02:17.0771 4400 Scan started

14:02:17.0771 4400 Mode: Manual; SigCheck; TDLFS;

14:02:17.0771 4400 ============================================================

14:02:20.0115 4400 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

14:02:20.0302 4400 1394ohci - ok

14:02:20.0333 4400 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

14:02:20.0365 4400 ACPI - ok

14:02:20.0412 4400 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

14:02:20.0505 4400 AcpiPmi - ok

14:02:20.0599 4400 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

14:02:20.0615 4400 AdobeARMservice - ok

14:02:20.0693 4400 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

14:02:20.0708 4400 AdobeFlashPlayerUpdateSvc - ok

14:02:20.0771 4400 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys

14:02:20.0787 4400 adp94xx - ok

14:02:20.0833 4400 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys

14:02:20.0849 4400 adpahci - ok

14:02:20.0865 4400 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys

14:02:20.0896 4400 adpu320 - ok

14:02:20.0912 4400 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

14:02:21.0052 4400 AeLookupSvc - ok

14:02:21.0099 4400 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

14:02:21.0162 4400 AFD - ok

14:02:21.0177 4400 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

14:02:21.0208 4400 agp440 - ok

14:02:21.0240 4400 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys

14:02:21.0255 4400 aic78xx - ok

14:02:21.0302 4400 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

14:02:21.0365 4400 ALG - ok

14:02:21.0380 4400 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

14:02:21.0412 4400 aliide - ok

14:02:21.0458 4400 AMD External Events Utility (f970ea885aefeb1b9eb97ca7f1eb226d) C:\Windows\system32\atiesrxx.exe

14:02:21.0521 4400 AMD External Events Utility - ok

14:02:21.0552 4400 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

14:02:21.0568 4400 amdagp - ok

14:02:21.0583 4400 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

14:02:21.0615 4400 amdide - ok

14:02:21.0646 4400 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys

14:02:21.0677 4400 AmdK8 - ok

14:02:22.0068 4400 amdkmdag (ab70f110143892eb41aa46500aa5cf00) C:\Windows\system32\DRIVERS\atikmdag.sys

14:02:22.0380 4400 amdkmdag - ok

14:02:22.0474 4400 amdkmdap (32d68d05b871eed5572d0c2c764ea4ec) C:\Windows\system32\DRIVERS\atikmpag.sys

14:02:22.0537 4400 amdkmdap - ok

14:02:22.0568 4400 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys

14:02:22.0599 4400 AmdPPM - ok

14:02:22.0708 4400 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

14:02:22.0755 4400 amdsata - ok

14:02:23.0068 4400 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys

14:02:23.0115 4400 amdsbs - ok

14:02:23.0200 4400 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

14:02:23.0235 4400 amdxata - ok

14:02:23.0493 4400 AppHostSvc (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll

14:02:23.0696 4400 AppHostSvc - ok

14:02:23.0829 4400 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

14:02:23.0875 4400 AppID - ok

14:02:23.0907 4400 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

14:02:23.0969 4400 AppIDSvc - ok

14:02:23.0985 4400 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

14:02:24.0047 4400 Appinfo - ok

14:02:24.0422 4400 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:02:24.0485 4400 Apple Mobile Device - ok

14:02:24.0719 4400 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys

14:02:24.0750 4400 arc - ok

14:02:24.0813 4400 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys

14:02:24.0860 4400 arcsas - ok

14:02:25.0157 4400 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

14:02:25.0235 4400 aspnet_state - ok

14:02:25.0282 4400 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

14:02:26.0000 4400 AsyncMac - ok

14:02:26.0141 4400 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

14:02:26.0157 4400 atapi - ok

14:02:26.0250 4400 atashost (da1b3ad3b06d5ded23f8e1a806731809) C:\Windows\system32\atashost.exe

14:02:26.0297 4400 atashost - ok

14:02:26.0469 4400 AtiHdmiService (f48d470154cc58cd6520771464fbec3f) C:\Windows\system32\drivers\AtiHdmi.sys

14:02:26.0579 4400 AtiHdmiService - ok

14:02:26.0938 4400 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

14:02:26.0985 4400 AudioEndpointBuilder - ok

14:02:27.0000 4400 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

14:02:27.0032 4400 Audiosrv - ok

14:02:27.0188 4400 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

14:02:27.0375 4400 AxInstSV - ok

14:02:27.0735 4400 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys

14:02:27.0829 4400 b06bdrv - ok

14:02:27.0922 4400 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

14:02:27.0969 4400 b57nd60x - ok

14:02:28.0079 4400 BBSvc (c68ef736cb6e92e885b9a085536b8c6f) C:\Program Files\Microsoft\BingBar\7.1.352.0\BBSvc.exe

14:02:28.0110 4400 BBSvc - ok

14:02:28.0125 4400 BBUpdate (d4b0ee780cf3c1918a8ff65865d3b91f) C:\Program Files\Microsoft\BingBar\7.1.352.0\SeaPort.exe

14:02:28.0172 4400 BBUpdate - ok

14:02:28.0204 4400 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

14:02:28.0235 4400 BcmSqlStartupSvc - ok

14:02:28.0266 4400 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

14:02:28.0329 4400 BDESVC - ok

14:02:28.0360 4400 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

14:02:28.0407 4400 Beep - ok

14:02:28.0469 4400 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

14:02:28.0516 4400 BFE - ok

14:02:28.0704 4400 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120507.001\BHDrvx86.sys

14:02:28.0750 4400 BHDrvx86 - ok

14:02:28.0844 4400 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll

14:02:28.0922 4400 BITS - ok

14:02:28.0954 4400 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

14:02:29.0000 4400 blbdrive - ok

14:02:29.0063 4400 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

14:02:29.0094 4400 Bonjour Service - ok

14:02:29.0141 4400 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

14:02:29.0204 4400 bowser - ok

14:02:29.0235 4400 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys

14:02:29.0266 4400 BrFiltLo - ok

14:02:29.0282 4400 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys

14:02:29.0329 4400 BrFiltUp - ok

14:02:29.0360 4400 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

14:02:29.0422 4400 BridgeMP - ok

14:02:29.0454 4400 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

14:02:29.0500 4400 Browser - ok

14:02:29.0547 4400 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

14:02:29.0641 4400 Brserid - ok

14:02:29.0657 4400 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

14:02:29.0688 4400 BrSerWdm - ok

14:02:29.0704 4400 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:02:29.0735 4400 BrUsbMdm - ok

14:02:29.0750 4400 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

14:02:29.0797 4400 BrUsbSer - ok

14:02:29.0829 4400 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys

14:02:29.0907 4400 BTCFilterService - ok

14:02:29.0922 4400 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys

14:02:29.0969 4400 BTHMODEM - ok

14:02:30.0000 4400 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

14:02:30.0047 4400 bthserv - ok

14:02:30.0125 4400 catchme - ok

14:02:30.0219 4400 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602000.009\ccSetx86.sys

14:02:30.0235 4400 ccSet_N360 - ok

14:02:30.0297 4400 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

14:02:30.0329 4400 cdfs - ok

14:02:30.0391 4400 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

14:02:30.0422 4400 cdrom - ok

14:02:30.0454 4400 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

14:02:30.0500 4400 CertPropSvc - ok

14:02:30.0516 4400 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys

14:02:30.0547 4400 circlass - ok

14:02:30.0563 4400 CISVC (3e2afafa158c9ed670c106842bdcc81e) C:\Windows\system32\CISVC.EXE

14:02:30.0610 4400 CISVC - ok

14:02:30.0641 4400 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

14:02:30.0657 4400 CLFS - ok

14:02:30.0735 4400 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:02:30.0750 4400 clr_optimization_v2.0.50727_32 - ok

14:02:30.0813 4400 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:02:30.0860 4400 clr_optimization_v4.0.30319_32 - ok

14:02:30.0875 4400 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys

14:02:30.0907 4400 CmBatt - ok

14:02:30.0922 4400 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

14:02:30.0954 4400 cmdide - ok

14:02:30.0985 4400 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

14:02:31.0032 4400 CNG - ok

14:02:31.0032 4400 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys

14:02:31.0047 4400 Compbatt - ok

14:02:31.0094 4400 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:02:31.0125 4400 CompositeBus - ok

14:02:31.0141 4400 COMSysApp - ok

14:02:31.0172 4400 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys

14:02:31.0188 4400 crcdisk - ok

14:02:31.0250 4400 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

14:02:31.0282 4400 CryptSvc - ok

14:02:31.0313 4400 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

14:02:31.0360 4400 DcomLaunch - ok

14:02:31.0391 4400 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

14:02:31.0438 4400 defragsvc - ok

14:02:31.0469 4400 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

14:02:31.0516 4400 DfsC - ok

14:02:31.0579 4400 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

14:02:31.0625 4400 Dhcp - ok

14:02:31.0672 4400 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

14:02:31.0719 4400 discache - ok

14:02:31.0750 4400 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys

14:02:31.0766 4400 Disk - ok

14:02:31.0907 4400 DiskDoctorService (7c85cc5570bf718d2b9ad9f53b1b5b55) C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe

14:02:31.0938 4400 DiskDoctorService - ok

14:02:31.0969 4400 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

14:02:32.0000 4400 Dnscache - ok

14:02:32.0032 4400 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

14:02:32.0079 4400 dot3svc - ok

14:02:32.0125 4400 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

14:02:32.0172 4400 Dot4 - ok

14:02:32.0204 4400 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys

14:02:32.0235 4400 Dot4Print - ok

14:02:32.0235 4400 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

14:02:32.0266 4400 dot4usb - ok

14:02:32.0282 4400 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

14:02:32.0329 4400 DPS - ok

14:02:32.0375 4400 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

14:02:32.0391 4400 drmkaud - ok

14:02:32.0454 4400 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

14:02:32.0485 4400 DXGKrnl - ok

14:02:32.0500 4400 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

14:02:32.0547 4400 EapHost - ok

14:02:32.0688 4400 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys

14:02:32.0797 4400 ebdrv - ok

14:02:32.0875 4400 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

14:02:32.0907 4400 eeCtrl - ok

14:02:32.0985 4400 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

14:02:33.0063 4400 EFS - ok

14:02:33.0110 4400 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

14:02:33.0157 4400 ehRecvr - ok

14:02:33.0172 4400 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

14:02:33.0204 4400 ehSched - ok

14:02:33.0266 4400 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys

14:02:33.0297 4400 elxstor - ok

14:02:33.0391 4400 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

14:02:33.0422 4400 EraserUtilRebootDrv - ok

14:02:33.0438 4400 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

14:02:33.0469 4400 ErrDev - ok

14:02:33.0516 4400 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

14:02:33.0563 4400 EventSystem - ok

14:02:33.0594 4400 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

14:02:33.0625 4400 exfat - ok

14:02:33.0657 4400 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

14:02:33.0704 4400 fastfat - ok

14:02:33.0766 4400 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

14:02:33.0844 4400 Fax - ok

14:02:33.0860 4400 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys

14:02:33.0891 4400 fdc - ok

14:02:33.0907 4400 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

14:02:33.0954 4400 fdPHost - ok

14:02:33.0985 4400 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

14:02:34.0016 4400 FDResPub - ok

14:02:34.0047 4400 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

14:02:34.0063 4400 FileInfo - ok

14:02:34.0079 4400 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

14:02:34.0125 4400 Filetrace - ok

14:02:34.0141 4400 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys

14:02:34.0172 4400 flpydisk - ok

14:02:34.0266 4400 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

14:02:34.0282 4400 FltMgr - ok

14:02:34.0407 4400 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

14:02:34.0500 4400 FontCache - ok

14:02:34.0579 4400 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:02:34.0594 4400 FontCache3.0.0.0 - ok

14:02:34.0610 4400 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

14:02:34.0641 4400 FsDepends - ok

14:02:34.0657 4400 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys

14:02:34.0688 4400 Fs_Rec - ok

14:02:34.0735 4400 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

14:02:34.0750 4400 fvevol - ok

14:02:34.0782 4400 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys

14:02:34.0813 4400 gagp30kx - ok

14:02:34.0829 4400 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:02:34.0844 4400 GEARAspiWDM - ok

14:02:34.0875 4400 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

14:02:34.0938 4400 gpsvc - ok

14:02:35.0016 4400 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

14:02:35.0032 4400 gusvc - ok

14:02:35.0047 4400 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

14:02:35.0094 4400 hcw85cir - ok

14:02:35.0157 4400 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

14:02:35.0204 4400 HdAudAddService - ok

14:02:35.0250 4400 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:02:35.0266 4400 HDAudBus - ok

14:02:35.0297 4400 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys

14:02:35.0313 4400 HidBatt - ok

14:02:35.0329 4400 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys

14:02:35.0375 4400 HidBth - ok

14:02:35.0407 4400 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys

14:02:35.0422 4400 HidIr - ok

14:02:35.0454 4400 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll

14:02:35.0500 4400 hidserv - ok

14:02:35.0547 4400 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

14:02:35.0579 4400 HidUsb - ok

14:02:35.0594 4400 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

14:02:35.0625 4400 hkmsvc - ok

14:02:35.0641 4400 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

14:02:35.0704 4400 HomeGroupListener - ok

14:02:35.0719 4400 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

14:02:35.0766 4400 HomeGroupProvider - ok

14:02:35.0860 4400 hpqcxs08 (38d6b51f04def7fb248fa56e4c47407e) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

14:02:35.0875 4400 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

14:02:35.0875 4400 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

14:02:35.0969 4400 hpqddsvc (3ee4a63539ec04ee2d4bd293985087ab) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

14:02:36.0000 4400 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

14:02:36.0000 4400 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

14:02:36.0032 4400 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

14:02:36.0047 4400 HpSAMD - ok

14:02:36.0125 4400 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys

14:02:36.0204 4400 HSF_DPV - ok

14:02:36.0219 4400 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

14:02:36.0266 4400 HSXHWBS2 - ok

14:02:36.0329 4400 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

14:02:36.0360 4400 HTTP - ok

14:02:36.0375 4400 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

14:02:36.0391 4400 hwpolicy - ok

14:02:36.0422 4400 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

14:02:36.0454 4400 i8042prt - ok

14:02:36.0516 4400 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

14:02:36.0547 4400 iaStorV - ok

14:02:36.0641 4400 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

14:02:36.0672 4400 IDriverT ( UnsignedFile.Multi.Generic ) - warning

14:02:36.0672 4400 IDriverT - detected UnsignedFile.Multi.Generic (1)

14:02:36.0782 4400 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:02:36.0829 4400 idsvc - ok

14:02:36.0969 4400 IDSVix86 (f9069ce7a7b9f9ba75d009b0ce3d7601) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120511.001\IDSvix86.sys

14:02:37.0000 4400 IDSVix86 - ok

14:02:37.0079 4400 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys

14:02:37.0110 4400 iirsp - ok

14:02:37.0172 4400 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

14:02:37.0250 4400 IKEEXT - ok

14:02:37.0375 4400 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys

14:02:37.0422 4400 IntcAzAudAddService - ok

14:02:37.0532 4400 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

14:02:37.0563 4400 intelide - ok

14:02:37.0594 4400 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

14:02:37.0625 4400 intelppm - ok

14:02:37.0657 4400 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

14:02:37.0688 4400 IPBusEnum - ok

14:02:37.0704 4400 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:02:37.0750 4400 IpFilterDriver - ok

14:02:37.0797 4400 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

14:02:37.0844 4400 iphlpsvc - ok

14:02:37.0875 4400 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

14:02:37.0891 4400 IPMIDRV - ok

14:02:37.0922 4400 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

14:02:37.0969 4400 IPNAT - ok

14:02:38.0063 4400 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe

14:02:38.0110 4400 iPod Service - ok

14:02:38.0141 4400 iprip (72dd56197db4af4de203efe0d9e5901e) C:\Windows\System32\iprip.dll

14:02:38.0172 4400 iprip - ok

14:02:38.0297 4400 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

14:02:38.0344 4400 IRENUM - ok

14:02:38.0391 4400 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

14:02:38.0422 4400 isapnp - ok

14:02:38.0610 4400 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

14:02:38.0657 4400 iScsiPrt - ok

14:02:38.0766 4400 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:02:38.0797 4400 kbdclass - ok

14:02:38.0907 4400 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

14:02:38.0954 4400 kbdhid - ok

14:02:39.0032 4400 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

14:02:39.0063 4400 KeyIso - ok

14:02:39.0094 4400 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

14:02:39.0125 4400 KSecDD - ok

14:02:39.0157 4400 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

14:02:39.0172 4400 KSecPkg - ok

14:02:39.0219 4400 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

14:02:39.0266 4400 KtmRm - ok

14:02:39.0360 4400 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll

14:02:39.0422 4400 LanmanServer - ok

14:02:39.0454 4400 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

14:02:39.0500 4400 LanmanWorkstation - ok

14:02:39.0547 4400 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

14:02:39.0594 4400 lltdio - ok

14:02:39.0610 4400 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

14:02:39.0657 4400 lltdsvc - ok

14:02:39.0672 4400 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

14:02:39.0719 4400 lmhosts - ok

14:02:39.0750 4400 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys

14:02:39.0782 4400 LSI_FC - ok

14:02:39.0813 4400 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys

14:02:39.0844 4400 LSI_SAS - ok

14:02:39.0860 4400 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys

14:02:39.0875 4400 LSI_SAS2 - ok

14:02:39.0907 4400 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys

14:02:39.0922 4400 LSI_SCSI - ok

14:02:39.0938 4400 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

14:02:40.0000 4400 luafv - ok

14:02:40.0016 4400 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

14:02:40.0032 4400 MBAMProtector - ok

14:02:40.0125 4400 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

14:02:40.0157 4400 MBAMService - ok

14:02:40.0219 4400 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

14:02:40.0313 4400 Mcx2Svc - ok

14:02:40.0360 4400 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

14:02:40.0422 4400 mdmxsdk - ok

14:02:40.0547 4400 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys

14:02:40.0594 4400 megasas - ok

14:02:40.0782 4400 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys

14:02:40.0813 4400 MegaSR - ok

14:02:40.0985 4400 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

14:02:41.0000 4400 Microsoft Office Groove Audit Service - ok

14:02:41.0063 4400 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

14:02:41.0125 4400 MMCSS - ok

14:02:41.0157 4400 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

14:02:41.0219 4400 Modem - ok

14:02:41.0282 4400 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

14:02:41.0313 4400 monitor - ok

14:02:41.0344 4400 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\Windows\system32\Drivers\motoandroid.sys

14:02:41.0438 4400 motandroidusb - ok

14:02:41.0469 4400 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\Windows\system32\DRIVERS\motccgp.sys

14:02:41.0532 4400 motccgp - ok

14:02:41.0563 4400 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys

14:02:41.0610 4400 motccgpfl - ok

14:02:41.0625 4400 motmodem (69814acd50a9d6d28296050ef6215d46) C:\Windows\system32\DRIVERS\motmodem.sys

14:02:41.0704 4400 motmodem - ok

14:02:41.0719 4400 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys

14:02:41.0735 4400 MotoSwitchService - ok

14:02:41.0750 4400 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys

14:02:41.0782 4400 Motousbnet - ok

14:02:41.0813 4400 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

14:02:41.0829 4400 mouclass - ok

14:02:41.0860 4400 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

14:02:41.0891 4400 mouhid - ok

14:02:41.0907 4400 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

14:02:41.0922 4400 mountmgr - ok

14:02:41.0985 4400 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

14:02:42.0032 4400 MozillaMaintenance - ok

14:02:42.0079 4400 mozyprobackup (bfef4138a016fab92f6d255416a9c967) C:\Program Files\MozyPro\mozyprobackup.exe

14:02:42.0094 4400 mozyprobackup - ok

14:02:42.0125 4400 mozyproFilter (7f4e5e7bbae245616c28a53b94dd7ddb) C:\Windows\system32\DRIVERS\mozypro.sys

14:02:42.0141 4400 mozyproFilter - ok

14:02:42.0157 4400 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

14:02:42.0188 4400 mpio - ok

14:02:42.0219 4400 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

14:02:42.0250 4400 mpsdrv - ok

14:02:42.0313 4400 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

14:02:42.0360 4400 MpsSvc - ok

14:02:42.0375 4400 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

14:02:42.0422 4400 MRxDAV - ok

14:02:42.0469 4400 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:02:42.0516 4400 mrxsmb - ok

14:02:42.0532 4400 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:02:42.0563 4400 mrxsmb10 - ok

14:02:42.0579 4400 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:02:42.0610 4400 mrxsmb20 - ok

14:02:42.0625 4400 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

14:02:42.0657 4400 msahci - ok

14:02:42.0672 4400 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

14:02:42.0688 4400 msdsm - ok

14:02:42.0719 4400 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

14:02:42.0750 4400 MSDTC - ok

14:02:42.0782 4400 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

14:02:42.0813 4400 Msfs - ok

14:02:42.0829 4400 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

14:02:42.0875 4400 mshidkmdf - ok

14:02:42.0891 4400 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

14:02:42.0907 4400 msisadrv - ok

14:02:42.0938 4400 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

14:02:43.0000 4400 MSiSCSI - ok

14:02:43.0000 4400 msiserver - ok

14:02:43.0047 4400 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

14:02:43.0094 4400 MSKSSRV - ok

14:02:43.0125 4400 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

14:02:43.0188 4400 MSPCLOCK - ok

14:02:43.0204 4400 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

14:02:43.0235 4400 MSPQM - ok

14:02:43.0266 4400 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

14:02:43.0282 4400 MsRPC - ok

14:02:43.0297 4400 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

14:02:43.0313 4400 mssmbios - ok

14:02:43.0375 4400 MSSQL$MSSMLBIZ - ok

14:02:43.0391 4400 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

14:02:43.0422 4400 MSSQLServerADHelper - ok

14:02:43.0454 4400 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

14:02:43.0485 4400 MSTEE - ok

14:02:43.0516 4400 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys

14:02:43.0547 4400 MTConfig - ok

14:02:43.0563 4400 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

14:02:43.0579 4400 Mup - ok

14:02:43.0625 4400 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe

14:02:43.0657 4400 N360 - ok

14:02:43.0688 4400 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

14:02:43.0735 4400 napagent - ok

14:02:43.0782 4400 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

14:02:43.0829 4400 NativeWifiP - ok

14:02:44.0016 4400 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120513.007\NAVENG.SYS

14:02:44.0032 4400 NAVENG - ok

14:02:44.0125 4400 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120513.007\NAVEX15.SYS

14:02:44.0188 4400 NAVEX15 - ok

14:02:44.0313 4400 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

14:02:44.0360 4400 NDIS - ok

14:02:44.0375 4400 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

14:02:44.0422 4400 NdisCap - ok

14:02:44.0454 4400 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

14:02:44.0516 4400 NdisTapi - ok

14:02:44.0532 4400 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

14:02:44.0579 4400 Ndisuio - ok

14:02:44.0610 4400 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

14:02:44.0657 4400 NdisWan - ok

14:02:44.0657 4400 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

14:02:44.0688 4400 NDProxy - ok

14:02:44.0719 4400 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

14:02:44.0782 4400 NetBIOS - ok

14:02:44.0797 4400 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

14:02:44.0844 4400 NetBT - ok

14:02:44.0860 4400 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

14:02:44.0875 4400 Netlogon - ok

14:02:44.0938 4400 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

14:02:44.0969 4400 Netman - ok

14:02:45.0063 4400 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

14:02:45.0094 4400 NetMsmqActivator - ok

14:02:45.0094 4400 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

14:02:45.0125 4400 NetPipeActivator - ok

14:02:45.0172 4400 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

14:02:45.0235 4400 netprofm - ok

14:02:45.0250 4400 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

14:02:45.0266 4400 NetTcpActivator - ok

14:02:45.0266 4400 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

14:02:45.0282 4400 NetTcpPortSharing - ok

14:02:45.0329 4400 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys

14:02:45.0344 4400 nfrd960 - ok

14:02:45.0375 4400 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

14:02:45.0422 4400 NlaSvc - ok

14:02:45.0438 4400 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

14:02:45.0485 4400 Npfs - ok

14:02:45.0500 4400 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

14:02:45.0547 4400 nsi - ok

14:02:45.0563 4400 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

14:02:45.0610 4400 nsiproxy - ok

14:02:45.0688 4400 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

14:02:45.0750 4400 Ntfs - ok

14:02:45.0844 4400 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

14:02:45.0891 4400 Null - ok

14:02:45.0922 4400 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

14:02:45.0954 4400 nvraid - ok

14:02:45.0985 4400 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

14:02:46.0016 4400 nvstor - ok

14:02:46.0032 4400 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

14:02:46.0047 4400 nv_agp - ok

14:02:46.0125 4400 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

14:02:46.0157 4400 odserv - ok

14:02:46.0235 4400 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

14:02:46.0282 4400 ohci1394 - ok

14:02:46.0329 4400 ose (067db5b067722997fcafe1858163d411) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:02:46.0344 4400 ose - ok

14:02:46.0391 4400 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

14:02:46.0469 4400 p2pimsvc - ok

14:02:46.0516 4400 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

14:02:46.0532 4400 p2psvc - ok

14:02:46.0594 4400 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

14:02:46.0610 4400 Parport - ok

14:02:46.0657 4400 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys

14:02:46.0672 4400 partmgr - ok

14:02:46.0688 4400 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

14:02:46.0719 4400 Parvdm - ok

14:02:46.0750 4400 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

14:02:46.0782 4400 PcaSvc - ok

14:02:46.0797 4400 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

14:02:46.0829 4400 pci - ok

14:02:46.0844 4400 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

14:02:46.0860 4400 pciide - ok

14:02:46.0891 4400 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys

14:02:46.0922 4400 pcmcia - ok

14:02:46.0922 4400 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

14:02:46.0954 4400 pcw - ok

14:02:47.0000 4400 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

14:02:47.0047 4400 PEAUTH - ok

14:02:47.0141 4400 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

14:02:47.0219 4400 pla - ok

14:02:47.0313 4400 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

14:02:47.0375 4400 PlugPlay - ok

14:02:47.0407 4400 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

14:02:47.0438 4400 PNRPAutoReg - ok

14:02:47.0454 4400 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

14:02:47.0485 4400 PNRPsvc - ok

14:02:47.0516 4400 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

14:02:47.0563 4400 PolicyAgent - ok

14:02:47.0594 4400 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

14:02:47.0625 4400 Power - ok

14:02:47.0672 4400 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

14:02:47.0735 4400 PptpMiniport - ok

14:02:47.0750 4400 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys

14:02:47.0766 4400 Processor - ok

14:02:47.0797 4400 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

14:02:47.0829 4400 ProfSvc - ok

14:02:47.0844 4400 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

14:02:47.0875 4400 ProtectedStorage - ok

14:02:47.0907 4400 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

14:02:47.0954 4400 Psched - ok

14:02:48.0016 4400 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\Windows\system32\Drivers\pssdk42.sys

14:02:48.0032 4400 PSSDK42 - ok

14:02:48.0047 4400 PSSDKLBF (0bec7b42f4093400509821c63f13f1d5) C:\Windows\system32\Drivers\pssdklbf.sys

14:02:48.0063 4400 PSSDKLBF - ok

14:02:48.0141 4400 QBCFMonitorService (5fa5863e603426b0b52762492a032dee) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

14:02:48.0188 4400 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning

14:02:48.0188 4400 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)

14:02:48.0266 4400 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

14:02:48.0313 4400 QBFCService ( UnsignedFile.Multi.Generic ) - warning

14:02:48.0313 4400 QBFCService - detected UnsignedFile.Multi.Generic (1)

14:02:48.0407 4400 QBVSS (78afb70dbe365bd6140e6740792ac3ea) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

14:02:48.0469 4400 QBVSS ( UnsignedFile.Multi.Generic ) - warning

14:02:48.0469 4400 QBVSS - detected UnsignedFile.Multi.Generic (1)

14:02:48.0610 4400 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys

14:02:48.0657 4400 ql2300 - ok

14:02:48.0688 4400 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys

14:02:48.0719 4400 ql40xx - ok

14:02:48.0782 4400 QuickBooksDB21 - ok

14:02:48.0813 4400 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

14:02:48.0844 4400 QWAVE - ok

14:02:48.0860 4400 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

14:02:48.0891 4400 QWAVEdrv - ok

14:02:48.0907 4400 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

14:02:48.0954 4400 RasAcd - ok

14:02:49.0000 4400 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:02:49.0032 4400 RasAgileVpn - ok

14:02:49.0063 4400 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

14:02:49.0110 4400 RasAuto - ok

14:02:49.0125 4400 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:02:49.0172 4400 Rasl2tp - ok

14:02:49.0204 4400 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

14:02:49.0266 4400 RasMan - ok

14:02:49.0297 4400 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

14:02:49.0344 4400 RasPppoe - ok

14:02:49.0360 4400 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

14:02:49.0407 4400 RasSstp - ok

14:02:49.0422 4400 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

14:02:49.0485 4400 rdbss - ok

14:02:49.0500 4400 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys

14:02:49.0532 4400 rdpbus - ok

14:02:49.0532 4400 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:02:49.0579 4400 RDPCDD - ok

14:02:49.0594 4400 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

14:02:49.0641 4400 RDPENCDD - ok

14:02:49.0641 4400 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

14:02:49.0688 4400 RDPREFMP - ok

14:02:49.0719 4400 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys

14:02:49.0782 4400 RDPWD - ok

14:02:49.0813 4400 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

14:02:49.0844 4400 rdyboost - ok

14:02:49.0860 4400 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

14:02:49.0907 4400 RemoteAccess - ok

14:02:49.0922 4400 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

14:02:49.0954 4400 RemoteRegistry - ok

14:02:49.0985 4400 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys

14:02:50.0000 4400 Revoflt - ok

14:02:50.0047 4400 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys

14:02:50.0094 4400 RimUsb - ok

14:02:50.0141 4400 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

14:02:50.0204 4400 RimVSerPort - ok

14:02:50.0219 4400 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys

14:02:50.0266 4400 ROOTMODEM - ok

14:02:50.0282 4400 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

14:02:50.0329 4400 RpcEptMapper - ok

14:02:50.0375 4400 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

14:02:50.0407 4400 RpcLocator - ok

14:02:50.0563 4400 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

14:02:50.0610 4400 RpcSs - ok

14:02:50.0641 4400 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

14:02:50.0704 4400 rspndr - ok

14:02:50.0813 4400 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys

14:02:50.0891 4400 RTL8023xp - ok

14:02:50.0907 4400 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

14:02:50.0922 4400 SamSs - ok

14:02:50.0969 4400 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

14:02:50.0985 4400 sbp2port - ok

14:02:51.0016 4400 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

14:02:51.0079 4400 SCardSvr - ok

14:02:51.0094 4400 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

14:02:51.0141 4400 scfilter - ok

14:02:51.0172 4400 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

14:02:51.0235 4400 Schedule - ok

14:02:51.0250 4400 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

14:02:51.0282 4400 SCPolicySvc - ok

14:02:51.0329 4400 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

14:02:51.0407 4400 SDRSVC - ok

14:02:51.0438 4400 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:02:51.0485 4400 secdrv - ok

14:02:51.0500 4400 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

14:02:51.0563 4400 seclogon - ok

14:02:51.0594 4400 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll

14:02:51.0641 4400 SENS - ok

14:02:51.0672 4400 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

14:02:51.0750 4400 SensrSvc - ok

14:02:51.0797 4400 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

14:02:51.0813 4400 Serenum - ok

14:02:51.0829 4400 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

14:02:51.0844 4400 Serial - ok

14:02:51.0860 4400 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys

14:02:51.0891 4400 sermouse - ok

14:02:51.0922 4400 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

14:02:51.0969 4400 SessionEnv - ok

14:02:51.0985 4400 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

14:02:52.0016 4400 sffdisk - ok

14:02:52.0047 4400 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

14:02:52.0063 4400 sffp_mmc - ok

14:02:52.0079 4400 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

14:02:52.0110 4400 sffp_sd - ok

14:02:52.0125 4400 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys

14:02:52.0141 4400 sfloppy - ok

14:02:52.0172 4400 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

14:02:52.0235 4400 SharedAccess - ok

14:02:52.0282 4400 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

14:02:52.0313 4400 ShellHWDetection - ok

14:02:52.0329 4400 simptcp (f5aaa8cdda25b6387af590d676d25bad) C:\Windows\System32\tcpsvcs.exe

14:02:52.0360 4400 simptcp - ok

14:02:52.0375 4400 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

14:02:52.0391 4400 sisagp - ok

14:02:52.0438 4400 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys

14:02:52.0469 4400 SiSRaid2 - ok

14:02:52.0485 4400 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys

14:02:52.0500 4400 SiSRaid4 - ok

14:02:52.0563 4400 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe

14:02:52.0579 4400 SkypeUpdate - ok

14:02:52.0625 4400 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

14:02:52.0657 4400 Smb - ok

14:02:52.0688 4400 SNMP (8f5171c837e64ff0ac48f0a29dd9e180) C:\Windows\System32\snmp.exe

14:02:52.0766 4400 SNMP - ok

14:02:52.0813 4400 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

14:02:52.0829 4400 SNMPTRAP - ok

14:02:52.0954 4400 SpeedDiskService (a8493e43f9d4b22bbed2d424d03ed273) C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe

14:02:53.0000 4400 SpeedDiskService - ok

14:02:53.0032 4400 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

14:02:53.0047 4400 spldr - ok

14:02:53.0094 4400 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

14:02:53.0157 4400 Spooler - ok

14:02:53.0485 4400 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

14:02:53.0579 4400 sppsvc - ok

14:02:53.0688 4400 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

14:02:53.0719 4400 sppuinotify - ok

14:02:53.0782 4400 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

14:02:53.0797 4400 SQLBrowser - ok

14:02:53.0829 4400 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

14:02:53.0844 4400 SQLWriter - ok

14:02:53.0954 4400 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\N360\0602000.009\SRTSP.SYS

14:02:53.0985 4400 SRTSP - ok

14:02:54.0000 4400 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602000.009\SRTSPX.SYS

14:02:54.0016 4400 SRTSPX - ok

14:02:54.0047 4400 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

14:02:54.0110 4400 srv - ok

14:02:54.0141 4400 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

14:02:54.0204 4400 srv2 - ok

14:02:54.0235 4400 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

14:02:54.0282 4400 srvnet - ok

14:02:54.0313 4400 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

14:02:54.0360 4400 SSDPSRV - ok

14:02:54.0422 4400 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

14:02:54.0485 4400 SstpSvc - ok

14:02:54.0516 4400 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys

14:02:54.0532 4400 stexstor - ok

14:02:54.0594 4400 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

14:02:54.0641 4400 StiSvc - ok

14:02:54.0657 4400 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

14:02:54.0672 4400 swenum - ok

14:02:54.0719 4400 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

14:02:54.0766 4400 swprv - ok

14:02:54.0891 4400 Symantec RemoteAssist (267c914667c94e5f47d342311c1c577f) C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

14:02:54.0922 4400 Symantec RemoteAssist - ok

14:02:55.0000 4400 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602000.009\SYMDS.SYS

14:02:55.0032 4400 SymDS - ok

14:02:55.0079 4400 SymDSMon (4c155fa65cbf81513e4b9d088737e9cf) C:\Windows\system32\drivers\SymDSMon.sys

14:02:55.0094 4400 SymDSMon - ok

14:02:55.0141 4400 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602000.009\SYMEFA.SYS

14:02:55.0172 4400 SymEFA - ok

14:02:55.0219 4400 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS

14:02:55.0235 4400 SymEvent - ok

14:02:55.0282 4400 SymIM (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys

14:02:55.0313 4400 SymIM - ok

14:02:55.0344 4400 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602000.009\Ironx86.SYS

14:02:55.0375 4400 SymIRON - ok

14:02:55.0422 4400 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\N360\0602000.009\SYMNETS.SYS

14:02:55.0454 4400 SymNetS - ok

14:02:55.0485 4400 SYMSpeedDisk (e9983667331d463f1e5b34f9170a9ae0) C:\Windows\system32\drivers\SymSpeedDisk.sys

14:02:55.0500 4400 SYMSpeedDisk - ok

14:02:55.0563 4400 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

14:02:55.0610 4400 SysMain - ok

14:02:55.0625 4400 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

14:02:55.0657 4400 TabletInputService - ok

14:02:55.0688 4400 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

14:02:55.0735 4400 TapiSrv - ok

14:02:55.0766 4400 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

14:02:55.0813 4400 TBS - ok

14:02:55.0891 4400 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys

14:02:55.0938 4400 Tcpip - ok

14:02:56.0079 4400 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys

14:02:56.0125 4400 TCPIP6 - ok

14:02:56.0172 4400 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

14:02:56.0204 4400 tcpipreg - ok

14:02:56.0235 4400 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

14:02:56.0250 4400 TDPIPE - ok

14:02:56.0282 4400 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

14:02:56.0313 4400 TDTCP - ok

14:02:56.0329 4400 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

14:02:56.0375 4400 tdx - ok

14:02:56.0391 4400 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys

14:02:56.0407 4400 TermDD - ok

14:02:56.0454 4400 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

14:02:56.0500 4400 TermService - ok

14:02:56.0516 4400 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

14:02:56.0547 4400 Themes - ok

14:02:56.0579 4400 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

14:02:56.0625 4400 THREADORDER - ok

14:02:56.0641 4400 TlntSvr (ce92b84ed806f1c5c340a51dfd3e49bc) C:\Windows\System32\tlntsvr.exe

14:02:56.0704 4400 TlntSvr - ok

14:02:56.0735 4400 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

14:02:56.0782 4400 TrkWks - ok

14:02:56.0797 4400 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys

14:02:56.0844 4400 truecrypt - ok

14:02:56.0891 4400 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

14:02:56.0938 4400 TrustedInstaller - ok

14:02:56.0969 4400 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:02:57.0016 4400 tssecsrv - ok

14:02:57.0016 4400 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

14:02:57.0094 4400 TsUsbFlt - ok

14:02:57.0094 4400 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys

14:02:57.0141 4400 TsUsbGD - ok

14:02:57.0266 4400 TuneUp.UtilitiesSvc (86cd728fb5f6a409112662e1596d987b) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

14:02:57.0329 4400 TuneUp.UtilitiesSvc - ok

14:02:57.0329 4400 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys

14:02:57.0360 4400 TuneUpUtilitiesDrv - ok

14:02:57.0469 4400 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

14:02:57.0500 4400 tunnel - ok

14:02:57.0579 4400 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files\TightVNC\tvnserver.exe

14:02:57.0625 4400 tvnserver - ok

14:02:57.0625 4400 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys

14:02:57.0641 4400 uagp35 - ok

14:02:57.0672 4400 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

14:02:57.0704 4400 udfs - ok

14:02:57.0750 4400 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

14:02:57.0782 4400 UI0Detect - ok

14:02:57.0829 4400 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

14:02:57.0844 4400 uliagpkx - ok

14:02:57.0875 4400 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

14:02:57.0922 4400 umbus - ok

14:02:57.0938 4400 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys

14:02:57.0954 4400 UmPass - ok

14:02:58.0000 4400 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

14:02:58.0047 4400 upnphost - ok

14:02:58.0094 4400 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

14:02:58.0141 4400 usbccgp - ok

14:02:58.0157 4400 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

14:02:58.0219 4400 usbcir - ok

14:02:58.0250 4400 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys

14:02:58.0282 4400 usbehci - ok

14:02:58.0313 4400 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

14:02:58.0375 4400 usbhub - ok

14:02:58.0391 4400 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

14:02:58.0454 4400 usbohci - ok

14:02:58.0469 4400 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

14:02:58.0500 4400 usbprint - ok

14:02:58.0532 4400 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

14:02:58.0563 4400 usbscan - ok

14:02:58.0594 4400 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:02:58.0672 4400 USBSTOR - ok

14:02:58.0688 4400 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys

14:02:58.0704 4400 usbuhci - ok

14:02:58.0735 4400 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

14:02:58.0766 4400 UxSms - ok

14:02:58.0797 4400 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

14:02:58.0813 4400 VaultSvc - ok

14:02:58.0860 4400 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

14:02:58.0875 4400 vdrvroot - ok

14:02:58.0907 4400 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

14:02:58.0954 4400 vds - ok

14:02:58.0985 4400 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

14:02:59.0000 4400 vga - ok

14:02:59.0016 4400 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

14:02:59.0047 4400 VgaSave - ok

14:02:59.0063 4400 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

14:02:59.0094 4400 vhdmp - ok

14:02:59.0125 4400 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

14:02:59.0141 4400 viaagp - ok

14:02:59.0172 4400 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys

14:02:59.0204 4400 ViaC7 - ok

14:02:59.0235 4400 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

14:02:59.0250 4400 viaide - ok

14:02:59.0266 4400 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

14:02:59.0282 4400 volmgr - ok

14:02:59.0313 4400 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

14:02:59.0344 4400 volmgrx - ok

14:02:59.0360 4400 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

14:02:59.0375 4400 volsnap - ok

14:02:59.0422 4400 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys

14:02:59.0438 4400 vsmraid - ok

14:02:59.0500 4400 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

14:02:59.0563 4400 VSS - ok

14:02:59.0579 4400 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

14:02:59.0625 4400 vwifibus - ok

14:02:59.0641 4400 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

14:02:59.0688 4400 W32Time - ok

14:02:59.0735 4400 W3SVC (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll

14:02:59.0766 4400 W3SVC - ok

14:02:59.0782 4400 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys

14:02:59.0813 4400 WacomPen - ok

14:02:59.0844 4400 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

14:02:59.0891 4400 WANARP - ok

14:02:59.0907 4400 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

14:02:59.0938 4400 Wanarpv6 - ok

14:02:59.0954 4400 WAS (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll

14:02:59.0969 4400 WAS - ok

14:03:00.0110 4400 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

14:03:00.0172 4400 WatAdminSvc - ok

14:03:00.0297 4400 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

14:03:00.0375 4400 wbengine - ok

14:03:00.0391 4400 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

14:03:00.0438 4400 WbioSrvc - ok

14:03:00.0469 4400 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

14:03:00.0500 4400 wcncsvc - ok

14:03:00.0532 4400 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

14:03:00.0579 4400 WcsPlugInService - ok

14:03:00.0625 4400 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys

14:03:00.0641 4400 Wd - ok

14:03:00.0672 4400 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

14:03:00.0704 4400 Wdf01000 - ok

14:03:00.0719 4400 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

14:03:00.0797 4400 WdiServiceHost - ok

14:03:00.0797 4400 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

14:03:00.0829 4400 WdiSystemHost - ok

14:03:00.0860 4400 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

14:03:00.0891 4400 WebClient - ok

14:03:00.0922 4400 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

14:03:00.0954 4400 Wecsvc - ok

14:03:00.0969 4400 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

14:03:01.0016 4400 wercplsupport - ok

14:03:01.0047 4400 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

14:03:01.0094 4400 WerSvc - ok

14:03:01.0125 4400 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

14:03:01.0172 4400 WfpLwf - ok

14:03:01.0188 4400 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

14:03:01.0219 4400 WIMMount - ok

14:03:01.0250 4400 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

14:03:01.0313 4400 winachsf - ok

14:03:01.0391 4400 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

14:03:01.0454 4400 WinDefend - ok

14:03:01.0469 4400 WinHttpAutoProxySvc - ok

14:03:01.0610 4400 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

14:03:01.0641 4400 Winmgmt - ok

14:03:01.0719 4400 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

14:03:01.0782 4400 WinRM - ok

14:03:01.0844 4400 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

14:03:01.0875 4400 WinUsb - ok

14:03:01.0922 4400 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

14:03:01.0969 4400 Wlansvc - ok

14:03:02.0094 4400 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:03:02.0157 4400 wlidsvc - ok

14:03:02.0250 4400 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

14:03:02.0282 4400 WmiAcpi - ok

14:03:02.0329 4400 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

14:03:02.0360 4400 wmiApSrv - ok

14:03:02.0469 4400 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

14:03:02.0532 4400 WMPNetworkSvc - ok

14:03:02.0641 4400 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

14:03:02.0704 4400 WPCSvc - ok

14:03:02.0719 4400 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

14:03:02.0750 4400 WPDBusEnum - ok

14:03:02.0797 4400 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

14:03:02.0844 4400 ws2ifsl - ok

14:03:02.0875 4400 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys

14:03:02.0891 4400 WsAudio_DeviceS(1) - ok

14:03:02.0907 4400 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys

14:03:02.0922 4400 WsAudio_DeviceS(2) - ok

14:03:02.0938 4400 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys

14:03:02.0954 4400 WsAudio_DeviceS(3) - ok

14:03:02.0969 4400 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys

14:03:03.0000 4400 WsAudio_DeviceS(4) - ok

14:03:03.0016 4400 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys

14:03:03.0032 4400 WsAudio_DeviceS(5) - ok

14:03:03.0094 4400 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll

14:03:03.0125 4400 wscsvc - ok

14:03:03.0125 4400 WSearch - ok

14:03:03.0219 4400 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll

14:03:03.0297 4400 wuauserv - ok

14:03:03.0391 4400 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

14:03:03.0422 4400 WudfPf - ok

14:03:03.0469 4400 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:03:03.0516 4400 WUDFRd - ok

14:03:03.0547 4400 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

14:03:03.0610 4400 wudfsvc - ok

14:03:03.0625 4400 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

14:03:03.0657 4400 WwanSvc - ok

14:03:03.0750 4400 WysePocketCloud (7868f4758712393cb08a82917a8a9927) C:\Program Files\Wyse\PocketCloud Windows Companion\PocketCloudService.exe

14:03:03.0782 4400 WysePocketCloud - ok

14:03:03.0797 4400 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys

14:03:03.0829 4400 XAudio - ok

14:03:03.0844 4400 XAudioService (96db5621857e1fddd1aa60733748bf17) C:\Windows\system32\DRIVERS\xaudio.exe

14:03:03.0875 4400 XAudioService - ok

14:03:03.0922 4400 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:03:04.0016 4400 \Device\Harddisk0\DR0 - ok

14:03:04.0016 4400 Boot (0x1200) (42453c69628f84743c244c56ca58f1c3) \Device\Harddisk0\DR0\Partition0

14:03:04.0016 4400 \Device\Harddisk0\DR0\Partition0 - ok

14:03:04.0032 4400 Boot (0x1200) (14dde3687721ef310b1fe392a2aa3644) \Device\Harddisk0\DR0\Partition1

14:03:04.0032 4400 \Device\Harddisk0\DR0\Partition1 - ok

14:03:04.0032 4400 ============================================================

14:03:04.0032 4400 Scan finished

14:03:04.0032 4400 ============================================================

14:03:04.0047 4172 Detected object count: 6

14:03:04.0047 4172 Actual detected object count: 6

14:03:10.0547 4172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

14:03:10.0547 4172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:03:10.0547 4172 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

14:03:10.0547 4172 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:03:10.0547 4172 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

14:03:10.0547 4172 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:03:10.0563 4172 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user

14:03:10.0563 4172 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:03:10.0563 4172 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user

14:03:10.0563 4172 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:03:10.0563 4172 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user

14:03:10.0563 4172 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip

MrCharlie · May 14, 2012

That's clean.

Can you post the log from ComboFix.

Then delete your copy of ComboFix and download and run a fresh one as outlined in the link below:

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

LenardFleming · May 14, 2012

File was too long to post. Zipped it and attached:

ComboFix.zip

LenardFleming · May 14, 2012

Well something seems to be working...not sure which step did it, probably a bit of all. The alerts have stopped comming in a mad rush...haven't noticed any in some time now, since we began this process....Will re-run ComboFix and post log file here ASAP. Thanks again.

LenardFleming · May 14, 2012

Second ComboFix.txt File:

ComboFix (2).zip

MrCharlie · May 14, 2012

Everything looks OK, you know you can't stop "incoming", sounds like MB is doing its job here.

MrC

LenardFleming · May 14, 2012

Alrighty then, thanks once more for the help! BTW, just because I'm not to swift on all of this, what do you think it was? The alerts kept saying that MWB had "Blocked Access to a [potentialy] malicious website - as if my machine wass placing the call, and meantioned "TCPSVCS.EXE" along with the IP address. I'd just like to know what to look for in the future.

MrCharlie · May 14, 2012

OK, open up MB and click on the "logs" tab, open up the latest protection log, copy and paste it back here, MrC

MrCharlie · May 17, 2012

How are we doing??

Do you still need help or can I close this post??

MrC

LDTate · May 18, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Malwarebytes has blocked access to maliscious website....TCPSVCS.EXE

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information