son's computer is infected ran dds and need help to figure out problem

[kmars100]

Hi there,

Yesterday my son's friend went to a site and now constant talking of ads on his lap top. I downloaded the malware software and it found 19 problems. I removed them but now we have constant pop up of Malwarebytes successfully blocked access to a potentially malicious site. I followed your instruction and downloaded the dds software and have the logs. Can someone help me clean up his laptop?

Thanks

Kim

attach.txt

dds.txt

[Larusso]

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  
• Perform everything in the correct order. Sometimes one step requires the previous one.
  
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  
• I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

• Execute TDSSKiller.exe by doubleclicking on it.
• Press Start Scan
  
• If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  
• Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
  

Please post the contents of that log in your next reply.

Please post the most recent Malwarebytes Logfile

Launch Malwarebytes --> Logs --> click on the last Logfile. A notepad Window will appear. Copy/Paste its content here in your topic.

[kmars100]

13:59:33.0806 5896 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

13:59:34.0436 5896 ============================================================

13:59:34.0436 5896 Current date / time: 2013/05/25 13:59:34.0436

13:59:34.0436 5896 SystemInfo:

13:59:34.0436 5896

13:59:34.0436 5896 OS Version: 6.1.7601 ServicePack: 1.0

13:59:34.0436 5896 Product type: Workstation

13:59:34.0436 5896 ComputerName: MASON-PC

13:59:34.0436 5896 UserName: mason

13:59:34.0436 5896 Windows directory: C:\Windows

13:59:34.0436 5896 System windows directory: C:\Windows

13:59:34.0436 5896 Running under WOW64

13:59:34.0436 5896 Processor architecture: Intel x64

13:59:34.0436 5896 Number of processors: 2

13:59:34.0436 5896 Page size: 0x1000

13:59:34.0436 5896 Boot type: Normal boot

13:59:34.0436 5896 ============================================================

13:59:35.0166 5896 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:59:35.0176 5896 ============================================================

13:59:35.0176 5896 \Device\Harddisk0\DR0:

13:59:35.0176 5896 MBR partitions:

13:59:35.0176 5896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000

13:59:35.0176 5896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69C800, BlocksNum 0x1FCE9000

13:59:35.0176 5896 ============================================================

13:59:35.0216 5896 C: <-> \Device\Harddisk0\DR0\Partition1

13:59:35.0256 5896 D: <-> \Device\Harddisk0\DR0\Partition2

13:59:35.0256 5896 ============================================================

13:59:35.0256 5896 Initialize success

13:59:35.0256 5896 ============================================================

13:59:38.0036 4996 ============================================================

13:59:38.0036 4996 Scan started

13:59:38.0036 4996 Mode: Manual;

13:59:38.0036 4996 ============================================================

13:59:38.0758 4996 ================ Scan system memory ========================

13:59:38.0758 4996 System memory - ok

13:59:38.0758 4996 ================ Scan services =============================

13:59:39.0058 4996 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

13:59:39.0068 4996 1394ohci - ok

13:59:39.0138 4996 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

13:59:39.0148 4996 ACPI - ok

13:59:39.0178 4996 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

13:59:39.0178 4996 AcpiPmi - ok

13:59:39.0358 4996 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

13:59:39.0368 4996 AdobeFlashPlayerUpdateSvc - ok

13:59:39.0438 4996 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

13:59:39.0448 4996 adp94xx - ok

13:59:39.0478 4996 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

13:59:39.0478 4996 adpahci - ok

13:59:39.0528 4996 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

13:59:39.0528 4996 adpu320 - ok

13:59:39.0548 4996 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

13:59:39.0558 4996 AeLookupSvc - ok

13:59:39.0588 4996 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe

13:59:39.0588 4996 AFBAgent - ok

13:59:39.0678 4996 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

13:59:39.0718 4996 AFD - ok

13:59:39.0768 4996 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

13:59:39.0768 4996 agp440 - ok

13:59:39.0788 4996 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

13:59:39.0798 4996 ALG - ok

13:59:39.0848 4996 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

13:59:39.0848 4996 aliide - ok

13:59:39.0878 4996 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

13:59:39.0878 4996 amdide - ok

13:59:39.0888 4996 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

13:59:39.0898 4996 AmdK8 - ok

13:59:39.0908 4996 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

13:59:39.0908 4996 AmdPPM - ok

13:59:39.0938 4996 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

13:59:39.0938 4996 amdsata - ok

13:59:39.0968 4996 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

13:59:39.0968 4996 amdsbs - ok

13:59:39.0978 4996 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

13:59:39.0988 4996 amdxata - ok

13:59:40.0008 4996 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

13:59:40.0008 4996 AppID - ok

13:59:40.0038 4996 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

13:59:40.0038 4996 AppIDSvc - ok

13:59:40.0078 4996 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

13:59:40.0078 4996 Appinfo - ok

13:59:40.0108 4996 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

13:59:40.0108 4996 arc - ok

13:59:40.0118 4996 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

13:59:40.0118 4996 arcsas - ok

13:59:40.0198 4996 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

13:59:40.0208 4996 ASLDRService - ok

13:59:40.0248 4996 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

13:59:40.0248 4996 ASMMAP64 - ok

13:59:40.0288 4996 [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys

13:59:40.0288 4996 asmthub3 - ok

13:59:40.0308 4996 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys

13:59:40.0318 4996 asmtxhci - ok

13:59:40.0338 4996 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

13:59:40.0338 4996 AsyncMac - ok

13:59:40.0368 4996 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

13:59:40.0368 4996 atapi - ok

13:59:40.0428 4996 [ DE9FB3DADE8FD39AE2C587DF22D36B8E ] athr C:\Windows\system32\DRIVERS\athrx.sys

13:59:40.0468 4996 athr - ok

13:59:40.0478 4996 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

13:59:40.0478 4996 ATKGFNEXSrv - ok

13:59:40.0528 4996 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

13:59:40.0528 4996 ATKWMIACPIIO - ok

13:59:40.0568 4996 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

13:59:40.0578 4996 AudioEndpointBuilder - ok

13:59:40.0598 4996 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

13:59:40.0598 4996 AudioSrv - ok

13:59:40.0628 4996 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

13:59:40.0628 4996 AxInstSV - ok

13:59:40.0668 4996 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

13:59:40.0668 4996 b06bdrv - ok

13:59:40.0708 4996 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

13:59:40.0708 4996 b57nd60a - ok

13:59:40.0798 4996 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe

13:59:40.0798 4996 BBSvc - ok

13:59:40.0838 4996 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

13:59:40.0838 4996 BBUpdate - ok

13:59:40.0858 4996 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

13:59:40.0868 4996 BDESVC - ok

13:59:40.0898 4996 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

13:59:40.0908 4996 Beep - ok

13:59:40.0948 4996 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

13:59:40.0958 4996 BFE - ok

13:59:41.0138 4996 [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130515.001\BHDrvx64.sys

13:59:41.0158 4996 BHDrvx64 - ok

13:59:41.0198 4996 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

13:59:41.0218 4996 BITS - ok

13:59:41.0248 4996 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

13:59:41.0248 4996 blbdrive - ok

13:59:41.0278 4996 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

13:59:41.0278 4996 bowser - ok

13:59:41.0308 4996 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

13:59:41.0308 4996 BrFiltLo - ok

13:59:41.0318 4996 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

13:59:41.0318 4996 BrFiltUp - ok

13:59:41.0348 4996 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

13:59:41.0348 4996 Browser - ok

13:59:41.0368 4996 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

13:59:41.0378 4996 Brserid - ok

13:59:41.0378 4996 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

13:59:41.0378 4996 BrSerWdm - ok

13:59:41.0408 4996 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

13:59:41.0408 4996 BrUsbMdm - ok

13:59:41.0408 4996 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

13:59:41.0408 4996 BrUsbSer - ok

13:59:41.0448 4996 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

13:59:41.0448 4996 BthEnum - ok

13:59:41.0488 4996 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

13:59:41.0488 4996 BTHMODEM - ok

13:59:41.0498 4996 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

13:59:41.0508 4996 BthPan - ok

13:59:41.0548 4996 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

13:59:41.0568 4996 BTHPORT - ok

13:59:41.0598 4996 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

13:59:41.0608 4996 bthserv - ok

13:59:41.0618 4996 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

13:59:41.0618 4996 BTHUSB - ok

13:59:41.0678 4996 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys

13:59:41.0688 4996 ccSet_NIS - ok

13:59:41.0718 4996 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

13:59:41.0718 4996 cdfs - ok

13:59:41.0738 4996 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

13:59:41.0738 4996 cdrom - ok

13:59:41.0768 4996 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

13:59:41.0778 4996 CertPropSvc - ok

13:59:41.0798 4996 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

13:59:41.0808 4996 circlass - ok

13:59:41.0828 4996 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

13:59:41.0828 4996 CLFS - ok

13:59:41.0908 4996 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:59:41.0908 4996 clr_optimization_v2.0.50727_32 - ok

13:59:41.0958 4996 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:59:41.0958 4996 clr_optimization_v2.0.50727_64 - ok

13:59:42.0028 4996 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:59:42.0028 4996 clr_optimization_v4.0.30319_32 - ok

13:59:42.0078 4996 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:59:42.0078 4996 clr_optimization_v4.0.30319_64 - ok

13:59:42.0108 4996 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

13:59:42.0108 4996 CmBatt - ok

13:59:42.0118 4996 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

13:59:42.0128 4996 cmdide - ok

13:59:42.0158 4996 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

13:59:42.0168 4996 CNG - ok

13:59:42.0208 4996 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

13:59:42.0208 4996 Compbatt - ok

13:59:42.0228 4996 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

13:59:42.0238 4996 CompositeBus - ok

13:59:42.0248 4996 COMSysApp - ok

13:59:42.0268 4996 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

13:59:42.0278 4996 crcdisk - ok

13:59:42.0318 4996 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

13:59:42.0328 4996 CryptSvc - ok

13:59:42.0418 4996 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

13:59:42.0438 4996 cvhsvc - ok

13:59:42.0478 4996 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

13:59:42.0498 4996 DcomLaunch - ok

13:59:42.0538 4996 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

13:59:42.0538 4996 defragsvc - ok

13:59:42.0558 4996 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

13:59:42.0558 4996 DfsC - ok

13:59:42.0608 4996 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

13:59:42.0608 4996 Dhcp - ok

13:59:42.0618 4996 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

13:59:42.0618 4996 discache - ok

13:59:42.0658 4996 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

13:59:42.0658 4996 Disk - ok

13:59:42.0688 4996 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

13:59:42.0698 4996 Dnscache - ok

13:59:42.0728 4996 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

13:59:42.0738 4996 dot3svc - ok

13:59:42.0758 4996 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

13:59:42.0758 4996 DPS - ok

13:59:42.0778 4996 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

13:59:42.0778 4996 drmkaud - ok

13:59:43.0018 4996 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

13:59:43.0038 4996 DXGKrnl - ok

13:59:43.0068 4996 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

13:59:43.0078 4996 EapHost - ok

13:59:43.0168 4996 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

13:59:43.0238 4996 ebdrv - ok

13:59:43.0288 4996 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

13:59:43.0298 4996 eeCtrl - ok

13:59:43.0318 4996 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

13:59:43.0318 4996 EFS - ok

13:59:43.0368 4996 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

13:59:43.0378 4996 ehRecvr - ok

13:59:43.0388 4996 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

13:59:43.0388 4996 ehSched - ok

13:59:43.0468 4996 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

13:59:43.0478 4996 elxstor - ok

13:59:43.0538 4996 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

13:59:43.0538 4996 EraserUtilRebootDrv - ok

13:59:43.0558 4996 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

13:59:43.0558 4996 ErrDev - ok

13:59:43.0608 4996 [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys

13:59:43.0608 4996 ETD - ok

13:59:43.0638 4996 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

13:59:43.0648 4996 EventSystem - ok

13:59:43.0668 4996 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

13:59:43.0678 4996 exfat - ok

13:59:43.0708 4996 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

13:59:43.0708 4996 fastfat - ok

13:59:43.0748 4996 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

13:59:43.0758 4996 Fax - ok

13:59:43.0768 4996 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

13:59:43.0778 4996 fdc - ok

13:59:43.0808 4996 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

13:59:43.0808 4996 fdPHost - ok

13:59:43.0828 4996 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

13:59:43.0828 4996 FDResPub - ok

13:59:43.0868 4996 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

13:59:43.0868 4996 FileInfo - ok

13:59:43.0878 4996 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

13:59:43.0878 4996 Filetrace - ok

13:59:43.0898 4996 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

13:59:43.0898 4996 flpydisk - ok

13:59:43.0928 4996 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

13:59:43.0938 4996 FltMgr - ok

13:59:43.0978 4996 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

13:59:43.0998 4996 FontCache - ok

13:59:44.0038 4996 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:59:44.0038 4996 FontCache3.0.0.0 - ok

13:59:44.0048 4996 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

13:59:44.0058 4996 FsDepends - ok

13:59:44.0088 4996 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

13:59:44.0088 4996 fssfltr - ok

13:59:44.0198 4996 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

13:59:44.0218 4996 fsssvc - ok

13:59:44.0238 4996 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

13:59:44.0238 4996 Fs_Rec - ok

13:59:44.0268 4996 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

13:59:44.0268 4996 fvevol - ok

13:59:44.0298 4996 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

13:59:44.0308 4996 gagp30kx - ok

13:59:44.0348 4996 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

13:59:44.0358 4996 gpsvc - ok

13:59:44.0388 4996 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

13:59:44.0388 4996 hamachi - ok

13:59:44.0518 4996 [ DBCF8F2EA9111510B5B86E1EE9CD8816 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

13:59:44.0558 4996 Hamachi2Svc - ok

13:59:44.0588 4996 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

13:59:44.0588 4996 hcw85cir - ok

13:59:44.0628 4996 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

13:59:44.0628 4996 HdAudAddService - ok

13:59:44.0678 4996 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

13:59:44.0688 4996 HDAudBus - ok

13:59:44.0698 4996 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

13:59:44.0698 4996 HidBatt - ok

13:59:44.0718 4996 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

13:59:44.0728 4996 HidBth - ok

13:59:44.0728 4996 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

13:59:44.0728 4996 HidIr - ok

13:59:44.0758 4996 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

13:59:44.0758 4996 hidserv - ok

13:59:44.0798 4996 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

13:59:44.0798 4996 HidUsb - ok

13:59:44.0828 4996 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

13:59:44.0838 4996 hkmsvc - ok

13:59:44.0848 4996 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

13:59:44.0858 4996 HomeGroupListener - ok

13:59:44.0878 4996 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

13:59:44.0878 4996 HomeGroupProvider - ok

13:59:44.0908 4996 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

13:59:44.0908 4996 HpSAMD - ok

13:59:44.0938 4996 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

13:59:44.0948 4996 HTTP - ok

13:59:44.0968 4996 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

13:59:44.0968 4996 hwpolicy - ok

13:59:44.0988 4996 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

13:59:44.0998 4996 i8042prt - ok

13:59:45.0018 4996 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

13:59:45.0018 4996 iaStor - ok

13:59:45.0048 4996 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

13:59:45.0058 4996 iaStorV - ok

13:59:45.0108 4996 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:59:45.0118 4996 idsvc - ok

13:59:45.0218 4996 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130523.001\IDSvia64.sys

13:59:45.0228 4996 IDSVia64 - ok

13:59:45.0498 4996 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

13:59:45.0718 4996 igfx - ok

13:59:45.0758 4996 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

13:59:45.0758 4996 iirsp - ok

13:59:45.0808 4996 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

13:59:45.0828 4996 IKEEXT - ok

13:59:45.0918 4996 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

13:59:45.0948 4996 IntcAzAudAddService - ok

13:59:45.0998 4996 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

13:59:45.0998 4996 IntcDAud - ok

13:59:46.0028 4996 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

13:59:46.0028 4996 intelide - ok

13:59:46.0058 4996 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

13:59:46.0058 4996 intelppm - ok

13:59:46.0088 4996 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

13:59:46.0088 4996 IPBusEnum - ok

13:59:46.0118 4996 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:59:46.0118 4996 IpFilterDriver - ok

13:59:46.0148 4996 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

13:59:46.0158 4996 iphlpsvc - ok

13:59:46.0158 4996 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

13:59:46.0158 4996 IPMIDRV - ok

13:59:46.0168 4996 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

13:59:46.0168 4996 IPNAT - ok

13:59:46.0198 4996 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

13:59:46.0198 4996 IRENUM - ok

13:59:46.0228 4996 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

13:59:46.0228 4996 isapnp - ok

13:59:46.0248 4996 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

13:59:46.0248 4996 iScsiPrt - ok

13:59:46.0278 4996 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

13:59:46.0278 4996 kbdclass - ok

13:59:46.0308 4996 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

13:59:46.0318 4996 kbdhid - ok

13:59:46.0348 4996 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys

13:59:46.0348 4996 kbfiltr - ok

13:59:46.0358 4996 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

13:59:46.0358 4996 KeyIso - ok

13:59:46.0388 4996 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

13:59:46.0388 4996 KSecDD - ok

13:59:46.0408 4996 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

13:59:46.0408 4996 KSecPkg - ok

13:59:46.0448 4996 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

13:59:46.0448 4996 ksthunk - ok

13:59:46.0478 4996 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

13:59:46.0488 4996 KtmRm - ok

13:59:46.0528 4996 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

13:59:46.0528 4996 L1C - ok

13:59:46.0568 4996 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

13:59:46.0578 4996 LanmanServer - ok

13:59:46.0608 4996 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

13:59:46.0608 4996 LanmanWorkstation - ok

13:59:46.0658 4996 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

13:59:46.0668 4996 lltdio - ok

13:59:46.0698 4996 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

13:59:46.0708 4996 lltdsvc - ok

13:59:46.0718 4996 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

13:59:46.0718 4996 lmhosts - ok

13:59:46.0778 4996 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

13:59:46.0778 4996 LMS - ok

13:59:46.0828 4996 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

13:59:46.0838 4996 LSI_FC - ok

13:59:46.0848 4996 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

13:59:46.0848 4996 LSI_SAS - ok

13:59:46.0868 4996 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

13:59:46.0868 4996 LSI_SAS2 - ok

13:59:46.0888 4996 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

13:59:46.0888 4996 LSI_SCSI - ok

13:59:46.0938 4996 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

13:59:46.0938 4996 luafv - ok

13:59:46.0978 4996 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

13:59:46.0978 4996 MBAMProtector - ok

13:59:47.0058 4996 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

13:59:47.0068 4996 MBAMScheduler - ok

13:59:47.0138 4996 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:59:47.0148 4996 MBAMService - ok

13:59:47.0178 4996 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

13:59:47.0188 4996 Mcx2Svc - ok

13:59:47.0208 4996 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

13:59:47.0208 4996 megasas - ok

13:59:47.0248 4996 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

13:59:47.0258 4996 MegaSR - ok

13:59:47.0288 4996 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

13:59:47.0288 4996 MEIx64 - ok

13:59:47.0318 4996 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

13:59:47.0318 4996 MMCSS - ok

13:59:47.0338 4996 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

13:59:47.0348 4996 Modem - ok

13:59:47.0368 4996 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

13:59:47.0368 4996 monitor - ok

13:59:47.0398 4996 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

13:59:47.0398 4996 mouclass - ok

13:59:47.0418 4996 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

13:59:47.0418 4996 mouhid - ok

13:59:47.0428 4996 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

13:59:47.0428 4996 mountmgr - ok

13:59:47.0498 4996 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:59:47.0498 4996 MozillaMaintenance - ok

13:59:47.0528 4996 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

13:59:47.0528 4996 mpio - ok

13:59:47.0548 4996 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

13:59:47.0548 4996 mpsdrv - ok

13:59:47.0588 4996 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

13:59:47.0608 4996 MpsSvc - ok

13:59:47.0628 4996 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

13:59:47.0628 4996 MRxDAV - ok

13:59:47.0688 4996 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

13:59:47.0698 4996 mrxsmb - ok

13:59:47.0708 4996 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:59:47.0718 4996 mrxsmb10 - ok

13:59:47.0778 4996 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:59:47.0788 4996 mrxsmb20 - ok

13:59:47.0858 4996 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

13:59:47.0858 4996 msahci - ok

13:59:47.0908 4996 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

13:59:47.0908 4996 msdsm - ok

13:59:47.0938 4996 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

13:59:47.0938 4996 MSDTC - ok

13:59:47.0998 4996 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

13:59:48.0008 4996 Msfs - ok

13:59:48.0018 4996 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

13:59:48.0018 4996 mshidkmdf - ok

13:59:48.0028 4996 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

13:59:48.0028 4996 msisadrv - ok

13:59:48.0058 4996 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

13:59:48.0058 4996 MSiSCSI - ok

13:59:48.0068 4996 msiserver - ok

13:59:48.0088 4996 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

13:59:48.0088 4996 MSKSSRV - ok

13:59:48.0108 4996 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

13:59:48.0108 4996 MSPCLOCK - ok

13:59:48.0118 4996 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

13:59:48.0118 4996 MSPQM - ok

13:59:48.0138 4996 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

13:59:48.0148 4996 MsRPC - ok

13:59:48.0168 4996 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

13:59:48.0168 4996 mssmbios - ok

13:59:48.0188 4996 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

13:59:48.0188 4996 MSTEE - ok

13:59:48.0198 4996 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

13:59:48.0198 4996 MTConfig - ok

13:59:48.0218 4996 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

13:59:48.0218 4996 Mup - ok

13:59:48.0248 4996 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

13:59:48.0258 4996 napagent - ok

13:59:48.0308 4996 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

13:59:48.0318 4996 NativeWifiP - ok

13:59:48.0388 4996 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130524.003\ENG64.SYS

13:59:48.0388 4996 NAVENG - ok

13:59:48.0478 4996 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130524.003\EX64.SYS

13:59:48.0508 4996 NAVEX15 - ok

13:59:48.0548 4996 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

13:59:48.0558 4996 NDIS - ok

13:59:48.0588 4996 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

13:59:48.0588 4996 NdisCap - ok

13:59:48.0618 4996 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

13:59:48.0618 4996 NdisTapi - ok

13:59:48.0628 4996 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

13:59:48.0638 4996 Ndisuio - ok

13:59:48.0648 4996 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

13:59:48.0648 4996 NdisWan - ok

13:59:48.0668 4996 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

13:59:48.0668 4996 NDProxy - ok

13:59:48.0678 4996 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

13:59:48.0678 4996 NetBIOS - ok

13:59:48.0688 4996 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

13:59:48.0698 4996 NetBT - ok

13:59:48.0718 4996 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

13:59:48.0718 4996 Netlogon - ok

13:59:48.0768 4996 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

13:59:48.0768 4996 Netman - ok

13:59:48.0798 4996 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

13:59:48.0798 4996 netprofm - ok

13:59:48.0818 4996 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:59:48.0828 4996 NetTcpPortSharing - ok

13:59:48.0868 4996 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

13:59:48.0868 4996 nfrd960 - ok

13:59:48.0938 4996 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

13:59:48.0938 4996 NIS - ok

13:59:48.0978 4996 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

13:59:48.0988 4996 NlaSvc - ok

13:59:49.0008 4996 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

13:59:49.0008 4996 Npfs - ok

13:59:49.0038 4996 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

13:59:49.0038 4996 nsi - ok

13:59:49.0058 4996 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

13:59:49.0058 4996 nsiproxy - ok

13:59:49.0128 4996 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

13:59:49.0148 4996 Ntfs - ok

13:59:49.0178 4996 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

13:59:49.0178 4996 Null - ok

13:59:49.0198 4996 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

13:59:49.0198 4996 nvraid - ok

13:59:49.0218 4996 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

13:59:49.0228 4996 nvstor - ok

13:59:49.0268 4996 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

13:59:49.0268 4996 nv_agp - ok

13:59:49.0278 4996 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

13:59:49.0278 4996 ohci1394 - ok

13:59:49.0328 4996 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:59:49.0328 4996 ose - ok

13:59:49.0498 4996 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

13:59:49.0608 4996 osppsvc - ok

13:59:49.0668 4996 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

13:59:49.0668 4996 p2pimsvc - ok

13:59:49.0698 4996 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

13:59:49.0708 4996 p2psvc - ok

13:59:49.0728 4996 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

13:59:49.0738 4996 Parport - ok

13:59:49.0758 4996 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

13:59:49.0758 4996 partmgr - ok

13:59:49.0788 4996 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

13:59:49.0798 4996 PcaSvc - ok

13:59:49.0828 4996 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

13:59:49.0828 4996 pci - ok

13:59:49.0828 4996 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

13:59:49.0838 4996 pciide - ok

13:59:49.0868 4996 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

13:59:49.0868 4996 pcmcia - ok

13:59:49.0868 4996 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

13:59:49.0878 4996 pcw - ok

13:59:49.0948 4996 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

13:59:49.0958 4996 PEAUTH - ok

13:59:50.0068 4996 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

13:59:50.0068 4996 PerfHost - ok

13:59:50.0148 4996 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

13:59:50.0168 4996 pla - ok

13:59:50.0208 4996 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

13:59:50.0208 4996 PlugPlay - ok

13:59:50.0228 4996 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

13:59:50.0238 4996 PNRPAutoReg - ok

13:59:50.0258 4996 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

13:59:50.0258 4996 PNRPsvc - ok

13:59:50.0288 4996 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

13:59:50.0298 4996 PolicyAgent - ok

13:59:50.0328 4996 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

13:59:50.0328 4996 Power - ok

13:59:50.0368 4996 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

13:59:50.0368 4996 PptpMiniport - ok

13:59:50.0388 4996 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

13:59:50.0388 4996 Processor - ok

13:59:50.0438 4996 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

13:59:50.0448 4996 ProfSvc - ok

13:59:50.0458 4996 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

13:59:50.0458 4996 ProtectedStorage - ok

13:59:50.0488 4996 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

13:59:50.0488 4996 Psched - ok

13:59:50.0548 4996 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

13:59:50.0568 4996 ql2300 - ok

13:59:50.0588 4996 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

13:59:50.0598 4996 ql40xx - ok

13:59:50.0638 4996 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

13:59:50.0648 4996 QWAVE - ok

13:59:50.0678 4996 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

13:59:50.0678 4996 QWAVEdrv - ok

13:59:50.0698 4996 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

13:59:50.0708 4996 RasAcd - ok

13:59:50.0738 4996 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

13:59:50.0738 4996 RasAgileVpn - ok

13:59:50.0778 4996 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

13:59:50.0778 4996 RasAuto - ok

13:59:50.0818 4996 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

13:59:50.0828 4996 Rasl2tp - ok

13:59:50.0888 4996 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

13:59:50.0898 4996 RasMan - ok

13:59:50.0928 4996 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

13:59:50.0938 4996 RasPppoe - ok

13:59:50.0948 4996 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

13:59:50.0958 4996 RasSstp - ok

13:59:50.0968 4996 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

13:59:50.0988 4996 rdbss - ok

13:59:51.0008 4996 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

13:59:51.0008 4996 rdpbus - ok

13:59:51.0008 4996 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

13:59:51.0008 4996 RDPCDD - ok

13:59:51.0038 4996 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

13:59:51.0038 4996 RDPENCDD - ok

13:59:51.0058 4996 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

13:59:51.0058 4996 RDPREFMP - ok

13:59:51.0078 4996 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

13:59:51.0078 4996 RDPWD - ok

13:59:51.0108 4996 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

13:59:51.0108 4996 rdyboost - ok

13:59:51.0138 4996 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

13:59:51.0138 4996 RemoteAccess - ok

13:59:51.0178 4996 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

13:59:51.0178 4996 RemoteRegistry - ok

13:59:51.0228 4996 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

13:59:51.0228 4996 RFCOMM - ok

13:59:51.0268 4996 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

13:59:51.0268 4996 RpcEptMapper - ok

13:59:51.0308 4996 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

13:59:51.0308 4996 RpcLocator - ok

13:59:51.0338 4996 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

13:59:51.0338 4996 RpcSs - ok

13:59:51.0378 4996 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

13:59:51.0378 4996 rspndr - ok

13:59:51.0398 4996 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

13:59:51.0398 4996 SamSs - ok

13:59:51.0418 4996 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

13:59:51.0418 4996 sbp2port - ok

13:59:51.0538 4996 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

13:59:51.0558 4996 SBSDWSCService - ok

13:59:51.0598 4996 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

13:59:51.0598 4996 SCardSvr - ok

13:59:51.0608 4996 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

13:59:51.0608 4996 scfilter - ok

13:59:51.0688 4996 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

13:59:51.0708 4996 Schedule - ok

13:59:51.0728 4996 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

13:59:51.0728 4996 SCPolicySvc - ok

13:59:51.0748 4996 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

13:59:51.0758 4996 SDRSVC - ok

13:59:51.0798 4996 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

13:59:51.0798 4996 secdrv - ok

13:59:51.0818 4996 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

13:59:51.0818 4996 seclogon - ok

13:59:51.0868 4996 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

13:59:51.0868 4996 SENS - ok

13:59:51.0888 4996 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

13:59:51.0898 4996 SensrSvc - ok

13:59:51.0918 4996 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

13:59:51.0918 4996 Serenum - ok

13:59:51.0938 4996 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

13:59:51.0938 4996 Serial - ok

13:59:51.0938 4996 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

13:59:51.0948 4996 sermouse - ok

13:59:51.0978 4996 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

13:59:51.0978 4996 SessionEnv - ok

13:59:51.0998 4996 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

13:59:51.0998 4996 sffdisk - ok

13:59:52.0008 4996 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

13:59:52.0008 4996 sffp_mmc - ok

13:59:52.0018 4996 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

13:59:52.0018 4996 sffp_sd - ok

13:59:52.0018 4996 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

13:59:52.0018 4996 sfloppy - ok

13:59:52.0058 4996 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

13:59:52.0068 4996 Sftfs - ok

13:59:52.0148 4996 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

13:59:52.0158 4996 sftlist - ok

13:59:52.0178 4996 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

13:59:52.0188 4996 Sftplay - ok

13:59:52.0198 4996 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

13:59:52.0198 4996 Sftredir - ok

13:59:52.0228 4996 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

13:59:52.0228 4996 Sftvol - ok

13:59:52.0258 4996 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

13:59:52.0268 4996 sftvsa - ok

13:59:52.0308 4996 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

13:59:52.0318 4996 SharedAccess - ok

13:59:52.0338 4996 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

13:59:52.0348 4996 ShellHWDetection - ok

13:59:52.0368 4996 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys

13:59:52.0368 4996 SiSGbeLH - ok

13:59:52.0408 4996 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

13:59:52.0408 4996 SiSRaid2 - ok

13:59:52.0428 4996 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

13:59:52.0428 4996 SiSRaid4 - ok

13:59:52.0498 4996 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

13:59:52.0498 4996 SkypeUpdate - ok

13:59:52.0548 4996 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

13:59:52.0548 4996 Smb - ok

13:59:52.0608 4996 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

13:59:52.0638 4996 SNMPTRAP - ok

13:59:52.0668 4996 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

13:59:52.0668 4996 spldr - ok

13:59:52.0698 4996 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

13:59:52.0708 4996 Spooler - ok

13:59:52.0808 4996 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

13:59:52.0918 4996 sppsvc - ok

13:59:52.0948 4996 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

13:59:52.0948 4996 sppuinotify - ok

13:59:53.0018 4996 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS

13:59:53.0038 4996 SRTSP - ok

13:59:53.0038 4996 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS

13:59:53.0048 4996 SRTSPX - ok

13:59:53.0078 4996 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

13:59:53.0078 4996 srv - ok

13:59:53.0098 4996 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

13:59:53.0108 4996 srv2 - ok

13:59:53.0118 4996 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

13:59:53.0118 4996 srvnet - ok

13:59:53.0158 4996 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

13:59:53.0168 4996 SSDPSRV - ok

13:59:53.0168 4996 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

13:59:53.0178 4996 SstpSvc - ok

13:59:53.0198 4996 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

13:59:53.0198 4996 stexstor - ok

13:59:53.0248 4996 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

13:59:53.0268 4996 stisvc - ok

13:59:53.0298 4996 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

13:59:53.0298 4996 swenum - ok

13:59:53.0338 4996 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

13:59:53.0358 4996 swprv - ok

13:59:53.0378 4996 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS

13:59:53.0388 4996 SymDS - ok

13:59:53.0418 4996 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS

13:59:53.0438 4996 SymEFA - ok

13:59:53.0468 4996 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

13:59:53.0468 4996 SymEvent - ok

13:59:53.0498 4996 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS

13:59:53.0508 4996 SymIRON - ok

13:59:53.0528 4996 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS

13:59:53.0538 4996 SymNetS - ok

13:59:53.0608 4996 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

13:59:53.0628 4996 SysMain - ok

13:59:53.0668 4996 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

13:59:53.0688 4996 TabletInputService - ok

13:59:53.0698 4996 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

13:59:53.0708 4996 TapiSrv - ok

13:59:53.0718 4996 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

13:59:53.0718 4996 TBS - ok

13:59:53.0788 4996 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

13:59:53.0818 4996 Tcpip - ok

13:59:53.0898 4996 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

13:59:53.0908 4996 TCPIP6 - ok

13:59:53.0928 4996 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

13:59:53.0928 4996 tcpipreg - ok

13:59:53.0968 4996 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

13:59:53.0968 4996 TDPIPE - ok

13:59:53.0998 4996 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

13:59:53.0998 4996 TDTCP - ok

13:59:54.0028 4996 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

13:59:54.0028 4996 tdx - ok

13:59:54.0038 4996 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

13:59:54.0038 4996 TermDD - ok

13:59:54.0078 4996 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

13:59:54.0088 4996 TermService - ok

13:59:54.0098 4996 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

13:59:54.0108 4996 Themes - ok

13:59:54.0118 4996 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

13:59:54.0118 4996 THREADORDER - ok

13:59:54.0168 4996 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

13:59:54.0168 4996 TrkWks - ok

13:59:54.0208 4996 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

13:59:54.0218 4996 TrustedInstaller - ok

13:59:54.0238 4996 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

13:59:54.0248 4996 tssecsrv - ok

13:59:54.0258 4996 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

13:59:54.0268 4996 TsUsbFlt - ok

13:59:54.0268 4996 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

13:59:54.0268 4996 TsUsbGD - ok

13:59:54.0318 4996 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

13:59:54.0318 4996 tunnel - ok

13:59:54.0338 4996 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

13:59:54.0338 4996 uagp35 - ok

13:59:54.0348 4996 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

13:59:54.0348 4996 udfs - ok

13:59:54.0388 4996 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

13:59:54.0388 4996 UI0Detect - ok

13:59:54.0418 4996 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

13:59:54.0418 4996 uliagpkx - ok

13:59:54.0468 4996 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

13:59:54.0468 4996 umbus - ok

13:59:54.0468 4996 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

13:59:54.0478 4996 UmPass - ok

13:59:54.0578 4996 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

13:59:54.0598 4996 UNS - ok

13:59:54.0668 4996 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

13:59:54.0698 4996 upnphost - ok

13:59:54.0718 4996 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

13:59:54.0728 4996 usbccgp - ok

13:59:54.0758 4996 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

13:59:54.0758 4996 usbcir - ok

13:59:54.0788 4996 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

13:59:54.0788 4996 usbehci - ok

13:59:54.0828 4996 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

13:59:54.0828 4996 usbhub - ok

13:59:54.0858 4996 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

13:59:54.0858 4996 usbohci - ok

13:59:54.0888 4996 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys

13:59:54.0888 4996 usbprint - ok

13:59:54.0918 4996 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

13:59:54.0918 4996 USBSTOR - ok

13:59:54.0938 4996 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

13:59:54.0938 4996 usbuhci - ok

13:59:54.0978 4996 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

13:59:54.0978 4996 usbvideo - ok

13:59:55.0008 4996 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

13:59:55.0008 4996 UxSms - ok

13:59:55.0018 4996 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

13:59:55.0018 4996 VaultSvc - ok

13:59:55.0038 4996 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

13:59:55.0048 4996 vdrvroot - ok

13:59:55.0078 4996 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

13:59:55.0088 4996 vds - ok

13:59:55.0108 4996 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

13:59:55.0108 4996 vga - ok

13:59:55.0118 4996 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

13:59:55.0118 4996 VgaSave - ok

13:59:55.0128 4996 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

13:59:55.0128 4996 vhdmp - ok

13:59:55.0148 4996 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

13:59:55.0148 4996 viaide - ok

13:59:55.0148 4996 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

13:59:55.0158 4996 volmgr - ok

13:59:55.0158 4996 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

13:59:55.0168 4996 volmgrx - ok

13:59:55.0178 4996 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

13:59:55.0178 4996 volsnap - ok

13:59:55.0218 4996 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

13:59:55.0218 4996 vsmraid - ok

13:59:55.0288 4996 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

13:59:55.0318 4996 VSS - ok

13:59:55.0328 4996 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

13:59:55.0338 4996 vwifibus - ok

13:59:55.0338 4996 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

13:59:55.0338 4996 vwififlt - ok

13:59:55.0368 4996 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

13:59:55.0368 4996 W32Time - ok

13:59:55.0398 4996 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

13:59:55.0398 4996 WacomPen - ok

13:59:55.0418 4996 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

13:59:55.0428 4996 WANARP - ok

13:59:55.0428 4996 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

13:59:55.0428 4996 Wanarpv6 - ok

13:59:55.0498 4996 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

13:59:55.0518 4996 WatAdminSvc - ok

13:59:55.0568 4996 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

13:59:55.0598 4996 wbengine - ok

13:59:55.0598 4996 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

13:59:55.0608 4996 WbioSrvc - ok

13:59:55.0618 4996 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

13:59:55.0628 4996 wcncsvc - ok

13:59:55.0628 4996 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

13:59:55.0628 4996 WcsPlugInService - ok

13:59:55.0658 4996 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

13:59:55.0658 4996 Wd - ok

13:59:55.0688 4996 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

13:59:55.0698 4996 Wdf01000 - ok

13:59:55.0718 4996 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

13:59:55.0718 4996 WdiServiceHost - ok

13:59:55.0728 4996 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

13:59:55.0728 4996 WdiSystemHost - ok

13:59:55.0738 4996 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

13:59:55.0738 4996 WebClient - ok

13:59:55.0748 4996 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

13:59:55.0758 4996 Wecsvc - ok

13:59:55.0778 4996 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

13:59:55.0778 4996 wercplsupport - ok

13:59:55.0808 4996 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

13:59:55.0818 4996 WerSvc - ok

13:59:55.0838 4996 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

13:59:55.0838 4996 WfpLwf - ok

13:59:55.0978 4996 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

13:59:55.0978 4996 WimFltr - ok

13:59:56.0038 4996 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

13:59:56.0038 4996 WIMMount - ok

13:59:56.0098 4996 WinDefend - ok

13:59:56.0108 4996 WinHttpAutoProxySvc - ok

13:59:56.0158 4996 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

13:59:56.0168 4996 Winmgmt - ok

13:59:56.0248 4996 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

13:59:56.0268 4996 WinRM - ok

13:59:56.0308 4996 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

13:59:56.0318 4996 Wlansvc - ok

13:59:56.0368 4996 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

13:59:56.0368 4996 wlcrasvc - ok

13:59:56.0488 4996 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:59:56.0498 4996 wlidsvc - ok

13:59:56.0518 4996 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

13:59:56.0518 4996 WmiAcpi - ok

13:59:56.0548 4996 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

13:59:56.0558 4996 wmiApSrv - ok

13:59:56.0578 4996 WMPNetworkSvc - ok

13:59:56.0608 4996 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

13:59:56.0618 4996 WPCSvc - ok

13:59:56.0628 4996 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

13:59:56.0638 4996 WPDBusEnum - ok

13:59:56.0668 4996 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

13:59:56.0668 4996 ws2ifsl - ok

13:59:56.0698 4996 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

13:59:56.0698 4996 wscsvc - ok

13:59:56.0708 4996 WSearch - ok

13:59:56.0808 4996 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

13:59:56.0838 4996 wuauserv - ok

13:59:56.0878 4996 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

13:59:56.0878 4996 WudfPf - ok

13:59:56.0898 4996 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

13:59:56.0908 4996 wudfsvc - ok

13:59:56.0928 4996 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

13:59:56.0938 4996 WwanSvc - ok

13:59:56.0968 4996 ================ Scan global ===============================

13:59:56.0998 4996 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

13:59:57.0028 4996 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

13:59:57.0038 4996 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

13:59:57.0077 4996 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

13:59:57.0090 4996 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

13:59:57.0100 4996 [Global] - ok

13:59:57.0100 4996 ================ Scan MBR ==================================

13:59:57.0110 4996 [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk0\DR0

13:59:57.0110 4996 Suspicious mbr (Forged): \Device\Harddisk0\DR0

13:59:57.0180 4996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected

13:59:57.0180 4996 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)

13:59:57.0180 4996 ================ Scan VBR ==================================

13:59:57.0190 4996 [ 34B67763DBE2AD57B183DD7E0B7A8AAD ] \Device\Harddisk0\DR0\Partition1

13:59:57.0190 4996 \Device\Harddisk0\DR0\Partition1 - ok

13:59:57.0210 4996 [ 63594075324EE0083A2B1479A47CAB79 ] \Device\Harddisk0\DR0\Partition2

13:59:57.0210 4996 \Device\Harddisk0\DR0\Partition2 - ok

13:59:57.0210 4996 ============================================================

13:59:57.0210 4996 Scan finished

13:59:57.0210 4996 ============================================================

13:59:57.0230 5548 Detected object count: 1

13:59:57.0230 5548 Actual detected object count: 1

14:00:39.0422 5548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - skipped by user

14:00:39.0422 5548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Skip

[kmars100]

Hi Daniel,

Thank you so much!!!!

The TDSSKiller log was just posted and now the malewarebytes log

2013/05/25 11:33:19 -0400 MASON-PC mason MESSAGE Starting protection

2013/05/25 11:33:19 -0400 MASON-PC mason MESSAGE Protection started successfully

2013/05/25 11:33:19 -0400 MASON-PC mason MESSAGE Starting IP protection

2013/05/25 11:33:43 -0400 MASON-PC mason MESSAGE IP Protection started successfully

2013/05/25 11:33:52 -0400 MASON-PC mason MESSAGE Starting database refresh

2013/05/25 11:33:52 -0400 MASON-PC mason MESSAGE Stopping IP protection

2013/05/25 11:34:02 -0400 MASON-PC mason MESSAGE IP Protection stopped successfully

2013/05/25 11:34:05 -0400 MASON-PC mason MESSAGE Database refreshed successfully

2013/05/25 11:34:05 -0400 MASON-PC mason MESSAGE Starting IP protection

2013/05/25 11:34:08 -0400 MASON-PC mason MESSAGE IP Protection started successfully

2013/05/25 11:43:48 -0400 MASON-PC (null) MESSAGE Starting protection

2013/05/25 11:43:48 -0400 MASON-PC (null) MESSAGE Protection started successfully

2013/05/25 11:43:48 -0400 MASON-PC (null) MESSAGE Starting IP protection

2013/05/25 11:43:52 -0400 MASON-PC (null) MESSAGE IP Protection started successfully

2013/05/25 11:45:04 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49229, Process: svchost.exe)

2013/05/25 11:45:12 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49234, Process: svchost.exe)

2013/05/25 11:45:20 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49235, Process: svchost.exe)

2013/05/25 11:45:28 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49238, Process: svchost.exe)

2013/05/25 11:45:37 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49239, Process: svchost.exe)

2013/05/25 11:45:53 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49240, Process: svchost.exe)

2013/05/25 11:46:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49242, Process: svchost.exe)

2013/05/25 11:46:10 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49243, Process: svchost.exe)

2013/05/25 11:46:34 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49244, Process: svchost.exe)

2013/05/25 11:46:42 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49245, Process: svchost.exe)

2013/05/25 11:46:50 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49246, Process: svchost.exe)

2013/05/25 11:47:06 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49247, Process: svchost.exe)

2013/05/25 11:47:14 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49248, Process: svchost.exe)

2013/05/25 11:47:22 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49249, Process: svchost.exe)

2013/05/25 11:47:47 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49250, Process: svchost.exe)

2013/05/25 11:48:03 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49251, Process: svchost.exe)

2013/05/25 11:48:11 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49252, Process: svchost.exe)

2013/05/25 11:48:19 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49253, Process: svchost.exe)

2013/05/25 11:48:27 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49254, Process: svchost.exe)

2013/05/25 11:48:43 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49255, Process: svchost.exe)

2013/05/25 11:49:07 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49256, Process: svchost.exe)

2013/05/25 11:49:15 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49257, Process: svchost.exe)

2013/05/25 11:49:23 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49258, Process: svchost.exe)

2013/05/25 11:49:31 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49259, Process: svchost.exe)

2013/05/25 11:49:48 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49261, Process: svchost.exe)

2013/05/25 11:49:56 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49262, Process: svchost.exe)

2013/05/25 11:50:20 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49263, Process: svchost.exe)

2013/05/25 11:50:28 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49264, Process: svchost.exe)

2013/05/25 11:50:36 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49265, Process: svchost.exe)

2013/05/25 11:50:44 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49266, Process: svchost.exe)

2013/05/25 11:51:01 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49267, Process: svchost.exe)

2013/05/25 11:51:09 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49268, Process: svchost.exe)

2013/05/25 11:51:33 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49269, Process: svchost.exe)

2013/05/25 11:51:41 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49270, Process: svchost.exe)

2013/05/25 11:51:49 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49275, Process: svchost.exe)

2013/05/25 11:51:58 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49276, Process: svchost.exe)

2013/05/25 11:52:14 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49277, Process: svchost.exe)

2013/05/25 11:52:22 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49278, Process: svchost.exe)

2013/05/25 11:52:46 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49281, Process: svchost.exe)

2013/05/25 11:52:54 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49282, Process: svchost.exe)

2013/05/25 11:53:03 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49287, Process: svchost.exe)

2013/05/25 11:53:19 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49367, Process: svchost.exe)

2013/05/25 11:53:27 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49417, Process: svchost.exe)

2013/05/25 11:53:35 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49461, Process: svchost.exe)

2013/05/25 11:53:59 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49475, Process: svchost.exe)

2013/05/25 11:54:08 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49507, Process: svchost.exe)

2013/05/25 11:54:17 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49525, Process: svchost.exe)

2013/05/25 11:54:41 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49530, Process: svchost.exe)

2013/05/25 11:54:49 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49534, Process: svchost.exe)

2013/05/25 11:55:14 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49576, Process: svchost.exe)

2013/05/25 11:55:22 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49579, Process: svchost.exe)

2013/05/25 11:55:30 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49581, Process: svchost.exe)

2013/05/25 11:55:46 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49590, Process: svchost.exe)

2013/05/25 11:55:54 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49609, Process: svchost.exe)

2013/05/25 11:56:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49627, Process: svchost.exe)

2013/05/25 11:56:18 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49640, Process: svchost.exe)

2013/05/25 11:56:27 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49658, Process: svchost.exe)

2013/05/25 11:56:35 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49677, Process: svchost.exe)

2013/05/25 11:56:43 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49691, Process: svchost.exe)

2013/05/25 11:56:59 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49719, Process: svchost.exe)

2013/05/25 11:57:07 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49726, Process: svchost.exe)

2013/05/25 11:57:15 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49751, Process: svchost.exe)

2013/05/25 11:57:23 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49769, Process: svchost.exe)

2013/05/25 11:57:32 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49790, Process: svchost.exe)

2013/05/25 11:57:48 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49810, Process: svchost.exe)

2013/05/25 11:57:56 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49819, Process: svchost.exe)

2013/05/25 11:58:04 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49842, Process: svchost.exe)

2013/05/25 11:58:12 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49860, Process: svchost.exe)

2013/05/25 11:58:29 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49880, Process: svchost.exe)

2013/05/25 11:58:37 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49903, Process: svchost.exe)

2013/05/25 11:58:45 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49915, Process: svchost.exe)

2013/05/25 11:58:53 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49938, Process: svchost.exe)

2013/05/25 11:59:09 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49954, Process: svchost.exe)

2013/05/25 11:59:17 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49972, Process: svchost.exe)

2013/05/25 11:59:25 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49995, Process: svchost.exe)

2013/05/25 11:59:33 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 50007, Process: svchost.exe)

2013/05/25 11:59:57 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 50047, Process: svchost.exe)

2013/05/25 12:00:06 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 50065, Process: svchost.exe)

2013/05/25 12:00:14 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 50087, Process: svchost.exe)

2013/05/25 12:00:22 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 50104, Process: svchost.exe)

2013/05/25 12:00:38 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 50124, Process: svchost.exe)

2013/05/25 12:00:46 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 50126, Process: svchost.exe)

2013/05/25 12:00:54 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 50139, Process: svchost.exe)

2013/05/25 12:01:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50149, Process: svchost.exe)

2013/05/25 12:01:18 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 50156, Process: svchost.exe)

2013/05/25 12:01:26 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 50172, Process: svchost.exe)

2013/05/25 12:01:34 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 50173, Process: svchost.exe)

2013/05/25 12:01:51 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 50192, Process: svchost.exe)

2013/05/25 12:01:59 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 50196, Process: svchost.exe)

2013/05/25 12:02:07 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 50207, Process: svchost.exe)

2013/05/25 12:02:15 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 50219, Process: svchost.exe)

2013/05/25 12:02:31 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 50224, Process: svchost.exe)

2013/05/25 12:02:39 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 50240, Process: svchost.exe)

2013/05/25 12:02:47 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 50243, Process: svchost.exe)

2013/05/25 12:02:55 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 50256, Process: svchost.exe)

2013/05/25 12:03:11 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50266, Process: svchost.exe)

2013/05/25 12:03:19 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 50273, Process: svchost.exe)

2013/05/25 12:03:28 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 50289, Process: svchost.exe)

2013/05/25 12:03:36 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 50290, Process: svchost.exe)

2013/05/25 12:03:44 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 50304, Process: svchost.exe)

2013/05/25 12:04:00 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50316, Process: svchost.exe)

2013/05/25 12:04:08 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50325, Process: svchost.exe)

2013/05/25 12:04:16 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 50340, Process: svchost.exe)

2013/05/25 12:04:24 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 50344, Process: svchost.exe)

2013/05/25 12:04:40 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 50359, Process: svchost.exe)

2013/05/25 12:04:48 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 50368, Process: svchost.exe)

2013/05/25 12:04:57 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50378, Process: svchost.exe)

2013/05/25 12:05:05 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50391, Process: svchost.exe)

2013/05/25 12:05:21 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 50398, Process: svchost.exe)

2013/05/25 12:05:29 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 50417, Process: svchost.exe)

2013/05/25 12:05:37 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 50424, Process: svchost.exe)

2013/05/25 12:05:45 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 50428, Process: svchost.exe)

2013/05/25 12:06:01 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 50429, Process: svchost.exe)

2013/05/25 12:06:09 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 50430, Process: svchost.exe)

2013/05/25 12:06:18 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 50434, Process: svchost.exe)

2013/05/25 12:06:26 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 50435, Process: svchost.exe)

2013/05/25 12:06:42 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50436, Process: svchost.exe)

2013/05/25 12:06:50 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 50440, Process: svchost.exe)

2013/05/25 12:06:58 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 50450, Process: svchost.exe)

2013/05/25 12:07:06 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 50466, Process: svchost.exe)

2013/05/25 12:07:22 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 50467, Process: svchost.exe)

2013/05/25 12:07:30 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50478, Process: svchost.exe)

2013/05/25 12:07:38 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 50490, Process: svchost.exe)

2013/05/25 12:07:47 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50494, Process: svchost.exe)

2013/05/25 12:07:55 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 50513, Process: svchost.exe)

2013/05/25 12:08:11 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 50517, Process: svchost.exe)

2013/05/25 12:08:19 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 50528, Process: svchost.exe)

2013/05/25 12:08:27 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 50540, Process: svchost.exe)

2013/05/25 12:08:35 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50547, Process: svchost.exe)

2013/05/25 12:08:51 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50563, Process: svchost.exe)

2013/05/25 12:08:59 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 50566, Process: svchost.exe)

2013/05/25 12:09:07 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50583, Process: svchost.exe)

2013/05/25 12:09:23 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 50590, Process: svchost.exe)

2013/05/25 12:09:32 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50600, Process: svchost.exe)

2013/05/25 12:09:40 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 50613, Process: svchost.exe)

2013/05/25 12:09:48 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 50614, Process: svchost.exe)

2013/05/25 12:09:56 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 50635, Process: svchost.exe)

2013/05/25 12:10:12 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 50640, Process: svchost.exe)

2013/05/25 12:10:20 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50653, Process: svchost.exe)

2013/05/25 12:10:28 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 50663, Process: svchost.exe)

2013/05/25 12:10:44 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 50670, Process: svchost.exe)

2013/05/25 12:10:52 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 50686, Process: svchost.exe)

2013/05/25 12:11:00 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 50687, Process: svchost.exe)

2013/05/25 12:11:09 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50703, Process: svchost.exe)

2013/05/25 12:11:25 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50713, Process: svchost.exe)

2013/05/25 12:11:33 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50722, Process: svchost.exe)

2013/05/25 12:11:42 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 50736, Process: svchost.exe)

2013/05/25 12:11:50 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 50737, Process: svchost.exe)

2013/05/25 12:12:14 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50764, Process: svchost.exe)

2013/05/25 12:12:22 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50778, Process: svchost.exe)

2013/05/25 12:12:30 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50792, Process: svchost.exe)

2013/05/25 12:12:38 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50794, Process: svchost.exe)

2013/05/25 12:12:54 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 50812, Process: svchost.exe)

2013/05/25 12:13:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 50823, Process: svchost.exe)

2013/05/25 12:13:11 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 50844, Process: svchost.exe)

2013/05/25 12:13:19 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 50859, Process: svchost.exe)

2013/05/25 12:13:35 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 50869, Process: svchost.exe)

2013/05/25 12:13:43 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 50891, Process: svchost.exe)

2013/05/25 12:13:51 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 50898, Process: svchost.exe)

2013/05/25 12:13:59 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50911, Process: svchost.exe)

2013/05/25 12:14:15 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 50922, Process: svchost.exe)

2013/05/25 12:14:23 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 50929, Process: svchost.exe)

2013/05/25 12:14:31 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50972, Process: svchost.exe)

2013/05/25 12:14:40 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 51033, Process: svchost.exe)

2013/05/25 12:14:56 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51049, Process: svchost.exe)

2013/05/25 12:15:04 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51051, Process: svchost.exe)

2013/05/25 12:15:12 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51136, Process: svchost.exe)

2013/05/25 12:15:20 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51149, Process: svchost.exe)

2013/05/25 12:15:36 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51154, Process: svchost.exe)

2013/05/25 12:15:44 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51155, Process: svchost.exe)

2013/05/25 12:16:09 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51169, Process: svchost.exe)

2013/05/25 12:16:17 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51173, Process: svchost.exe)

2013/05/25 12:16:25 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51174, Process: svchost.exe)

2013/05/25 12:16:41 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51176, Process: svchost.exe)

2013/05/25 12:16:49 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51177, Process: svchost.exe)

2013/05/25 12:16:57 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51181, Process: svchost.exe)

2013/05/25 12:17:22 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51182, Process: svchost.exe)

2013/05/25 12:17:30 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 51183, Process: svchost.exe)

2013/05/25 12:17:38 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51187, Process: svchost.exe)

2013/05/25 12:17:54 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51188, Process: svchost.exe)

2013/05/25 12:18:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51190, Process: svchost.exe)

2013/05/25 12:18:10 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51191, Process: svchost.exe)

2013/05/25 12:18:34 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51195, Process: svchost.exe)

2013/05/25 12:18:42 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51196, Process: svchost.exe)

2013/05/25 12:18:51 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51197, Process: svchost.exe)

2013/05/25 12:19:07 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51201, Process: svchost.exe)

2013/05/25 12:19:15 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51202, Process: svchost.exe)

2013/05/25 12:19:23 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51203, Process: svchost.exe)

2013/05/25 12:19:47 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 51207, Process: svchost.exe)

2013/05/25 12:19:55 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51209, Process: svchost.exe)

2013/05/25 12:20:03 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 51210, Process: svchost.exe)

2013/05/25 12:20:19 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51211, Process: svchost.exe)

2013/05/25 12:20:27 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51213, Process: svchost.exe)

2013/05/25 12:20:35 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51216, Process: svchost.exe)

2013/05/25 12:21:00 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51218, Process: svchost.exe)

2013/05/25 12:21:08 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51221, Process: svchost.exe)

2013/05/25 12:21:24 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51223, Process: svchost.exe)

2013/05/25 12:21:32 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51224, Process: svchost.exe)

2013/05/25 12:21:40 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51226, Process: svchost.exe)

2013/05/25 12:21:48 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51227, Process: svchost.exe)

2013/05/25 12:22:20 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51232, Process: svchost.exe)

2013/05/25 12:22:29 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 51233, Process: svchost.exe)

2013/05/25 12:22:37 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51234, Process: svchost.exe)

2013/05/25 12:22:45 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51235, Process: svchost.exe)

2013/05/25 12:23:01 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51236, Process: svchost.exe)

2013/05/25 12:23:09 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51237, Process: svchost.exe)

2013/05/25 12:23:33 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51241, Process: svchost.exe)

2013/05/25 12:23:41 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 51242, Process: svchost.exe)

2013/05/25 12:23:49 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51243, Process: svchost.exe)

2013/05/25 12:24:06 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51246, Process: svchost.exe)

2013/05/25 12:24:14 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51249, Process: svchost.exe)

2013/05/25 12:24:22 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51252, Process: svchost.exe)

2013/05/25 12:24:46 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51257, Process: svchost.exe)

2013/05/25 12:24:54 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51275, Process: svchost.exe)

2013/05/25 12:25:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51276, Process: svchost.exe)

2013/05/25 12:25:18 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51277, Process: svchost.exe)

2013/05/25 12:25:27 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51281, Process: svchost.exe)

2013/05/25 12:25:35 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 51282, Process: svchost.exe)

2013/05/25 12:25:59 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51291, Process: svchost.exe)

2013/05/25 12:26:07 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51293, Process: svchost.exe)

2013/05/25 12:26:15 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 51296, Process: svchost.exe)

2013/05/25 12:26:31 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51297, Process: svchost.exe)

2013/05/25 12:26:39 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 51298, Process: svchost.exe)

2013/05/25 12:26:48 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51301, Process: svchost.exe)

2013/05/25 12:27:12 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51304, Process: svchost.exe)

2013/05/25 12:27:20 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51305, Process: svchost.exe)

2013/05/25 12:27:36 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51307, Process: svchost.exe)

2013/05/25 12:27:44 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51310, Process: svchost.exe)

2013/05/25 12:27:52 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51311, Process: svchost.exe)

2013/05/25 12:28:00 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 51312, Process: svchost.exe)

2013/05/25 12:28:25 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51318, Process: svchost.exe)

2013/05/25 12:28:41 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51387, Process: svchost.exe)

2013/05/25 12:28:49 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51390, Process: svchost.exe)

2013/05/25 12:28:57 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51391, Process: svchost.exe)

2013/05/25 12:29:05 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 51395, Process: svchost.exe)

2013/05/25 12:29:21 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 51396, Process: svchost.exe)

2013/05/25 12:29:46 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 51397, Process: svchost.exe)

2013/05/25 12:29:54 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51398, Process: svchost.exe)

2013/05/25 12:30:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51399, Process: svchost.exe)

2013/05/25 12:30:10 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51464, Process: svchost.exe)

2013/05/25 12:30:18 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51472, Process: svchost.exe)

2013/05/25 12:30:34 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51474, Process: svchost.exe)

2013/05/25 12:30:59 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51556, Process: svchost.exe)

2013/05/25 12:31:07 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51606, Process: svchost.exe)

2013/05/25 12:31:15 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51608, Process: svchost.exe)

2013/05/25 12:31:23 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 51617, Process: svchost.exe)

2013/05/25 12:31:31 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51633, Process: svchost.exe)

2013/05/25 12:31:47 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51656, Process: svchost.exe)

2013/05/25 12:32:11 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51665, Process: svchost.exe)

2013/05/25 12:32:20 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 51666, Process: svchost.exe)

2013/05/25 12:32:28 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51667, Process: svchost.exe)

2013/05/25 12:32:52 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51679, Process: svchost.exe)

2013/05/25 12:33:00 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51735, Process: svchost.exe)

2013/05/25 12:33:25 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 51748, Process: svchost.exe)

2013/05/25 12:33:33 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 51751, Process: svchost.exe)

2013/05/25 12:33:41 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51752, Process: svchost.exe)

2013/05/25 12:33:49 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51754, Process: svchost.exe)

2013/05/25 12:34:05 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51755, Process: svchost.exe)

2013/05/25 12:34:13 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51759, Process: svchost.exe)

2013/05/25 12:34:21 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 51762, Process: svchost.exe)

2013/05/25 12:34:29 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51763, Process: svchost.exe)

2013/05/25 12:34:37 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 51764, Process: svchost.exe)

2013/05/25 12:35:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51768, Process: svchost.exe)

2013/05/25 12:35:18 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51769, Process: svchost.exe)

2013/05/25 12:35:26 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 51770, Process: svchost.exe)

2013/05/25 12:35:34 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51773, Process: svchost.exe)

2013/05/25 12:35:42 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51776, Process: svchost.exe)

2013/05/25 12:35:50 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51777, Process: svchost.exe)

2013/05/25 12:36:15 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51781, Process: svchost.exe)

2013/05/25 12:36:31 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51782, Process: svchost.exe)

2013/05/25 12:36:39 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51783, Process: svchost.exe)

2013/05/25 12:36:47 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 51784, Process: svchost.exe)

2013/05/25 12:36:55 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51786, Process: svchost.exe)

2013/05/25 12:37:11 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51787, Process: svchost.exe)

2013/05/25 12:37:27 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51788, Process: svchost.exe)

2013/05/25 12:37:44 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51792, Process: svchost.exe)

2013/05/25 12:37:52 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51793, Process: svchost.exe)

2013/05/25 12:38:00 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51794, Process: svchost.exe)

2013/05/25 12:38:08 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51795, Process: svchost.exe)

2013/05/25 12:38:24 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51796, Process: svchost.exe)

2013/05/25 12:38:48 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51800, Process: svchost.exe)

2013/05/25 12:38:56 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51801, Process: svchost.exe)

2013/05/25 12:39:04 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 51802, Process: svchost.exe)

2013/05/25 12:39:12 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51806, Process: svchost.exe)

2013/05/25 12:39:29 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 51807, Process: svchost.exe)

2013/05/25 12:39:37 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51808, Process: svchost.exe)

2013/05/25 12:40:01 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51812, Process: svchost.exe)

2013/05/25 12:40:09 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51813, Process: svchost.exe)

2013/05/25 12:40:17 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51814, Process: svchost.exe)

2013/05/25 12:40:33 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51816, Process: svchost.exe)

2013/05/25 12:40:41 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51819, Process: svchost.exe)

2013/05/25 12:40:49 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 51821, Process: svchost.exe)

2013/05/25 12:41:14 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51825, Process: svchost.exe)

2013/05/25 12:41:22 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 51826, Process: svchost.exe)

2013/05/25 12:41:38 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51827, Process: svchost.exe)

2013/05/25 12:41:46 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51828, Process: svchost.exe)

2013/05/25 12:41:54 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51830, Process: svchost.exe)

2013/05/25 12:42:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 51836, Process: svchost.exe)

2013/05/25 12:42:34 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51838, Process: svchost.exe)

2013/05/25 12:42:42 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51841, Process: svchost.exe)

2013/05/25 12:42:51 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51842, Process: svchost.exe)

2013/05/25 12:42:59 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51844, Process: svchost.exe)

2013/05/25 12:43:23 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 51849, Process: svchost.exe)

2013/05/25 12:43:47 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51850, Process: svchost.exe)

2013/05/25 12:43:55 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51851, Process: svchost.exe)

2013/05/25 12:44:03 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51852, Process: svchost.exe)

2013/05/25 12:44:11 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 51853, Process: svchost.exe)

2013/05/25 12:44:28 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51854, Process: svchost.exe)

2013/05/25 12:44:36 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51858, Process: svchost.exe)

2013/05/25 12:44:52 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51878, Process: svchost.exe)

2013/05/25 12:45:08 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51879, Process: svchost.exe)

2013/05/25 12:45:16 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 51881, Process: svchost.exe)

2013/05/25 12:45:24 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51885, Process: svchost.exe)

2013/05/25 12:45:32 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51886, Process: svchost.exe)

2013/05/25 12:45:49 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51888, Process: svchost.exe)

2013/05/25 12:45:57 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 51889, Process: svchost.exe)

2013/05/25 12:46:05 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 51891, Process: svchost.exe)

2013/05/25 12:46:13 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 51895, Process: svchost.exe)

2013/05/25 12:46:37 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 51896, Process: svchost.exe)

2013/05/25 12:46:46 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 51897, Process: svchost.exe)

2013/05/25 12:47:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 51899, Process: svchost.exe)

2013/05/25 12:47:10 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51902, Process: svchost.exe)

2013/05/25 12:47:18 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 51904, Process: svchost.exe)

2013/05/25 12:47:27 -0400 MASON-PC (null) IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 51905, Process: svchost.exe)

2013/05/25 12:49:25 -0400 MASON-PC (null) MESSAGE Starting protection

2013/05/25 12:49:25 -0400 MASON-PC (null) MESSAGE Protection started successfully

2013/05/25 12:49:25 -0400 MASON-PC (null) MESSAGE Starting IP protection

2013/05/25 13:03:33 -0400 MASON-PC mason MESSAGE Starting protection

2013/05/25 13:03:33 -0400 MASON-PC mason MESSAGE Protection started successfully

2013/05/25 13:03:33 -0400 MASON-PC mason MESSAGE Starting IP protection

2013/05/25 13:03:37 -0400 MASON-PC mason MESSAGE IP Protection started successfully

2013/05/25 13:05:13 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49178, Process: svchost.exe)

2013/05/25 13:05:21 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49191, Process: svchost.exe)

2013/05/25 13:05:30 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49203, Process: svchost.exe)

2013/05/25 13:05:46 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49232, Process: svchost.exe)

2013/05/25 13:05:54 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49238, Process: svchost.exe)

2013/05/25 13:06:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49241, Process: svchost.exe)

2013/05/25 13:06:18 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49242, Process: svchost.exe)

2013/05/25 13:06:26 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49244, Process: svchost.exe)

2013/05/25 13:06:34 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49246, Process: svchost.exe)

2013/05/25 13:06:42 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49249, Process: svchost.exe)

2013/05/25 13:06:59 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49252, Process: svchost.exe)

2013/05/25 13:07:07 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49253, Process: svchost.exe)

2013/05/25 13:07:15 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49254, Process: svchost.exe)

2013/05/25 13:07:23 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49255, Process: svchost.exe)

2013/05/25 13:07:39 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49257, Process: svchost.exe)

2013/05/25 13:08:03 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49260, Process: svchost.exe)

2013/05/25 13:08:11 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49261, Process: svchost.exe)

2013/05/25 13:08:19 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49263, Process: svchost.exe)

2013/05/25 13:08:35 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49266, Process: svchost.exe)

2013/05/25 13:08:43 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49267, Process: svchost.exe)

2013/05/25 13:08:51 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49268, Process: svchost.exe)

2013/05/25 13:09:16 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49270, Process: svchost.exe)

2013/05/25 13:09:24 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49273, Process: svchost.exe)

2013/05/25 13:09:40 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49274, Process: svchost.exe)

2013/05/25 13:09:48 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49275, Process: svchost.exe)

2013/05/25 13:09:56 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49276, Process: svchost.exe)

2013/05/25 13:10:04 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49280, Process: svchost.exe)

2013/05/25 13:10:28 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49281, Process: svchost.exe)

2013/05/25 13:10:36 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49283, Process: svchost.exe)

2013/05/25 13:10:53 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49287, Process: svchost.exe)

2013/05/25 13:11:01 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49288, Process: svchost.exe)

2013/05/25 13:11:09 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49289, Process: svchost.exe)

2013/05/25 13:11:17 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49290, Process: svchost.exe)

2013/05/25 13:11:42 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49298, Process: svchost.exe)

2013/05/25 13:11:50 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49299, Process: svchost.exe)

2013/05/25 13:12:06 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49301, Process: svchost.exe)

2013/05/25 13:12:14 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49304, Process: svchost.exe)

2013/05/25 13:12:22 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49305, Process: svchost.exe)

2013/05/25 13:12:30 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49306, Process: svchost.exe)

2013/05/25 13:12:55 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49310, Process: svchost.exe)

2013/05/25 13:13:11 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49311, Process: svchost.exe)

2013/05/25 13:13:19 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49313, Process: svchost.exe)

2013/05/25 13:13:27 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49315, Process: svchost.exe)

2013/05/25 13:13:35 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49318, Process: svchost.exe)

2013/05/25 13:13:52 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49319, Process: svchost.exe)

2013/05/25 13:14:16 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49323, Process: svchost.exe)

2013/05/25 13:14:24 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49324, Process: svchost.exe)

2013/05/25 13:14:32 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49326, Process: svchost.exe)

2013/05/25 13:14:40 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49328, Process: svchost.exe)

2013/05/25 13:14:56 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49331, Process: svchost.exe)

2013/05/25 13:15:04 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49334, Process: svchost.exe)

2013/05/25 13:15:28 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49335, Process: svchost.exe)

2013/05/25 13:15:37 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49340, Process: svchost.exe)

2013/05/25 13:15:45 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49342, Process: svchost.exe)

2013/05/25 13:16:01 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49343, Process: svchost.exe)

2013/05/25 13:16:09 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49344, Process: svchost.exe)

2013/05/25 13:16:17 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49346, Process: svchost.exe)

2013/05/25 13:16:41 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49349, Process: svchost.exe)

2013/05/25 13:16:49 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49350, Process: svchost.exe)

2013/05/25 13:16:57 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49351, Process: svchost.exe)

2013/05/25 13:17:05 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49355, Process: svchost.exe)

2013/05/25 13:17:22 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49356, Process: svchost.exe)

2013/05/25 13:17:30 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49357, Process: svchost.exe)

2013/05/25 13:17:54 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49361, Process: svchost.exe)

2013/05/25 13:18:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49362, Process: svchost.exe)

2013/05/25 13:18:10 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49363, Process: svchost.exe)

2013/05/25 13:18:26 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49364, Process: svchost.exe)

2013/05/25 13:18:34 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49368, Process: svchost.exe)

2013/05/25 13:18:42 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49369, Process: svchost.exe)

2013/05/25 13:19:06 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49371, Process: svchost.exe)

2013/05/25 13:19:22 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49374, Process: svchost.exe)

2013/05/25 13:19:31 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49375, Process: svchost.exe)

2013/05/25 13:19:41 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49376, Process: svchost.exe)

2013/05/25 13:41:12 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49379, Process: svchost.exe)

2013/05/25 13:41:45 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49428, Process: svchost.exe)

2013/05/25 13:41:53 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49433, Process: svchost.exe)

2013/05/25 13:42:01 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49435, Process: svchost.exe)

2013/05/25 13:42:17 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49439, Process: svchost.exe)

2013/05/25 13:42:25 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49440, Process: svchost.exe)

2013/05/25 13:42:33 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49441, Process: svchost.exe)

2013/05/25 13:42:57 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49445, Process: svchost.exe)

2013/05/25 13:43:05 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49514, Process: svchost.exe)

2013/05/25 13:43:21 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49563, Process: svchost.exe)

2013/05/25 13:43:30 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49564, Process: svchost.exe)

2013/05/25 13:43:38 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49565, Process: svchost.exe)

2013/05/25 13:43:46 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49566, Process: svchost.exe)

2013/05/25 13:44:10 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49570, Process: svchost.exe)

2013/05/25 13:44:18 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49571, Process: svchost.exe)

2013/05/25 13:44:34 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49572, Process: svchost.exe)

2013/05/25 13:44:42 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49574, Process: svchost.exe)

2013/05/25 13:44:50 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49577, Process: svchost.exe)

2013/05/25 13:44:58 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49578, Process: svchost.exe)

2013/05/25 13:45:23 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49584, Process: svchost.exe)

2013/05/25 13:45:31 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49585, Process: svchost.exe)

2013/05/25 13:45:47 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49586, Process: svchost.exe)

2013/05/25 13:45:55 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49587, Process: svchost.exe)

2013/05/25 13:46:03 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49589, Process: svchost.exe)

2013/05/25 13:46:11 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49592, Process: svchost.exe)

2013/05/25 13:46:36 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49622, Process: svchost.exe)

2013/05/25 13:46:44 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49657, Process: svchost.exe)

2013/05/25 13:47:00 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49662, Process: svchost.exe)

2013/05/25 13:47:08 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49663, Process: svchost.exe)

2013/05/25 13:47:16 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49664, Process: svchost.exe)

2013/05/25 13:47:24 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49666, Process: svchost.exe)

2013/05/25 13:47:56 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49669, Process: svchost.exe)

2013/05/25 13:48:04 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49670, Process: svchost.exe)

2013/05/25 13:48:12 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49674, Process: svchost.exe)

2013/05/25 13:48:20 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49675, Process: svchost.exe)

2013/05/25 13:48:29 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49676, Process: svchost.exe)

2013/05/25 13:48:45 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49677, Process: svchost.exe)

2013/05/25 13:49:09 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49681, Process: svchost.exe)

2013/05/25 13:49:17 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49682, Process: svchost.exe)

2013/05/25 13:49:25 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49683, Process: svchost.exe)

2013/05/25 13:49:33 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49684, Process: svchost.exe)

2013/05/25 13:49:49 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49688, Process: svchost.exe)

2013/05/25 13:49:57 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49689, Process: svchost.exe)

2013/05/25 13:50:21 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49690, Process: svchost.exe)

2013/05/25 13:50:30 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49694, Process: svchost.exe)

2013/05/25 13:50:38 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49695, Process: svchost.exe)

2013/05/25 13:50:54 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49696, Process: svchost.exe)

2013/05/25 13:51:02 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49697, Process: svchost.exe)

2013/05/25 13:51:10 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49699, Process: svchost.exe)

2013/05/25 13:51:34 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49702, Process: svchost.exe)

2013/05/25 13:51:42 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49704, Process: svchost.exe)

2013/05/25 13:51:50 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49709, Process: svchost.exe)

2013/05/25 13:52:06 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49726, Process: svchost.exe)

2013/05/25 13:52:15 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49730, Process: svchost.exe)

2013/05/25 13:52:23 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49731, Process: svchost.exe)

2013/05/25 13:52:47 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49756, Process: svchost.exe)

2013/05/25 13:53:03 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49758, Process: svchost.exe)

2013/05/25 13:53:11 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49759, Process: svchost.exe)

2013/05/25 13:53:19 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49763, Process: svchost.exe)

2013/05/25 13:53:27 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49764, Process: svchost.exe)

2013/05/25 13:53:36 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49768, Process: svchost.exe)

2013/05/25 13:53:52 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49769, Process: svchost.exe)

2013/05/25 13:54:00 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49770, Process: svchost.exe)

2013/05/25 13:54:08 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49772, Process: svchost.exe)

2013/05/25 13:54:24 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49775, Process: svchost.exe)

2013/05/25 13:54:32 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49776, Process: svchost.exe)

2013/05/25 13:54:40 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49777, Process: svchost.exe)

2013/05/25 13:54:56 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49781, Process: svchost.exe)

2013/05/25 13:55:04 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49782, Process: svchost.exe)

2013/05/25 13:55:12 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49783, Process: svchost.exe)

2013/05/25 13:55:21 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49784, Process: svchost.exe)

2013/05/25 13:55:29 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49788, Process: svchost.exe)

2013/05/25 13:55:45 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49789, Process: svchost.exe)

2013/05/25 13:55:53 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49790, Process: svchost.exe)

2013/05/25 13:56:01 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49791, Process: svchost.exe)

2013/05/25 13:56:17 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49792, Process: svchost.exe)

2013/05/25 13:56:25 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49797, Process: svchost.exe)

2013/05/25 13:56:33 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49798, Process: svchost.exe)

2013/05/25 13:56:41 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49799, Process: svchost.exe)

2013/05/25 13:56:57 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49800, Process: svchost.exe)

2013/05/25 13:57:06 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49806, Process: svchost.exe)

2013/05/25 13:57:14 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49807, Process: svchost.exe)

2013/05/25 13:57:30 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49810, Process: svchost.exe)

2013/05/25 13:57:38 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49856, Process: svchost.exe)

2013/05/25 13:57:46 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49860, Process: svchost.exe)

2013/05/25 13:57:54 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49903, Process: svchost.exe)

2013/05/25 13:58:10 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49916, Process: svchost.exe)

2013/05/25 13:58:18 -0400 MASON-PC mason IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 49920, Process: svchost.exe)

2013/05/25 13:58:26 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49934, Process: svchost.exe)

2013/05/25 13:58:34 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49945, Process: svchost.exe)

2013/05/25 13:58:51 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 49966, Process: svchost.exe)

2013/05/25 13:58:59 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49970, Process: svchost.exe)

2013/05/25 13:59:07 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49975, Process: svchost.exe)

2013/05/25 13:59:15 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 49976, Process: svchost.exe)

2013/05/25 13:59:31 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 49977, Process: svchost.exe)

2013/05/25 13:59:39 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 49979, Process: svchost.exe)

2013/05/25 13:59:47 -0400 MASON-PC mason IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 49981, Process: svchost.exe)

2013/05/25 13:59:55 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 49984, Process: svchost.exe)

2013/05/25 14:00:12 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49985, Process: svchost.exe)

2013/05/25 14:00:20 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49986, Process: svchost.exe)

2013/05/25 14:00:28 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 49988, Process: svchost.exe)

2013/05/25 14:00:36 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 49991, Process: svchost.exe)

2013/05/25 14:00:52 -0400 MASON-PC mason IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 49992, Process: svchost.exe)

2013/05/25 14:01:00 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49993, Process: svchost.exe)

2013/05/25 14:01:08 -0400 MASON-PC mason IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 49994, Process: svchost.exe)

2013/05/25 14:01:16 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50011, Process: svchost.exe)

2013/05/25 14:01:32 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50012, Process: svchost.exe)

2013/05/25 14:01:41 -0400 MASON-PC mason IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 50013, Process: svchost.exe)

2013/05/25 14:01:49 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50016, Process: svchost.exe)

2013/05/25 14:02:05 -0400 MASON-PC mason IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 50021, Process: svchost.exe)

2013/05/25 14:02:13 -0400 MASON-PC mason IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 50023, Process: svchost.exe)

2013/05/25 14:02:21 -0400 MASON-PC mason IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 50024, Process: svchost.exe)

2013/05/25 14:02:29 -0400 MASON-PC mason IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 50025, Process: svchost.exe)

2013/05/25 14:02:53 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 50037, Process: svchost.exe)

2013/05/25 14:03:01 -0400 MASON-PC mason IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 50038, Process: svchost.exe)

2013/05/25 14:03:10 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 50039, Process: svchost.exe)

2013/05/25 14:03:18 -0400 MASON-PC mason IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 50040, Process: svchost.exe)

[Larusso]

You are welcome.

Do you have access to a second PC and an USB Drive ?

[kmars100]

yes...I have a pc with windows xp and another laptop with 7

[Larusso]

Good to know if something goes wrong here

Execute TDSSKiller.exe and press Start Scan.

• Ensure Cure is selected ( it should be by default )
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed
  
• Click Continue then click Reboot now.

Once complete, a log will be produced at the root drive which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please post the contents of that log in your next reply.

Download ComboFix from this location:

Link 1

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

[kmars100]

Hi Daniel,

Here you go ....

14:41:37.0159 5812 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

14:41:37.0486 5812 ============================================================

14:41:37.0486 5812 Current date / time: 2013/05/25 14:41:37.0486

14:41:37.0486 5812 SystemInfo:

14:41:37.0486 5812

14:41:37.0486 5812 OS Version: 6.1.7601 ServicePack: 1.0

14:41:37.0486 5812 Product type: Workstation

14:41:37.0486 5812 ComputerName: MASON-PC

14:41:37.0486 5812 UserName: mason

14:41:37.0486 5812 Windows directory: C:\Windows

14:41:37.0486 5812 System windows directory: C:\Windows

14:41:37.0486 5812 Running under WOW64

14:41:37.0486 5812 Processor architecture: Intel x64

14:41:37.0486 5812 Number of processors: 2

14:41:37.0486 5812 Page size: 0x1000

14:41:37.0486 5812 Boot type: Normal boot

14:41:37.0486 5812 ============================================================

14:41:38.0360 5812 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:41:38.0360 5812 ============================================================

14:41:38.0360 5812 \Device\Harddisk0\DR0:

14:41:38.0360 5812 MBR partitions:

14:41:38.0360 5812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000

14:41:38.0360 5812 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69C800, BlocksNum 0x1FCE9000

14:41:38.0360 5812 ============================================================

14:41:38.0438 5812 C: <-> \Device\Harddisk0\DR0\Partition1

14:41:38.0516 5812 D: <-> \Device\Harddisk0\DR0\Partition2

14:41:38.0516 5812 ============================================================

14:41:38.0516 5812 Initialize success

14:41:38.0516 5812 ============================================================

14:41:44.0085 5368 ============================================================

14:41:44.0085 5368 Scan started

14:41:44.0085 5368 Mode: Manual;

14:41:44.0085 5368 ============================================================

14:41:44.0631 5368 ================ Scan system memory ========================

14:41:44.0631 5368 System memory - ok

14:41:44.0631 5368 ================ Scan services =============================

14:41:44.0896 5368 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

14:41:44.0896 5368 1394ohci - ok

14:41:45.0005 5368 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

14:41:45.0005 5368 ACPI - ok

14:41:45.0052 5368 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

14:41:45.0052 5368 AcpiPmi - ok

14:41:45.0317 5368 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:41:45.0333 5368 AdobeFlashPlayerUpdateSvc - ok

14:41:45.0395 5368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

14:41:45.0411 5368 adp94xx - ok

14:41:45.0427 5368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

14:41:45.0442 5368 adpahci - ok

14:41:45.0473 5368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

14:41:45.0473 5368 adpu320 - ok

14:41:45.0520 5368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

14:41:45.0520 5368 AeLookupSvc - ok

14:41:45.0551 5368 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe

14:41:45.0551 5368 AFBAgent - ok

14:41:45.0598 5368 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

14:41:45.0598 5368 AFD - ok

14:41:45.0629 5368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

14:41:45.0629 5368 agp440 - ok

14:41:45.0661 5368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

14:41:45.0661 5368 ALG - ok

14:41:45.0692 5368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

14:41:45.0692 5368 aliide - ok

14:41:45.0707 5368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

14:41:45.0707 5368 amdide - ok

14:41:45.0723 5368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

14:41:45.0723 5368 AmdK8 - ok

14:41:45.0723 5368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

14:41:45.0723 5368 AmdPPM - ok

14:41:45.0770 5368 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

14:41:45.0770 5368 amdsata - ok

14:41:45.0801 5368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

14:41:45.0801 5368 amdsbs - ok

14:41:45.0817 5368 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

14:41:45.0817 5368 amdxata - ok

14:41:45.0879 5368 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

14:41:45.0879 5368 AppID - ok

14:41:45.0895 5368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

14:41:45.0895 5368 AppIDSvc - ok

14:41:45.0941 5368 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

14:41:45.0941 5368 Appinfo - ok

14:41:45.0973 5368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

14:41:45.0973 5368 arc - ok

14:41:45.0988 5368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

14:41:45.0988 5368 arcsas - ok

14:41:46.0066 5368 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

14:41:46.0082 5368 ASLDRService - ok

14:41:46.0113 5368 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

14:41:46.0113 5368 ASMMAP64 - ok

14:41:46.0160 5368 [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys

14:41:46.0160 5368 asmthub3 - ok

14:41:46.0191 5368 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys

14:41:46.0207 5368 asmtxhci - ok

14:41:46.0222 5368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

14:41:46.0222 5368 AsyncMac - ok

14:41:46.0253 5368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

14:41:46.0253 5368 atapi - ok

14:41:46.0316 5368 [ DE9FB3DADE8FD39AE2C587DF22D36B8E ] athr C:\Windows\system32\DRIVERS\athrx.sys

14:41:46.0331 5368 athr - ok

14:41:46.0347 5368 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

14:41:46.0347 5368 ATKGFNEXSrv - ok

14:41:46.0378 5368 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

14:41:46.0378 5368 ATKWMIACPIIO - ok

14:41:46.0425 5368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

14:41:46.0441 5368 AudioEndpointBuilder - ok

14:41:46.0441 5368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

14:41:46.0456 5368 AudioSrv - ok

14:41:46.0472 5368 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

14:41:46.0472 5368 AxInstSV - ok

14:41:46.0519 5368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

14:41:46.0519 5368 b06bdrv - ok

14:41:46.0550 5368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

14:41:46.0550 5368 b57nd60a - ok

14:41:46.0768 5368 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe

14:41:46.0768 5368 BBSvc - ok

14:41:46.0815 5368 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

14:41:46.0815 5368 BBUpdate - ok

14:41:46.0846 5368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

14:41:46.0846 5368 BDESVC - ok

14:41:46.0877 5368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

14:41:46.0877 5368 Beep - ok

14:41:46.0909 5368 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

14:41:46.0924 5368 BFE - ok

14:41:47.0096 5368 [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130515.001\BHDrvx64.sys

14:41:47.0111 5368 BHDrvx64 - ok

14:41:47.0174 5368 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

14:41:47.0189 5368 BITS - ok

14:41:47.0205 5368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

14:41:47.0205 5368 blbdrive - ok

14:41:47.0236 5368 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

14:41:47.0236 5368 bowser - ok

14:41:47.0267 5368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

14:41:47.0267 5368 BrFiltLo - ok

14:41:47.0283 5368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

14:41:47.0283 5368 BrFiltUp - ok

14:41:47.0314 5368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

14:41:47.0314 5368 Browser - ok

14:41:47.0345 5368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

14:41:47.0345 5368 Brserid - ok

14:41:47.0345 5368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

14:41:47.0345 5368 BrSerWdm - ok

14:41:47.0361 5368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

14:41:47.0361 5368 BrUsbMdm - ok

14:41:47.0377 5368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

14:41:47.0377 5368 BrUsbSer - ok

14:41:47.0423 5368 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

14:41:47.0423 5368 BthEnum - ok

14:41:47.0439 5368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

14:41:47.0439 5368 BTHMODEM - ok

14:41:47.0439 5368 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

14:41:47.0455 5368 BthPan - ok

14:41:47.0470 5368 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

14:41:47.0486 5368 BTHPORT - ok

14:41:47.0517 5368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

14:41:47.0517 5368 bthserv - ok

14:41:47.0533 5368 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

14:41:47.0533 5368 BTHUSB - ok

14:41:47.0611 5368 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys

14:41:47.0611 5368 ccSet_NIS - ok

14:41:47.0657 5368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

14:41:47.0657 5368 cdfs - ok

14:41:47.0689 5368 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

14:41:47.0689 5368 cdrom - ok

14:41:47.0720 5368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

14:41:47.0720 5368 CertPropSvc - ok

14:41:47.0751 5368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

14:41:47.0751 5368 circlass - ok

14:41:47.0782 5368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

14:41:47.0782 5368 CLFS - ok

14:41:47.0860 5368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:41:47.0860 5368 clr_optimization_v2.0.50727_32 - ok

14:41:47.0923 5368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:41:47.0923 5368 clr_optimization_v2.0.50727_64 - ok

14:41:47.0985 5368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:41:47.0985 5368 clr_optimization_v4.0.30319_32 - ok

14:41:48.0032 5368 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:41:48.0047 5368 clr_optimization_v4.0.30319_64 - ok

14:41:48.0079 5368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

14:41:48.0079 5368 CmBatt - ok

14:41:48.0094 5368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

14:41:48.0094 5368 cmdide - ok

14:41:48.0141 5368 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

14:41:48.0141 5368 CNG - ok

14:41:48.0172 5368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

14:41:48.0172 5368 Compbatt - ok

14:41:48.0172 5368 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

14:41:48.0172 5368 CompositeBus - ok

14:41:48.0188 5368 COMSysApp - ok

14:41:48.0219 5368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

14:41:48.0219 5368 crcdisk - ok

14:41:48.0266 5368 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

14:41:48.0266 5368 CryptSvc - ok

14:41:48.0344 5368 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

14:41:48.0359 5368 cvhsvc - ok

14:41:48.0422 5368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

14:41:48.0422 5368 DcomLaunch - ok

14:41:48.0469 5368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

14:41:48.0469 5368 defragsvc - ok

14:41:48.0500 5368 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

14:41:48.0500 5368 DfsC - ok

14:41:48.0547 5368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

14:41:48.0547 5368 Dhcp - ok

14:41:48.0562 5368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

14:41:48.0562 5368 discache - ok

14:41:48.0609 5368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

14:41:48.0609 5368 Disk - ok

14:41:48.0640 5368 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

14:41:48.0640 5368 Dnscache - ok

14:41:48.0687 5368 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

14:41:48.0687 5368 dot3svc - ok

14:41:48.0703 5368 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

14:41:48.0703 5368 DPS - ok

14:41:48.0734 5368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

14:41:48.0734 5368 drmkaud - ok

14:41:48.0796 5368 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

14:41:48.0812 5368 DXGKrnl - ok

14:41:48.0843 5368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

14:41:48.0843 5368 EapHost - ok

14:41:48.0952 5368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

14:41:48.0983 5368 ebdrv - ok

14:41:49.0046 5368 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

14:41:49.0046 5368 eeCtrl - ok

14:41:49.0093 5368 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

14:41:49.0093 5368 EFS - ok

14:41:49.0139 5368 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

14:41:49.0155 5368 ehRecvr - ok

14:41:49.0155 5368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

14:41:49.0171 5368 ehSched - ok

14:41:49.0280 5368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

14:41:49.0295 5368 elxstor - ok

14:41:49.0358 5368 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

14:41:49.0358 5368 EraserUtilRebootDrv - ok

14:41:49.0373 5368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

14:41:49.0373 5368 ErrDev - ok

14:41:49.0420 5368 [ 4C120D2B2EA269EAE7A5744794EB6DB1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys

14:41:49.0420 5368 ETD - ok

14:41:49.0451 5368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

14:41:49.0467 5368 EventSystem - ok

14:41:49.0483 5368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

14:41:49.0483 5368 exfat - ok

14:41:49.0514 5368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

14:41:49.0529 5368 fastfat - ok

14:41:49.0576 5368 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

14:41:49.0576 5368 Fax - ok

14:41:49.0576 5368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

14:41:49.0576 5368 fdc - ok

14:41:49.0592 5368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

14:41:49.0592 5368 fdPHost - ok

14:41:49.0607 5368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

14:41:49.0607 5368 FDResPub - ok

14:41:49.0639 5368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

14:41:49.0639 5368 FileInfo - ok

14:41:49.0654 5368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

14:41:49.0654 5368 Filetrace - ok

14:41:49.0654 5368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

14:41:49.0654 5368 flpydisk - ok

14:41:49.0670 5368 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

14:41:49.0670 5368 FltMgr - ok

14:41:49.0717 5368 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

14:41:49.0732 5368 FontCache - ok

14:41:49.0795 5368 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:41:49.0795 5368 FontCache3.0.0.0 - ok

14:41:49.0810 5368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

14:41:49.0810 5368 FsDepends - ok

14:41:49.0857 5368 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

14:41:49.0857 5368 fssfltr - ok

14:41:49.0982 5368 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

14:41:49.0997 5368 fsssvc - ok

14:41:50.0029 5368 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

14:41:50.0029 5368 Fs_Rec - ok

14:41:50.0060 5368 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

14:41:50.0060 5368 fvevol - ok

14:41:50.0091 5368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

14:41:50.0091 5368 gagp30kx - ok

14:41:50.0153 5368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

14:41:50.0169 5368 gpsvc - ok

14:41:50.0200 5368 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

14:41:50.0200 5368 hamachi - ok

14:41:50.0341 5368 [ DBCF8F2EA9111510B5B86E1EE9CD8816 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

14:41:50.0356 5368 Hamachi2Svc - ok

14:41:50.0387 5368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

14:41:50.0387 5368 hcw85cir - ok

14:41:50.0419 5368 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

14:41:50.0419 5368 HdAudAddService - ok

14:41:50.0434 5368 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

14:41:50.0450 5368 HDAudBus - ok

14:41:50.0450 5368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

14:41:50.0450 5368 HidBatt - ok

14:41:50.0465 5368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

14:41:50.0465 5368 HidBth - ok

14:41:50.0481 5368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

14:41:50.0481 5368 HidIr - ok

14:41:50.0512 5368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

14:41:50.0512 5368 hidserv - ok

14:41:50.0543 5368 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

14:41:50.0543 5368 HidUsb - ok

14:41:50.0575 5368 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

14:41:50.0575 5368 hkmsvc - ok

14:41:50.0590 5368 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

14:41:50.0606 5368 HomeGroupListener - ok

14:41:50.0637 5368 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

14:41:50.0637 5368 HomeGroupProvider - ok

14:41:50.0653 5368 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

14:41:50.0668 5368 HpSAMD - ok

14:41:50.0699 5368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

14:41:50.0715 5368 HTTP - ok

14:41:50.0731 5368 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

14:41:50.0731 5368 hwpolicy - ok

14:41:50.0746 5368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

14:41:50.0746 5368 i8042prt - ok

14:41:50.0777 5368 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

14:41:50.0777 5368 iaStor - ok

14:41:50.0809 5368 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

14:41:50.0824 5368 iaStorV - ok

14:41:50.0887 5368 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:41:50.0902 5368 idsvc - ok

14:41:50.0996 5368 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130523.001\IDSvia64.sys

14:41:50.0996 5368 IDSVia64 - ok

14:41:51.0277 5368 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

14:41:51.0339 5368 igfx - ok

14:41:51.0370 5368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

14:41:51.0370 5368 iirsp - ok

14:41:51.0401 5368 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

14:41:51.0417 5368 IKEEXT - ok

14:41:51.0526 5368 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

14:41:51.0542 5368 IntcAzAudAddService - ok

14:41:51.0589 5368 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

14:41:51.0589 5368 IntcDAud - ok

14:41:51.0604 5368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

14:41:51.0620 5368 intelide - ok

14:41:51.0635 5368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

14:41:51.0635 5368 intelppm - ok

14:41:51.0651 5368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

14:41:51.0667 5368 IPBusEnum - ok

14:41:51.0682 5368 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:41:51.0682 5368 IpFilterDriver - ok

14:41:51.0698 5368 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

14:41:51.0713 5368 iphlpsvc - ok

14:41:51.0713 5368 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

14:41:51.0713 5368 IPMIDRV - ok

14:41:51.0713 5368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

14:41:51.0713 5368 IPNAT - ok

14:41:51.0745 5368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

14:41:51.0745 5368 IRENUM - ok

14:41:51.0760 5368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

14:41:51.0760 5368 isapnp - ok

14:41:51.0791 5368 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

14:41:51.0791 5368 iScsiPrt - ok

14:41:51.0807 5368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

14:41:51.0807 5368 kbdclass - ok

14:41:51.0854 5368 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

14:41:51.0854 5368 kbdhid - ok

14:41:51.0901 5368 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys

14:41:51.0901 5368 kbfiltr - ok

14:41:51.0916 5368 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

14:41:51.0932 5368 KeyIso - ok

14:41:51.0963 5368 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

14:41:51.0963 5368 KSecDD - ok

14:41:52.0010 5368 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

14:41:52.0010 5368 KSecPkg - ok

14:41:52.0057 5368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

14:41:52.0057 5368 ksthunk - ok

14:41:52.0088 5368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

14:41:52.0088 5368 KtmRm - ok

14:41:52.0135 5368 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

14:41:52.0135 5368 L1C - ok

14:41:52.0181 5368 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

14:41:52.0181 5368 LanmanServer - ok

14:41:52.0213 5368 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

14:41:52.0213 5368 LanmanWorkstation - ok

14:41:52.0275 5368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

14:41:52.0275 5368 lltdio - ok

14:41:52.0306 5368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

14:41:52.0306 5368 lltdsvc - ok

14:41:52.0337 5368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

14:41:52.0353 5368 lmhosts - ok

14:41:52.0415 5368 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

14:41:52.0415 5368 LMS - ok

14:41:52.0462 5368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

14:41:52.0478 5368 LSI_FC - ok

14:41:52.0478 5368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

14:41:52.0478 5368 LSI_SAS - ok

14:41:52.0493 5368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

14:41:52.0493 5368 LSI_SAS2 - ok

14:41:52.0509 5368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

14:41:52.0509 5368 LSI_SCSI - ok

14:41:52.0540 5368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

14:41:52.0540 5368 luafv - ok

14:41:52.0587 5368 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

14:41:52.0587 5368 MBAMProtector - ok

14:41:52.0665 5368 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

14:41:52.0681 5368 MBAMScheduler - ok

14:41:52.0743 5368 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

14:41:52.0759 5368 MBAMService - ok

14:41:52.0790 5368 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

14:41:52.0790 5368 Mcx2Svc - ok

14:41:52.0805 5368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

14:41:52.0805 5368 megasas - ok

14:41:52.0837 5368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

14:41:52.0837 5368 MegaSR - ok

14:41:52.0868 5368 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

14:41:52.0868 5368 MEIx64 - ok

14:41:52.0899 5368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

14:41:52.0899 5368 MMCSS - ok

14:41:52.0915 5368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

14:41:52.0915 5368 Modem - ok

14:41:52.0946 5368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

14:41:52.0946 5368 monitor - ok

14:41:52.0961 5368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

14:41:52.0961 5368 mouclass - ok

14:41:52.0993 5368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

14:41:52.0993 5368 mouhid - ok

14:41:52.0993 5368 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

14:41:52.0993 5368 mountmgr - ok

14:41:53.0055 5368 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

14:41:53.0055 5368 MozillaMaintenance - ok

14:41:53.0086 5368 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

14:41:53.0086 5368 mpio - ok

14:41:53.0102 5368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

14:41:53.0102 5368 mpsdrv - ok

14:41:53.0149 5368 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

14:41:53.0149 5368 MpsSvc - ok

14:41:53.0164 5368 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

14:41:53.0180 5368 MRxDAV - ok

14:41:53.0211 5368 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

14:41:53.0211 5368 mrxsmb - ok

14:41:53.0227 5368 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:41:53.0227 5368 mrxsmb10 - ok

14:41:53.0258 5368 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:41:53.0258 5368 mrxsmb20 - ok

14:41:53.0289 5368 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

14:41:53.0289 5368 msahci - ok

14:41:53.0305 5368 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

14:41:53.0305 5368 msdsm - ok

14:41:53.0320 5368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

14:41:53.0320 5368 MSDTC - ok

14:41:53.0336 5368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

14:41:53.0336 5368 Msfs - ok

14:41:53.0351 5368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

14:41:53.0351 5368 mshidkmdf - ok

14:41:53.0351 5368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

14:41:53.0351 5368 msisadrv - ok

14:41:53.0383 5368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

14:41:53.0383 5368 MSiSCSI - ok

14:41:53.0383 5368 msiserver - ok

14:41:53.0414 5368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

14:41:53.0414 5368 MSKSSRV - ok

14:41:53.0429 5368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

14:41:53.0429 5368 MSPCLOCK - ok

14:41:53.0429 5368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

14:41:53.0445 5368 MSPQM - ok

14:41:53.0461 5368 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

14:41:53.0461 5368 MsRPC - ok

14:41:53.0461 5368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

14:41:53.0461 5368 mssmbios - ok

14:41:53.0476 5368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

14:41:53.0492 5368 MSTEE - ok

14:41:53.0507 5368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

14:41:53.0507 5368 MTConfig - ok

14:41:53.0507 5368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

14:41:53.0507 5368 Mup - ok

14:41:53.0539 5368 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

14:41:53.0539 5368 napagent - ok

14:41:53.0570 5368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

14:41:53.0570 5368 NativeWifiP - ok

14:41:53.0648 5368 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130524.003\ENG64.SYS

14:41:53.0648 5368 NAVENG - ok

14:41:53.0726 5368 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130524.003\EX64.SYS

14:41:53.0741 5368 NAVEX15 - ok

14:41:53.0773 5368 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

14:41:53.0773 5368 NDIS - ok

14:41:53.0804 5368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

14:41:53.0804 5368 NdisCap - ok

14:41:53.0851 5368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

14:41:53.0851 5368 NdisTapi - ok

14:41:53.0851 5368 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

14:41:53.0851 5368 Ndisuio - ok

14:41:53.0866 5368 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

14:41:53.0866 5368 NdisWan - ok

14:41:53.0897 5368 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

14:41:53.0897 5368 NDProxy - ok

14:41:53.0897 5368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

14:41:53.0897 5368 NetBIOS - ok

14:41:53.0960 5368 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

14:41:53.0960 5368 NetBT - ok

14:41:53.0975 5368 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

14:41:53.0975 5368 Netlogon - ok

14:41:54.0022 5368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

14:41:54.0038 5368 Netman - ok

14:41:54.0053 5368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

14:41:54.0069 5368 netprofm - ok

14:41:54.0100 5368 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:41:54.0100 5368 NetTcpPortSharing - ok

14:41:54.0178 5368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

14:41:54.0178 5368 nfrd960 - ok

14:41:54.0334 5368 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

14:41:54.0334 5368 NIS - ok

14:41:54.0397 5368 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

14:41:54.0412 5368 NlaSvc - ok

14:41:54.0428 5368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

14:41:54.0428 5368 Npfs - ok

14:41:54.0459 5368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

14:41:54.0459 5368 nsi - ok

14:41:54.0475 5368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

14:41:54.0475 5368 nsiproxy - ok

14:41:54.0521 5368 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

14:41:54.0537 5368 Ntfs - ok

14:41:54.0568 5368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

14:41:54.0568 5368 Null - ok

14:41:54.0599 5368 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

14:41:54.0599 5368 nvraid - ok

14:41:54.0615 5368 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

14:41:54.0615 5368 nvstor - ok

14:41:54.0646 5368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

14:41:54.0646 5368 nv_agp - ok

14:41:54.0662 5368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

14:41:54.0662 5368 ohci1394 - ok

14:41:54.0693 5368 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:41:54.0693 5368 ose - ok

14:41:54.0833 5368 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

14:41:54.0849 5368 osppsvc - ok

14:41:54.0911 5368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

14:41:54.0927 5368 p2pimsvc - ok

14:41:55.0021 5368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

14:41:55.0036 5368 p2psvc - ok

14:41:55.0067 5368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

14:41:55.0067 5368 Parport - ok

14:41:55.0114 5368 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

14:41:55.0114 5368 partmgr - ok

14:41:55.0192 5368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

14:41:55.0208 5368 PcaSvc - ok

14:41:55.0223 5368 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

14:41:55.0223 5368 pci - ok

14:41:55.0239 5368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

14:41:55.0239 5368 pciide - ok

14:41:55.0270 5368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

14:41:55.0270 5368 pcmcia - ok

14:41:55.0286 5368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

14:41:55.0286 5368 pcw - ok

14:41:55.0301 5368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

14:41:55.0317 5368 PEAUTH - ok

14:41:55.0411 5368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

14:41:55.0411 5368 PerfHost - ok

14:41:55.0520 5368 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

14:41:55.0520 5368 pla - ok

14:41:55.0567 5368 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

14:41:55.0582 5368 PlugPlay - ok

14:41:55.0598 5368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

14:41:55.0613 5368 PNRPAutoReg - ok

14:41:55.0613 5368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

14:41:55.0629 5368 PNRPsvc - ok

14:41:55.0660 5368 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

14:41:55.0660 5368 PolicyAgent - ok

14:41:55.0691 5368 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

14:41:55.0691 5368 Power - ok

14:41:55.0723 5368 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

14:41:55.0738 5368 PptpMiniport - ok

14:41:55.0754 5368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

14:41:55.0754 5368 Processor - ok

14:41:55.0785 5368 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

14:41:55.0785 5368 ProfSvc - ok

14:41:55.0801 5368 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

14:41:55.0801 5368 ProtectedStorage - ok

14:41:55.0832 5368 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

14:41:55.0847 5368 Psched - ok

14:41:56.0081 5368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

14:41:56.0113 5368 ql2300 - ok

14:41:56.0144 5368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

14:41:56.0144 5368 ql40xx - ok

14:41:56.0175 5368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

14:41:56.0191 5368 QWAVE - ok

14:41:56.0206 5368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

14:41:56.0206 5368 QWAVEdrv - ok

14:41:56.0222 5368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

14:41:56.0222 5368 RasAcd - ok

14:41:56.0253 5368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

14:41:56.0253 5368 RasAgileVpn - ok

14:41:56.0284 5368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

14:41:56.0284 5368 RasAuto - ok

14:41:56.0300 5368 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

14:41:56.0300 5368 Rasl2tp - ok

14:41:56.0331 5368 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

14:41:56.0331 5368 RasMan - ok

14:41:56.0331 5368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

14:41:56.0347 5368 RasPppoe - ok

14:41:56.0347 5368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

14:41:56.0347 5368 RasSstp - ok

14:41:56.0362 5368 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

14:41:56.0378 5368 rdbss - ok

14:41:56.0393 5368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

14:41:56.0393 5368 rdpbus - ok

14:41:56.0393 5368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

14:41:56.0393 5368 RDPCDD - ok

14:41:56.0409 5368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

14:41:56.0409 5368 RDPENCDD - ok

14:41:56.0409 5368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

14:41:56.0409 5368 RDPREFMP - ok

14:41:56.0440 5368 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

14:41:56.0440 5368 RDPWD - ok

14:41:56.0456 5368 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

14:41:56.0456 5368 rdyboost - ok

14:41:56.0487 5368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

14:41:56.0487 5368 RemoteAccess - ok

14:41:56.0518 5368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

14:41:56.0518 5368 RemoteRegistry - ok

14:41:56.0549 5368 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

14:41:56.0549 5368 RFCOMM - ok

14:41:56.0565 5368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

14:41:56.0581 5368 RpcEptMapper - ok

14:41:56.0596 5368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

14:41:56.0596 5368 RpcLocator - ok

14:41:56.0690 5368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

14:41:56.0705 5368 RpcSs - ok

14:41:56.0768 5368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

14:41:56.0768 5368 rspndr - ok

14:41:56.0783 5368 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

14:41:56.0783 5368 SamSs - ok

14:41:56.0799 5368 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

14:41:56.0799 5368 sbp2port - ok

14:41:56.0924 5368 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

14:41:56.0939 5368 SBSDWSCService - ok

14:41:57.0111 5368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

14:41:57.0111 5368 SCardSvr - ok

14:41:57.0142 5368 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

14:41:57.0142 5368 scfilter - ok

14:41:57.0173 5368 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

14:41:57.0205 5368 Schedule - ok

14:41:57.0220 5368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

14:41:57.0220 5368 SCPolicySvc - ok

14:41:57.0251 5368 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

14:41:57.0251 5368 SDRSVC - ok

14:41:57.0298 5368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

14:41:57.0298 5368 secdrv - ok

14:41:57.0314 5368 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

14:41:57.0314 5368 seclogon - ok

14:41:57.0376 5368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

14:41:57.0376 5368 SENS - ok

14:41:57.0423 5368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

14:41:57.0439 5368 SensrSvc - ok

14:41:57.0454 5368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

14:41:57.0454 5368 Serenum - ok

14:41:57.0470 5368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

14:41:57.0470 5368 Serial - ok

14:41:57.0485 5368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

14:41:57.0485 5368 sermouse - ok

14:41:57.0517 5368 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

14:41:57.0517 5368 SessionEnv - ok

14:41:57.0532 5368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

14:41:57.0532 5368 sffdisk - ok

14:41:57.0532 5368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

14:41:57.0532 5368 sffp_mmc - ok

14:41:57.0548 5368 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

14:41:57.0548 5368 sffp_sd - ok

14:41:57.0548 5368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

14:41:57.0548 5368 sfloppy - ok

14:41:57.0610 5368 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

14:41:57.0610 5368 Sftfs - ok

14:41:57.0688 5368 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

14:41:57.0704 5368 sftlist - ok

14:41:57.0719 5368 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

14:41:57.0719 5368 Sftplay - ok

14:41:57.0735 5368 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

14:41:57.0735 5368 Sftredir - ok

14:41:57.0766 5368 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

14:41:57.0766 5368 Sftvol - ok

14:41:57.0797 5368 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

14:41:57.0797 5368 sftvsa - ok

14:41:57.0860 5368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

14:41:57.0860 5368 SharedAccess - ok

14:41:57.0891 5368 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

14:41:57.0907 5368 ShellHWDetection - ok

14:41:57.0922 5368 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys

14:41:57.0922 5368 SiSGbeLH - ok

14:41:57.0953 5368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

14:41:57.0953 5368 SiSRaid2 - ok

14:41:57.0969 5368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

14:41:57.0969 5368 SiSRaid4 - ok

14:41:58.0047 5368 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

14:41:58.0047 5368 SkypeUpdate - ok

14:41:58.0094 5368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

14:41:58.0094 5368 Smb - ok

14:41:58.0156 5368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

14:41:58.0156 5368 SNMPTRAP - ok

14:41:58.0156 5368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

14:41:58.0156 5368 spldr - ok

14:41:58.0187 5368 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

14:41:58.0203 5368 Spooler - ok

14:41:58.0297 5368 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

14:41:58.0312 5368 sppsvc - ok

14:41:58.0343 5368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

14:41:58.0343 5368 sppuinotify - ok

14:41:58.0421 5368 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS

14:41:58.0437 5368 SRTSP - ok

14:41:58.0453 5368 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS

14:41:58.0453 5368 SRTSPX - ok

14:41:58.0484 5368 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

14:41:58.0484 5368 srv - ok

14:41:58.0499 5368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

14:41:58.0499 5368 srv2 - ok

14:41:58.0531 5368 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

14:41:58.0531 5368 srvnet - ok

14:41:58.0562 5368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

14:41:58.0577 5368 SSDPSRV - ok

14:41:58.0577 5368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

14:41:58.0577 5368 SstpSvc - ok

14:41:58.0609 5368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

14:41:58.0609 5368 stexstor - ok

14:41:58.0655 5368 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

14:41:58.0655 5368 stisvc - ok

14:41:58.0671 5368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

14:41:58.0671 5368 swenum - ok

14:41:58.0702 5368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

14:41:58.0718 5368 swprv - ok

14:41:58.0749 5368 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS

14:41:58.0749 5368 SymDS - ok

14:41:58.0765 5368 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS

14:41:58.0765 5368 SymEFA - ok

14:41:58.0811 5368 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

14:41:58.0811 5368 SymEvent - ok

14:41:58.0858 5368 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS

14:41:58.0858 5368 SymIRON - ok

14:41:58.0889 5368 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS

14:41:58.0905 5368 SymNetS - ok

14:41:58.0967 5368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

14:41:58.0983 5368 SysMain - ok

14:41:58.0999 5368 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

14:41:58.0999 5368 TabletInputService - ok

14:41:59.0045 5368 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

14:41:59.0045 5368 TapiSrv - ok

14:41:59.0061 5368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

14:41:59.0061 5368 TBS - ok

14:41:59.0123 5368 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

14:41:59.0155 5368 Tcpip - ok

14:41:59.0201 5368 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

14:41:59.0217 5368 TCPIP6 - ok

14:41:59.0248 5368 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

14:41:59.0248 5368 tcpipreg - ok

14:41:59.0279 5368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

14:41:59.0279 5368 TDPIPE - ok

14:41:59.0311 5368 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

14:41:59.0311 5368 TDTCP - ok

14:41:59.0342 5368 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

14:41:59.0342 5368 tdx - ok

14:41:59.0342 5368 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

14:41:59.0342 5368 TermDD - ok

14:41:59.0373 5368 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

14:41:59.0389 5368 TermService - ok

14:41:59.0389 5368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

14:41:59.0404 5368 Themes - ok

14:41:59.0420 5368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

14:41:59.0420 5368 THREADORDER - ok

14:41:59.0451 5368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

14:41:59.0451 5368 TrkWks - ok

14:41:59.0498 5368 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

14:41:59.0498 5368 TrustedInstaller - ok

14:41:59.0529 5368 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

14:41:59.0529 5368 tssecsrv - ok

14:41:59.0545 5368 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

14:41:59.0545 5368 TsUsbFlt - ok

14:41:59.0560 5368 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

14:41:59.0560 5368 TsUsbGD - ok

14:41:59.0576 5368 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

14:41:59.0576 5368 tunnel - ok

14:41:59.0576 5368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

14:41:59.0591 5368 uagp35 - ok

14:41:59.0591 5368 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

14:41:59.0607 5368 udfs - ok

14:41:59.0623 5368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

14:41:59.0623 5368 UI0Detect - ok

14:41:59.0638 5368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

14:41:59.0638 5368 uliagpkx - ok

14:41:59.0654 5368 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

14:41:59.0654 5368 umbus - ok

14:41:59.0669 5368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

14:41:59.0669 5368 UmPass - ok

14:41:59.0779 5368 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

14:41:59.0810 5368 UNS - ok

14:41:59.0841 5368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

14:41:59.0841 5368 upnphost - ok

14:41:59.0888 5368 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

14:41:59.0888 5368 usbccgp - ok

14:41:59.0935 5368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

14:41:59.0935 5368 usbcir - ok

14:41:59.0981 5368 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

14:41:59.0997 5368 usbehci - ok

14:42:00.0106 5368 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

14:42:00.0122 5368 usbhub - ok

14:42:00.0137 5368 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

14:42:00.0137 5368 usbohci - ok

14:42:00.0169 5368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys

14:42:00.0169 5368 usbprint - ok

14:42:00.0200 5368 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

14:42:00.0200 5368 USBSTOR - ok

14:42:00.0215 5368 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

14:42:00.0215 5368 usbuhci - ok

14:42:00.0340 5368 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

14:42:00.0340 5368 usbvideo - ok

14:42:00.0418 5368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

14:42:00.0418 5368 UxSms - ok

14:42:00.0434 5368 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

14:42:00.0434 5368 VaultSvc - ok

14:42:00.0449 5368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

14:42:00.0449 5368 vdrvroot - ok

14:42:00.0481 5368 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

14:42:00.0496 5368 vds - ok

14:42:00.0527 5368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

14:42:00.0527 5368 vga - ok

14:42:00.0543 5368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

14:42:00.0543 5368 VgaSave - ok

14:42:00.0543 5368 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

14:42:00.0543 5368 vhdmp - ok

14:42:00.0559 5368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

14:42:00.0559 5368 viaide - ok

14:42:00.0574 5368 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

14:42:00.0574 5368 volmgr - ok

14:42:00.0574 5368 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

14:42:00.0590 5368 volmgrx - ok

14:42:00.0590 5368 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

14:42:00.0590 5368 volsnap - ok

14:42:00.0637 5368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

14:42:00.0637 5368 vsmraid - ok

14:42:00.0715 5368 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

14:42:00.0730 5368 VSS - ok

14:42:00.0730 5368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

14:42:00.0746 5368 vwifibus - ok

14:42:00.0746 5368 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

14:42:00.0746 5368 vwififlt - ok

14:42:00.0777 5368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

14:42:00.0777 5368 W32Time - ok

14:42:00.0793 5368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

14:42:00.0793 5368 WacomPen - ok

14:42:00.0824 5368 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

14:42:00.0824 5368 WANARP - ok

14:42:00.0824 5368 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

14:42:00.0824 5368 Wanarpv6 - ok

14:42:00.0917 5368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

14:42:00.0933 5368 WatAdminSvc - ok

14:42:00.0980 5368 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

14:42:00.0980 5368 wbengine - ok

14:42:00.0995 5368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

14:42:00.0995 5368 WbioSrvc - ok

14:42:01.0011 5368 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

14:42:01.0011 5368 wcncsvc - ok

14:42:01.0011 5368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

14:42:01.0011 5368 WcsPlugInService - ok

14:42:01.0042 5368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

14:42:01.0042 5368 Wd - ok

14:42:01.0073 5368 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

14:42:01.0089 5368 Wdf01000 - ok

14:42:01.0120 5368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

14:42:01.0120 5368 WdiServiceHost - ok

14:42:01.0136 5368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

14:42:01.0136 5368 WdiSystemHost - ok

14:42:01.0136 5368 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

14:42:01.0136 5368 WebClient - ok

14:42:01.0151 5368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

14:42:01.0151 5368 Wecsvc - ok

14:42:01.0167 5368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

14:42:01.0183 5368 wercplsupport - ok

14:42:01.0198 5368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

14:42:01.0198 5368 WerSvc - ok

14:42:01.0214 5368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

14:42:01.0214 5368 WfpLwf - ok

14:42:01.0276 5368 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

14:42:01.0276 5368 WimFltr - ok

14:42:01.0292 5368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

14:42:01.0307 5368 WIMMount - ok

14:42:01.0339 5368 WinDefend - ok

14:42:01.0339 5368 WinHttpAutoProxySvc - ok

14:42:01.0401 5368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

14:42:01.0401 5368 Winmgmt - ok

14:42:01.0479 5368 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

14:42:01.0510 5368 WinRM - ok

14:42:01.0541 5368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

14:42:01.0557 5368 Wlansvc - ok

14:42:01.0604 5368 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

14:42:01.0604 5368 wlcrasvc - ok

14:42:01.0775 5368 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:42:01.0791 5368 wlidsvc - ok

14:42:01.0853 5368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

14:42:01.0853 5368 WmiAcpi - ok

14:42:01.0900 5368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

14:42:01.0900 5368 wmiApSrv - ok

14:42:01.0947 5368 WMPNetworkSvc - ok

14:42:02.0009 5368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

14:42:02.0025 5368 WPCSvc - ok

14:42:02.0041 5368 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

14:42:02.0041 5368 WPDBusEnum - ok

14:42:02.0056 5368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

14:42:02.0056 5368 ws2ifsl - ok

14:42:02.0087 5368 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

14:42:02.0087 5368 wscsvc - ok

14:42:02.0103 5368 WSearch - ok

14:42:02.0290 5368 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

14:42:02.0321 5368 wuauserv - ok

14:42:02.0353 5368 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

14:42:02.0353 5368 WudfPf - ok

14:42:02.0368 5368 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

14:42:02.0368 5368 wudfsvc - ok

14:42:02.0399 5368 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

14:42:02.0399 5368 WwanSvc - ok

14:42:02.0415 5368 ================ Scan global ===============================

14:42:02.0446 5368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

14:42:02.0477 5368 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

14:42:02.0493 5368 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

14:42:02.0524 5368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

14:42:02.0540 5368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

14:42:02.0555 5368 [Global] - ok

14:42:02.0555 5368 ================ Scan MBR ==================================

14:42:02.0555 5368 [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk0\DR0

14:42:02.0555 5368 Suspicious mbr (Forged): \Device\Harddisk0\DR0

14:42:02.0633 5368 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected

14:42:02.0633 5368 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)

14:42:02.0633 5368 ================ Scan VBR ==================================

14:42:02.0633 5368 [ 34B67763DBE2AD57B183DD7E0B7A8AAD ] \Device\Harddisk0\DR0\Partition1

14:42:02.0633 5368 \Device\Harddisk0\DR0\Partition1 - ok

14:42:02.0665 5368 [ 63594075324EE0083A2B1479A47CAB79 ] \Device\Harddisk0\DR0\Partition2

14:42:02.0665 5368 \Device\Harddisk0\DR0\Partition2 - ok

14:42:02.0665 5368 ============================================================

14:42:02.0665 5368 Scan finished

14:42:02.0665 5368 ============================================================

14:42:02.0665 5240 Detected object count: 1

14:42:02.0665 5240 Actual detected object count: 1

14:42:08.0437 5240 \Device\Harddisk0\DR0\# - copied to quarantine

14:42:08.0437 5240 \Device\Harddisk0\DR0 - copied to quarantine

14:42:08.0624 5240 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot

14:42:08.0686 5240 \Device\Harddisk0\DR0 - ok

14:42:08.0686 5240 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure

14:42:13.0366 5424 Deinitialize success

[kmars100]

The TDSSKiller cure mode fixed the constant pop ups. Here is the Combofix log....

ComboFix 13-05-25.02 - mason 05/25/2013 14:58:11.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2150 [GMT -4:00]

Running from: c:\users\mason\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\EFF.tmp

c:\users\mason\AppData\Local\Savings Sidekick

c:\windows\msvcr71.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-04-25 to 2013-05-25 )))))))))))))))))))))))))))))))

.

.

2013-05-25 19:05 . 2013-05-25 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-25 18:42 . 2013-05-25 18:42 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-25 16:32 . 2013-05-25 16:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-05-25 16:32 . 2013-05-25 16:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2013-05-25 15:33 . 2013-05-25 15:33 -------- d-----w- c:\users\mason\AppData\Roaming\Malwarebytes

2013-05-25 15:32 . 2013-05-25 15:32 -------- d-----w- c:\programdata\Malwarebytes

2013-05-25 15:32 . 2013-05-25 15:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-25 15:32 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-25 15:32 . 2013-05-25 15:32 -------- d-----w- c:\users\mason\AppData\Local\Programs

2013-05-25 15:19 . 2013-05-25 15:17 5369552 ----a-w- c:\programdata\pclunst.exe

2013-05-25 15:19 . 2013-05-25 15:19 -------- d-----w- c:\programdata\PC1Data

2013-05-25 15:19 . 2013-05-25 15:19 -------- d-----w- c:\programdata\PC Cleaners

2013-05-25 14:02 . 2013-05-25 14:02 -------- d-----w- c:\users\mason\AppData\Local\ElevatedDiagnostics

2013-05-25 12:52 . 2013-05-25 12:52 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-05-25 12:51 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-25 12:30 . 2013-05-25 12:30 -------- d-----w- c:\windows\Sun

2013-05-24 22:05 . 2013-05-24 22:05 -------- d-----w- C:\ElementalTinkerer

2013-05-24 20:50 . 2013-05-24 20:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2013-05-18 12:21 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll

2013-05-18 12:21 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-18 12:21 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-17 23:19 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-25 18:43 . 2012-07-10 11:48 45056 ----a-w- c:\windows\system32\acovcnt.exe

2013-05-18 12:26 . 2013-01-24 02:58 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-18 00:30 . 2013-02-15 01:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-18 00:30 . 2013-02-15 01:18 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-11 02:23 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-04-20 02:16 . 2013-04-20 02:16 0 ----a-w- c:\windows\SysWow64\sho53B1.tmp

2013-04-13 05:49 . 2013-05-17 23:19 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-17 23:19 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-17 23:19 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-17 23:19 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-17 23:19 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-17 23:19 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-23 20:39 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-06 19:48 . 2013-04-06 19:48 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2013-03-24 16:28 . 2013-02-15 01:20 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-24 16:28 . 2013-02-15 01:20 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-19 09:50 . 2013-04-05 20:08 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{70404373-BFD0-4D40-AE96-106EA08F8C70}\mpengine.dll

2013-03-19 06:04 . 2013-04-09 21:26 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-09 21:26 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-09 21:26 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-09 21:26 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-09 21:26 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-09 21:26 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-12 05:10 . 2013-03-29 15:33 282744 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"PC Cleaners"="c:\programdata\PC Cleaners\PCCleaners.exe" [2013-05-25 64988880]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-2 548528]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2012-7-10 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~3\BROWSE~1\261123~1.78\{16CDF~1\brwmngr.dll

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-15 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS [2013-01-22 493656]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-04-12 1390680]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys [2012-11-16 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130523.001\IDSvia64.sys [2013-04-05 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS [2012-11-16 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [2013-01-31 432800]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 2467664]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-04-05 138912]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 12547998

*NewlyCreated* - 43180687

*Deregistered* - 12547998

*Deregistered* - 43180687

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-15 00:30]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

FF - ProfilePath - c:\users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\gva794rh.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&CUI=UN73110665538122115&UM=&q=

FF - ExtSQL: 2013-04-06 15:53; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn

FF - ExtSQL: 2013-04-15 15:19; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn

FF - user.js: extentions.y2layers.installId - 8d73ca7a-c798-4e7b-8462-136bddd8babc

FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,buzzdock,YontooNewOffers

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: browser.sessionstore.resume_session_once - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-43180687.sys

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\DataMngr\Files\ChromeHomepage]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\Files\Homepage]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\Files\SelectedSearch]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\Files\UrlbarSearch]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\List\Item1]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\List\Item2]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\List\Item3]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\Toolbar]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr_Toolbar]

@Denied: (2) (LocalSystem)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\DataMngr\List\Item1]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-855506486-2987592508-797635759-1000)

"Flag"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\DataMngr\List\Item2]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-855506486-2987592508-797635759-1000)

"Flag"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\DataMngr\List\Item3]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-855506486-2987592508-797635759-1000)

"Flag"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-05-25 15:09:19

ComboFix-quarantined-files.txt 2013-05-25 19:09

.

Pre-Run: 145,894,326,272 bytes free

Post-Run: 146,184,130,560 bytes free

.

- - End Of File - - 3B1804C35BF8CA85A8D9037E9E649B1A

[Larusso]

Nothing else was expected

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):

PC Cleaners

Java 6 Update 37 (64-bit)

Yontoo 1.10.02

Browser Manager

Reboot when the last one has been uninstalled

Open notepad and copy/paste the text in the Code-box below into it:

File::
c:\programdata\pclunst.exe
Folder::
c:\programdata\PC1Data
c:\programdata\PC Cleaners
C:\ProgramData\Browser Manager
Firefox::
FF - ProfilePath - c:\users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\gva794rh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&CUI=UN73110665538122115&UM=&q=
ClearJavaCache::

• Save this as CFScript.txt, in the same location as ComboFix.exe.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
• Close the ESET online scan, and let me know how things are now.

How is your system behaving now ?

[kmars100]

Here is the CFScript log....can't thank you enough for educating me...

ComboFix 13-05-25.02 - mason 05/25/2013 18:50:22.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4000.2075 [GMT -4:00]

Running from: c:\users\mason\Downloads\ComboFix.exe

Command switches used :: c:\users\mason\Desktop\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\pclunst.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Browser Manager

c:\programdata\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\00

c:\programdata\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\01

c:\programdata\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\02

c:\programdata\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\10

c:\programdata\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\11

c:\programdata\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\12

c:\programdata\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\20

c:\programdata\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\21

c:\programdata\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings\22

c:\programdata\PC1Data

c:\programdata\PC1Data\app.log

c:\programdata\PC1Data\av\d\acertdefs0.std

c:\programdata\PC1Data\av\d\adsrules.dat

c:\programdata\PC1Data\av\d\AdviceTx.vdx

c:\programdata\PC1Data\av\d\api0.std

c:\programdata\PC1Data\av\d\apincl.dat

c:\programdata\PC1Data\av\d\apprules.dat

c:\programdata\PC1Data\av\d\bhmem.vtd

c:\programdata\PC1Data\av\d\bhsl.vtd

c:\programdata\PC1Data\av\d\bmem.vtd

c:\programdata\PC1Data\av\d\CatDesc.vdx

c:\programdata\PC1Data\av\d\CatID.vdx

c:\programdata\PC1Data\av\d\cblk.vtd

c:\programdata\PC1Data\av\d\cmem.vtd

c:\programdata\PC1Data\av\d\cname.wtd

c:\programdata\PC1Data\av\d\comp0.std

c:\programdata\PC1Data\av\d\Cookies.vdx

c:\programdata\PC1Data\av\d\CoreVer.txt

c:\programdata\PC1Data\av\d\ctid.vtd

c:\programdata\PC1Data\av\d\defs0.std

c:\programdata\PC1Data\av\d\DefVer.txt

c:\programdata\PC1Data\av\d\dex_hash.dat

c:\programdata\PC1Data\av\d\dexmem.vtd

c:\programdata\PC1Data\av\d\dnrl.vdx

c:\programdata\PC1Data\av\d\elf_hash.dat

c:\programdata\PC1Data\av\d\EPSigs.vdx

c:\programdata\PC1Data\av\d\FastSigs.vdx

c:\programdata\PC1Data\av\d\FileDT.vdx

c:\programdata\PC1Data\av\d\FolderDT.vdx

c:\programdata\PC1Data\av\d\fsigs.vdx

c:\programdata\PC1Data\av\d\gfiark.dll

c:\programdata\PC1Data\av\d\gfiark32.sys

c:\programdata\PC1Data\av\d\gfiark64.sys

c:\programdata\PC1Data\av\d\gfiarkup.dll

c:\programdata\PC1Data\av\d\gfiutil.dll

c:\programdata\PC1Data\av\d\gfiutl32.sys

c:\programdata\PC1Data\av\d\gfiutl64.sys

c:\programdata\PC1Data\av\d\hcol.wtd

c:\programdata\PC1Data\av\d\heur0.std

c:\programdata\PC1Data\av\d\HistoryCleaner.xml

c:\programdata\PC1Data\av\d\hstn.vtd

c:\programdata\PC1Data\av\d\idsrules.dat

c:\programdata\PC1Data\av\d\ih.vdx

c:\programdata\PC1Data\av\d\IncompatiblePrograms.dll

c:\programdata\PC1Data\av\d\incompats.dat

c:\programdata\PC1Data\av\d\ip.vtd

c:\programdata\PC1Data\av\d\JSSigs.vdx

c:\programdata\PC1Data\av\d\kbu.dat

c:\programdata\PC1Data\av\d\kbu.dll

c:\programdata\PC1Data\av\d\lgpl.dll

c:\programdata\PC1Data\av\d\lib7zip.dll

c:\programdata\PC1Data\av\d\libBase64.dll

c:\programdata\PC1Data\av\d\libCHM.dll

c:\programdata\PC1Data\av\d\libEmail.dll

c:\programdata\PC1Data\av\d\libMachoUniv.dll

c:\programdata\PC1Data\av\d\libMsCab.dll

c:\programdata\PC1Data\av\d\libMsi.dll

c:\programdata\PC1Data\av\d\libNSIS.dll

c:\programdata\PC1Data\av\d\libOleA.dll

c:\programdata\PC1Data\av\d\libRar.dll

c:\programdata\PC1Data\av\d\libRTF.dll

c:\programdata\PC1Data\av\d\libtd.dll

c:\programdata\PC1Data\av\d\libVvs.dll

c:\programdata\PC1Data\av\d\libZip.dll

c:\programdata\PC1Data\av\d\macroptn.std

c:\programdata\PC1Data\av\d\MFastSigs.vdx

c:\programdata\PC1Data\av\d\mime0.std

c:\programdata\PC1Data\av\d\networkrules.dat

c:\programdata\PC1Data\av\d\pack0.std

c:\programdata\PC1Data\av\d\patchw32.dll

c:\programdata\PC1Data\av\d\qscnf.vdx

c:\programdata\PC1Data\av\d\qscnr.vdx

c:\programdata\PC1Data\av\d\RegDT.vdx

c:\programdata\PC1Data\av\d\rem0.std

c:\programdata\PC1Data\av\d\remediation.dll

c:\programdata\PC1Data\av\d\RootCA.wtd

c:\programdata\PC1Data\av\d\RTmem.vdx

c:\programdata\PC1Data\av\d\SBTS.dat

c:\programdata\PC1Data\av\d\script0.std

c:\programdata\PC1Data\av\d\sdll0.std

c:\programdata\PC1Data\av\d\sel.dat

c:\programdata\PC1Data\av\d\smim0.std

c:\programdata\PC1Data\av\d\ThreatCategoryGlossary.xml

c:\programdata\PC1Data\av\d\ThreatCategoryGlossary.xsd

c:\programdata\PC1Data\av\d\ThreatDT.vdx

c:\programdata\PC1Data\av\d\ThreatID.vdx

c:\programdata\PC1Data\av\d\TImem.vdx

c:\programdata\PC1Data\av\d\unpck0.std

c:\programdata\PC1Data\av\d\updater.dll

c:\programdata\PC1Data\av\d\vcore.dll

c:\programdata\PC1Data\av\d\VVSSigs.vdx

c:\programdata\PC1Data\av\d\WebFilterExceptions.dat

c:\programdata\PC1Data\av\d\white.wtd

c:\programdata\PC1Data\av\d\white0.std

c:\programdata\PC1Data\av\d\whsl.wtd

c:\programdata\PC1Data\av\SBTE.dll

c:\programdata\PC1Data\av\SpursDownload.dll

c:\programdata\PC1Data\av\unrar.dll

c:\programdata\PC1Data\av\vipre.dll

c:\programdata\PC1Data\phone\app3\phone.bmp

c:\programdata\PC1Data\phone\app3\phone.txt

c:\programdata\PC1Data\phone\app3\phone_i.txt

c:\programdata\PC1Data\phone\app3\tips.txt

c:\programdata\PC1Data\settings.txt

c:\programdata\pclunst.exe

.

Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!SysWOW64!userinit.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-04-25 to 2013-05-25 )))))))))))))))))))))))))))))))

.

.

2013-05-25 23:01 . 2013-05-25 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-25 18:42 . 2013-05-25 18:42 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-25 16:32 . 2013-05-25 16:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-05-25 16:32 . 2013-05-25 16:32 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2013-05-25 15:33 . 2013-05-25 15:33 -------- d-----w- c:\users\mason\AppData\Roaming\Malwarebytes

2013-05-25 15:32 . 2013-05-25 15:32 -------- d-----w- c:\programdata\Malwarebytes

2013-05-25 15:32 . 2013-05-25 15:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-25 15:32 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-25 15:32 . 2013-05-25 15:32 -------- d-----w- c:\users\mason\AppData\Local\Programs

2013-05-25 14:02 . 2013-05-25 14:02 -------- d-----w- c:\users\mason\AppData\Local\ElevatedDiagnostics

2013-05-25 12:52 . 2013-05-25 12:52 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-05-25 12:51 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-25 12:30 . 2013-05-25 12:30 -------- d-----w- c:\windows\Sun

2013-05-24 22:05 . 2013-05-24 22:05 -------- d-----w- C:\ElementalTinkerer

2013-05-24 20:50 . 2013-05-24 20:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2013-05-18 12:21 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll

2013-05-18 12:21 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-18 12:21 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-17 23:19 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-25 23:03 . 2012-07-10 11:48 45056 ----a-w- c:\windows\system32\acovcnt.exe

2013-05-18 12:26 . 2013-01-24 02:58 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-18 00:30 . 2013-02-15 01:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-18 00:30 . 2013-02-15 01:18 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-11 02:23 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-04-20 02:16 . 2013-04-20 02:16 0 ----a-w- c:\windows\SysWow64\sho53B1.tmp

2013-04-13 05:49 . 2013-05-17 23:19 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-17 23:19 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-17 23:19 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-17 23:19 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-17 23:19 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-17 23:19 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-23 20:39 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-06 19:48 . 2013-04-06 19:48 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2013-03-24 16:28 . 2013-02-15 01:20 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-24 16:28 . 2013-02-15 01:20 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-19 09:50 . 2013-04-05 20:08 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{70404373-BFD0-4D40-AE96-106EA08F8C70}\mpengine.dll

2013-03-19 06:04 . 2013-04-09 21:26 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-09 21:26 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-09 21:26 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-09 21:26 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-09 21:26 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-09 21:26 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-12 05:10 . 2013-03-29 15:33 282744 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-2 548528]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2012-7-10 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-15 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS [2013-01-22 493656]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [2013-01-31 1139800]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130515.001\BHDrvx64.sys [2013-04-12 1390680]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys [2012-11-16 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130524.001\IDSvia64.sys [2013-04-05 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS [2012-11-16 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [2013-01-31 432800]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-05-15 2467664]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe [2012-12-24 144520]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-04-05 138912]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-31 138024]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-15 00:30]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]

"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1 71.252.0.12

FF - ProfilePath - c:\users\mason\AppData\Roaming\Mozilla\Firefox\Profiles\gva794rh.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - user.js: browser.sessionstore.resume_session_once - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\DataMngr\Files\ChromeHomepage]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\Files\Homepage]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\Files\SelectedSearch]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\Files\UrlbarSearch]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\List\Item1]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\List\Item2]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\List\Item3]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr\Toolbar]

@Denied: (2) (LocalSystem)

"Flag"=dword:00000000

.

[HKEY_USERS\.Default\Software\DataMngr_Toolbar]

@Denied: (2) (LocalSystem)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\DataMngr\List\Item1]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-855506486-2987592508-797635759-1000)

"Flag"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\DataMngr\List\Item2]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-855506486-2987592508-797635759-1000)

"Flag"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\DataMngr\List\Item3]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-855506486-2987592508-797635759-1000)

"Flag"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\program files (x86)\ASUS\Splendid\ACMON.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-05-25 19:08:58 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-25 23:08

ComboFix2.txt 2013-05-25 19:09

.

Pre-Run: 150,493,216,768 bytes free

Post-Run: 150,429,413,376 bytes free

.

- - End Of File - - B489DAA2EFAF94503E06032205CEA073

Here is the eset scan log...looks like there are still threats.

C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe a variant of Win32/InstallBrain.H application

C:\Program Files (x86)\Uninstall Information\ib_uninst_566\uninstall.exe a variant of Win32/InstallBrain.H application

C:\Program Files (x86)\Uninstall Information\ib_uninst_569\uninstall.exe a variant of Win32/InstallBrain.H application

[Larusso]

I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform Quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Please launch DDS and post the DDS.txt and Attach.txt and also let me know how your system behaves now

[Larusso]

Hy there, are you still with me ?

If I do not hear from you within 24 hours, this topic will be closed

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!