Deeter
-
Posts
70 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Deeter
-
Should I do the eset online scan or not?
Deeter replied to Deeter's topic in Malwarebytes for Windows Support Forum
Fine. I'll do the risky scan. Then can I continue getting help? -
http://forums.malwarebytes.org/index.php?showtopic=123684&st=20 See that thread for more background on the issue. The last post is most enlightening. I am uncomfortable with turning off my AV while online to use that ESET online scanner. Seems kinda bizarre to be forced to do that WHILE online. Seeing as how he will no longer help me I thought I'd try to get some help elsewhere. So, are my worries about the online scanner unfounded? Is there another way to do this? I've done all the other scans and crap he wanted me to, but that one scan just seems counter-intuitive to me.
-
I will think about it. I did not press the windows plus D key. I just pressed D. The same thing happened when pressing the space bar.
-
Alright, what is a junk file? and I was playing a game last night and suddenly, whenever I would press my D button and spacebar, the game window would minimize and I'd be back at my desk top. I tried switching ports for my keyboard. After that I got a (to paraphrase) " need to reboot to save these changes" prompt. I did a hard off as I didn't like the sound of that. Is that anything to worry about?
-
What has been found so far? And what did combofix find? Is there any way to do that scan off line?
-
Even with all of my antiviruses off (I forgot to turn off Malwarebytes now that I think of it... crap) Kaspersky still gave me a few pop ups creg.dat c:\combofix\ regt.3xe c:\combofix\ handle.3xe c:\32788r22fwjw\ Those were the things it didn't like Here's the log. I had to do a hard shutdown as my computer was at least slow to shut down after I clicked the off button. I may have been too impatient. ComboFix 13-03-16.02 - n 03/16/2013 18:40:01.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8173.6494 [GMT -5:00] Running from: c:\users\h\Desktop\ComboFix.exe AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.dat . . ((((((((((((((((((((((((( Files Created from 2013-02-16 to 2013-03-16 ))))))))))))))))))))))))))))))) . . 2013-03-16 23:44 . 2013-03-16 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-16 23:44 . 2013-03-16 23:44 -------- d-----w- c:\users\n\AppData\Local\temp 2013-03-13 18:21 . 2013-03-13 18:43 -------- d-----w- c:\users\n\Doctor Web 2013-03-12 18:33 . 2013-03-12 18:33 -------- d-----w- c:\program files (x86)\ERUNT 2013-03-09 23:44 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF4CC09-7A2F-4C2B-8E79-56B25D19E8D6}\mpengine.dll 2013-03-09 03:22 . 2012-07-11 23:09 64856 ----a-w- c:\windows\system32\klfphc.dll 2013-03-09 03:22 . 2013-03-09 03:22 -------- dc----w- c:\windows\system32\DRVSTORE 2013-03-09 03:22 . 2011-06-02 20:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2013-03-09 03:22 . 2011-06-02 20:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2013-03-09 03:22 . 2013-03-16 23:33 -------- d-----w- c:\programdata\Kaspersky Lab 2013-03-09 03:22 . 2013-03-09 03:22 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2013-03-09 03:22 . 2013-03-09 03:22 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch 2013-03-09 03:21 . 2012-11-02 21:48 89944 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-03-09 03:21 . 2012-11-02 21:48 613720 ----a-w- c:\windows\system32\drivers\klif.sys 2013-03-09 02:51 . 2013-03-09 02:51 -------- d-----w- C:\kleaner.tmp 2013-03-08 01:40 . 2013-03-08 01:40 -------- d-----w- c:\users\n\AppData\Local\lptmp245130699 2013-03-07 03:13 . 2013-03-08 01:40 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe 2013-03-07 03:13 . 2013-03-07 03:13 -------- d-----w- c:\users\h\AppData\Local\lptmp21079239 2013-02-21 20:56 . 2013-02-21 20:56 -------- d-----w- c:\programdata\EA Core 2013-02-21 20:55 . 2013-02-21 23:53 -------- d-----w- c:\programdata\EA Logs 2013-02-21 20:32 . 2013-02-21 20:32 -------- d-----w- c:\windows\SysWow64\%Report% 2013-02-21 19:13 . 2013-02-21 19:13 -------- d-----w- c:\program files (x86)\AMD AVT 2013-02-21 19:12 . 2013-02-21 19:12 -------- d-----w- c:\programdata\ATI 2013-02-21 18:14 . 2013-02-21 18:14 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller 2013-02-21 18:14 . 2013-02-21 18:14 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2013-02-21 17:08 . 2013-02-21 17:42 -------- d-----w- c:\program files (x86)\Origin Games 2013-02-21 17:08 . 2013-02-28 01:22 -------- d-----w- c:\users\n\AppData\Local\Origin 2013-02-21 17:08 . 2013-02-21 20:58 -------- d-----w- c:\programdata\Electronic Arts 2013-02-21 17:07 . 2013-02-21 17:19 -------- d-----w- c:\program files (x86)\Origin 2013-02-21 16:43 . 2013-02-27 19:52 -------- d-----w- c:\users\h\AppData\Roaming\Origin 2013-02-21 16:43 . 2013-02-21 16:43 -------- d-----w- c:\users\h\AppData\Local\Origin 2013-02-21 16:38 . 2013-02-21 17:23 -------- d-----w- c:\users\n\AppData\Roaming\Origin 2013-02-21 16:36 . 2013-02-21 17:42 -------- d-----w- c:\programdata\Origin . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-12 19:17 . 2012-11-11 18:41 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 19:17 . 2012-11-11 18:41 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-13 17:20 . 2012-11-11 02:12 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-17 07:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-09 01:48 . 2013-02-13 17:17 17812992 ----a-w- c:\windows\system32\mshtml.dll 2013-01-09 01:22 . 2013-02-13 17:17 10925568 ----a-w- c:\windows\system32\ieframe.dll 2013-01-09 01:19 . 2013-02-13 17:17 2312704 ----a-w- c:\windows\system32\jscript9.dll 2013-01-09 01:12 . 2013-02-13 17:17 1346048 ----a-w- c:\windows\system32\urlmon.dll 2013-01-09 01:12 . 2013-02-13 17:17 1392128 ----a-w- c:\windows\system32\wininet.dll 2013-01-09 01:11 . 2013-02-13 17:17 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2013-01-09 01:10 . 2013-02-13 17:17 237056 ----a-w- c:\windows\system32\url.dll 2013-01-09 01:09 . 2013-02-13 17:17 85504 ----a-w- c:\windows\system32\jsproxy.dll 2013-01-09 01:07 . 2013-02-13 17:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2013-01-09 01:07 . 2013-02-13 17:17 816640 ----a-w- c:\windows\system32\jscript.dll 2013-01-09 01:07 . 2013-02-13 17:17 599040 ----a-w- c:\windows\system32\vbscript.dll 2013-01-09 01:06 . 2013-02-13 17:17 729088 ----a-w- c:\windows\system32\msfeeds.dll 2013-01-09 01:05 . 2013-02-13 17:17 2147840 ----a-w- c:\windows\system32\iertutil.dll 2013-01-09 01:04 . 2013-02-13 17:17 96768 ----a-w- c:\windows\system32\mshtmled.dll 2013-01-09 01:04 . 2013-02-13 17:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-01-09 01:00 . 2013-02-13 17:17 248320 ----a-w- c:\windows\system32\ieui.dll 2013-01-08 22:11 . 2013-02-13 17:17 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-01-08 22:03 . 2013-02-13 17:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2013-01-08 22:03 . 2013-02-13 17:17 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-01-08 21:59 . 2013-02-13 17:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-01-08 21:58 . 2013-02-13 17:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-01-08 21:56 . 2013-02-13 17:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-01-05 05:53 . 2013-02-13 17:14 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-13 17:14 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-13 17:14 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-13 17:14 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-13 17:14 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-13 17:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-13 17:14 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-13 17:14 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-13 17:14 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-13 17:14 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-13 17:14 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-13 17:14 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-13 17:14 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-12-25 21:32 . 2012-12-25 21:32 1409 ----a-w- c:\windows\QTFont.for 2012-12-19 20:50 . 2012-12-19 20:50 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll 2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll 2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll 2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-12-19 20:09 . 2011-10-26 02:05 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-12-19 20:08 . 2011-10-26 02:04 1151488 ----a-w- c:\windows\system32\aticfx64.dll 2012-12-19 20:06 . 2011-10-26 01:55 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-12-19 19:59 . 2011-10-26 01:43 5087744 ----a-w- c:\windows\system32\atiumd6a.dll 2012-12-19 19:57 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll 2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe 2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe 2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-12-19 19:49 . 2011-10-26 01:46 7370752 ----a-w- c:\windows\system32\atidxx64.dll 2012-12-19 19:44 . 2012-12-19 19:44 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-12-19 19:44 . 2011-10-26 01:29 6786560 ----a-w- c:\windows\system32\atiumd64.dll 2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-12-19 19:33 . 2011-10-26 01:22 619008 ----a-w- c:\windows\system32\atiadlxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-12-19 19:31 . 2011-10-26 01:21 130048 ----a-w- c:\windows\system32\atiuxp64.dll 2012-12-19 19:31 . 2011-10-26 01:21 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-12-19 19:31 . 2011-10-26 01:21 104448 ----a-w- c:\windows\system32\atiu9p64.dll 2012-12-19 19:30 . 2012-09-28 01:10 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{215BA832-75A3-426E-A4FC-7C5B58CE6A10}] 2013-03-09 03:27 2404920 ----a-w- c:\progra~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{215BA832-75A3-426E-A4FC-7C5B58CE6A10}"= "c:\progra~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll" [2013-03-09 2404920] . [HKEY_CLASSES_ROOT\clsid\{215ba832-75a3-426e-a4fc-7c5b58ce6a10}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-12-21 00:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-26 393216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-21 356968] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-11 1255736] S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2011-06-02 84536] S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2011-06-02 66616] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-10-18 54104] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-03 29016] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-04 29528] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352] . . Contents of the 'Scheduled Tasks' folder . 2013-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-11 19:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-12-21 00:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 8.26.56.26 8.20.247.20 TCP: Interfaces\{D967BCD4-7095-4CCB-8154-F8630495EB7E}: NameServer = 8.26.56.26,8.20.247.20 FF - ProfilePath - . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3343531971-2036800499-2335478867-1000\Software\SecuROM\License information*] "datasecu"=hex:71,69,71,c0,49,2b,d6,c3,fc,59,a8,71,5e,56,5f,69,40,16,6e,5e,53, 49,69,0e,d0,bb,a6,9d,66,9c,2e,c7,a1,fa,91,d3,6d,4d,3f,2d,f5,01,f5,d4,9e,04,\ "rkeysecu"=hex:1b,47,d8,52,0d,51,59,38,67,67,f1,1f,df,af,41,fa . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-16 18:47:15 ComboFix-quarantined-files.txt 2013-03-16 23:47 . Pre-Run: 33,269,350,400 bytes free Post-Run: 34,940,203,008 bytes free . - - End Of File - - CAACA4712B0BC538655044D22114EEF0
-
I still can't bring myself to do the eset thing, but here is the Farbar Scanner log. Farbar Service Scanner Version: 03-03-2013 Ran by n (administrator) on 16-03-2013 at 15:54:23 Running from "C:\Users\h\Downloads" Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. There is no connection to network. Attempt to access Google IP returned error. Google IP is unreachable Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error. Yahoo IP is offline Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
-
What What does this do? And I can't bring myself to connect to the net with my AV off for that eset scan. That's just, not good.
-
And as for whether or not I think I have viruses, I have no idea. I noticed odd things with my system (listed in that thread I linked to at the beginning of this topic) and was told to come here.
-
Here are the first two scans I did before I remembered to close paint. Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 n :: N-PC [administrator] Protection: Enabled 3/15/2013 1:53:42 PM mbam-log-2013-03-15 (13-53-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 226582 Time elapsed: 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 n :: N-PC [administrator] Protection: Enabled 3/15/2013 1:55:06 PM mbam-log-2013-03-15 (13-55-06).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Registry | File System Objects scanned: 200745 Time elapsed: 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
I did task number one. What does it do? And I did what you said with malwarebytes, and I did a full scan and flash scan (I did a flash and a memory scan before remembering to close some other programs(I will post their contents in the next post). Then I did all three scans with all other programs closed. The third task I am not so comfortable with doing. Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 n :: N-PC [administrator] Protection: Enabled 3/15/2013 1:58:23 PM mbam-log-2013-03-15 (13-58-23).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 336051 Time elapsed: 7 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 n :: N-PC [administrator] Protection: Enabled 3/15/2013 1:57:51 PM mbam-log-2013-03-15 (13-57-51).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Registry | File System Objects scanned: 200743 Time elapsed: 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.15.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 n :: N-PC [administrator] Protection: Enabled 3/15/2013 1:56:46 PM mbam-log-2013-03-15 (13-56-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 226580 Time elapsed: 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
I scanned with Kaspersky Pure 3.0 and found nothing. The problems that I can recall are 1) The scans by Kaspersky Internet Security 2013 would not complete. They would get stuck several thousand files in. I could not abort these scans either. I would click the stop button and the scan would just keep running, stuck on whatever file it was stuck on. I upgraded to Kaspersky Pure 3.0 and it's scans do work and finish. 2) Ever since I went from Kaspersky Internet Security 2012 to the 2013 version (and now to Pure 3.0) Kaspersky has been slow to start up. The best time I can get is a 4 second start up time.
-
SystemLook 30.07.11 by jpshortstuff Log created at 12:47 on 14/03/2013 by n Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== filefind ========== Searching for "explorer.exe" C:\Windows\explorer.exe --a---- 2871808 bytes [03:15 11/11/2012] [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3 C:\Windows\System32\explorer.exe --a---- 2616320 bytes [03:15 11/11/2012] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E C:\Windows\SysWOW64\explorer.exe --a---- 2616320 bytes [03:15 11/11/2012] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E C:\Windows\winsxs\amd64_microsoft-windows- explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe --a---- 2872320 bytes [03:24 21/11/2010] [03:24 21/11/2010] AC4C51EB24AA95B77F705AB159189E24 C:\Windows\winsxs\amd64_microsoft-windows- explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe --a---- 2871808 bytes [03:15 11/11/2012] [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3 C:\Windows\winsxs\amd64_microsoft-windows- explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe --a---- 2871808 bytes [03:15 11/11/2012] [06:14 26/02/2011] 3B69712041F3D63605529BD66DC00C48 C:\Windows\winsxs\wow64_microsoft-windows- explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe --a---- 2616320 bytes [03:24 21/11/2010] [03:24 21/11/2010] 40D777B7A95E00593EB1568C68514493 C:\Windows\winsxs\wow64_microsoft-windows- explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe --a---- 2616320 bytes [03:15 11/11/2012] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E C:\Windows\winsxs\wow64_microsoft-windows- explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe --a---- 2616320 bytes [03:15 11/11/2012] [05:19 26/02/2011] 0FB9C74046656D1579A64660AD67B746 -= EOF =-
-
I ran Dr. Web 3 times. (actually I started it 5 times and ran the scan 3 times. The first two times I had windows in the way of the instructions so I had to close it and move them and then start it up again to scan). The first time it found nothing, but I could not find the report button. The second time it found something, which I think was just an alternate copy of one of the downloads you linked to (I must have downloaded it twice without realizing), and this time I realized there was no report button. An image of this is attached. The third time it found nothing, and a there still was no report button.
-
I ran rogue killer again to see what it would do. And I got the same two (they look the same) warnings I got when I first ran it. A screen shot is attached. The DNS tab showed nothing.
-
R. Kill I tried running this program both ways. Rkill 2.4.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 03/13/2013 01:08:27 PM in x64 mode. Windows Version: Windows 7 Ultimate Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\n\Desktop\rkill\rkill-03-13-2013-01-08-29.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 03/13/2013 01:08:35 PM Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s) And here's the second time I ran it with the alternate download Rkill 2.4.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 03/13/2013 01:09:54 PM in x64 mode. Windows Version: Windows 7 Ultimate Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 03/13/2013 01:10:02 PM Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
-
I noticed that you said I should use rogue killer to delete those two name server things. I would like to note that I did set my pc to hook to the comodo DNS servers, which correspond to those numbers. Does this change anything? Was a virus found or the result of one or did these detection software-s view my alteration to connect to the comodo DNS as something that was wrong?
-
Here is the rogue killer report. It found 2 items. RogueKiller V8.5.2 [Mar 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : n [Admin rights] Mode : Scan -- Date : 03/12/2013 16:11:45 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D967BCD4-7095-4CCB- 8154-F8630495EB7E} : NameServer (8.26.56.26,8.20.247.20) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{D967BCD4-7095-4CCB- 8154-F8630495EB7E} : NameServer (8.26.56.26,8.20.247.20) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: MKNSSDCR120GB ATA Device +++++ --- User --- [MBR] 90caabd5a02593aa93b7586638a26408 [bSP] 7daaa6eec4392aeffbecdd118806e365 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03122013_02d1611.txt >> RKreport[1]_S_03122013_02d1611.txt
-
TDSSKiller found nothing, but I cannot post the log as there is no way to copy it or save it. Right clicking does nothing. Never mind I had to use control C. I'm glad that worked. I pasted it into word pad first so that I could save it and close it while having no programs running for the Rogue Killer program. 15:36:02.0062 1660 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 15:36:02.0078 1660 ============================================================ 15:36:02.0078 1660 Current date / time: 2013/03/12 15:36:02.0078 15:36:02.0078 1660 SystemInfo: 15:36:02.0078 1660 15:36:02.0078 1660 OS Version: 6.1.7601 ServicePack: 1.0 15:36:02.0078 1660 Product type: Workstation 15:36:02.0078 1660 ComputerName: N-PC 15:36:02.0078 1660 UserName: n 15:36:02.0078 1660 Windows directory: C:\Windows 15:36:02.0078 1660 System windows directory: C:\Windows 15:36:02.0078 1660 Running under WOW64 15:36:02.0078 1660 Processor architecture: Intel x64 15:36:02.0078 1660 Number of processors: 4 15:36:02.0078 1660 Page size: 0x1000 15:36:02.0078 1660 Boot type: Normal boot 15:36:02.0078 1660 ============================================================ 15:36:02.0250 1660 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 15:36:02.0265 1660 ============================================================ 15:36:02.0265 1660 \Device\Harddisk0\DR0: 15:36:02.0265 1660 MBR partitions: 15:36:02.0265 1660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 15:36:02.0265 1660 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800 15:36:02.0265 1660 ============================================================ 15:36:02.0265 1660 C: <-> \Device\Harddisk0\DR0\Partition2 15:36:02.0265 1660 ============================================================ 15:36:02.0265 1660 Initialize success 15:36:02.0265 1660 ============================================================ 15:36:14.0012 4604 ============================================================ 15:36:14.0012 4604 Scan started 15:36:14.0012 4604 Mode: Manual; 15:36:14.0012 4604 ============================================================ 15:36:14.0121 4604 ================ Scan system memory ======================== 15:36:14.0121 4604 System memory - ok 15:36:14.0121 4604 ================ Scan services ============================= 15:36:14.0230 4604 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 15:36:14.0230 4604 1394ohci - ok 15:36:14.0230 4604 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:36:14.0230 4604 ACPI - ok 15:36:14.0246 4604 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 15:36:14.0246 4604 AcpiPmi - ok 15:36:14.0262 4604 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:36:14.0262 4604 AdobeARMservice - ok 15:36:14.0340 4604 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:36:14.0340 4604 AdobeFlashPlayerUpdateSvc - ok 15:36:14.0355 4604 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:36:14.0355 4604 adp94xx - ok 15:36:14.0371 4604 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:36:14.0371 4604 adpahci - ok 15:36:14.0386 4604 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:36:14.0386 4604 adpu320 - ok 15:36:14.0386 4604 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:36:14.0386 4604 AeLookupSvc - ok 15:36:14.0402 4604 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 15:36:14.0402 4604 AFD - ok 15:36:14.0418 4604 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:36:14.0418 4604 agp440 - ok 15:36:14.0418 4604 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 15:36:14.0418 4604 ALG - ok 15:36:14.0418 4604 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 15:36:14.0418 4604 aliide - ok 15:36:14.0418 4604 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 15:36:14.0418 4604 AMD External Events Utility - ok 15:36:14.0433 4604 AMD FUEL Service - ok 15:36:14.0433 4604 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 15:36:14.0433 4604 amdide - ok 15:36:14.0433 4604 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys 15:36:14.0433 4604 amdiox64 - ok 15:36:14.0433 4604 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 15:36:14.0433 4604 AmdK8 - ok 15:36:14.0542 4604 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 15:36:14.0589 4604 amdkmdag - ok 15:36:14.0605 4604 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 15:36:14.0605 4604 amdkmdap - ok 15:36:14.0605 4604 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 15:36:14.0605 4604 AmdPPM - ok 15:36:14.0620 4604 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:36:14.0620 4604 amdsata - ok 15:36:14.0620 4604 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 15:36:14.0620 4604 amdsbs - ok 15:36:14.0620 4604 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:36:14.0620 4604 amdxata - ok 15:36:14.0636 4604 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 15:36:14.0636 4604 AODDriver4.01 - ok 15:36:14.0636 4604 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 15:36:14.0636 4604 AppID - ok 15:36:14.0636 4604 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:36:14.0636 4604 AppIDSvc - ok 15:36:14.0636 4604 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 15:36:14.0636 4604 Appinfo - ok 15:36:14.0652 4604 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 15:36:14.0652 4604 AppMgmt - ok 15:36:14.0652 4604 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 15:36:14.0652 4604 arc - ok 15:36:14.0652 4604 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:36:14.0652 4604 arcsas - ok 15:36:14.0667 4604 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:36:14.0667 4604 AsyncMac - ok 15:36:14.0667 4604 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 15:36:14.0667 4604 atapi - ok 15:36:14.0667 4604 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 15:36:14.0667 4604 AtiHDAudioService - ok 15:36:14.0683 4604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:36:14.0683 4604 AudioEndpointBuilder - ok 15:36:14.0698 4604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 15:36:14.0698 4604 AudioSrv - ok 15:36:14.0714 4604 [ C6CDA4E093DD3B2977F87DA498827FCB ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe 15:36:14.0714 4604 AVP - ok 15:36:14.0714 4604 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:36:14.0714 4604 AxInstSV - ok 15:36:14.0730 4604 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 15:36:14.0730 4604 b06bdrv - ok 15:36:14.0730 4604 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 15:36:14.0730 4604 b57nd60a - ok 15:36:14.0745 4604 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 15:36:14.0745 4604 BDESVC - ok 15:36:14.0745 4604 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 15:36:14.0745 4604 Beep - ok 15:36:14.0745 4604 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 15:36:14.0761 4604 BFE - ok 15:36:14.0776 4604 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 15:36:14.0776 4604 BITS - ok 15:36:14.0776 4604 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 15:36:14.0776 4604 blbdrive - ok 15:36:14.0792 4604 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:36:14.0792 4604 bowser - ok 15:36:14.0792 4604 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 15:36:14.0792 4604 BrFiltLo - ok 15:36:14.0792 4604 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 15:36:14.0792 4604 BrFiltUp - ok 15:36:14.0792 4604 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 15:36:14.0792 4604 Browser - ok 15:36:14.0808 4604 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 15:36:14.0808 4604 Brserid - ok 15:36:14.0808 4604 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 15:36:14.0808 4604 BrSerWdm - ok 15:36:14.0808 4604 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 15:36:14.0808 4604 BrUsbMdm - ok 15:36:14.0808 4604 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 15:36:14.0808 4604 BrUsbSer - ok 15:36:14.0823 4604 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 15:36:14.0823 4604 BTHMODEM - ok 15:36:14.0823 4604 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 15:36:14.0823 4604 bthserv - ok 15:36:14.0823 4604 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:36:14.0823 4604 cdfs - ok 15:36:14.0839 4604 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:36:14.0839 4604 cdrom - ok 15:36:14.0839 4604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 15:36:14.0839 4604 CertPropSvc - ok 15:36:14.0839 4604 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 15:36:14.0839 4604 circlass - ok 15:36:14.0854 4604 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 15:36:14.0854 4604 CLFS - ok 15:36:14.0854 4604 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:36:14.0854 4604 clr_optimization_v2.0.50727_32 - ok 15:36:14.0870 4604 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:36:14.0870 4604 clr_optimization_v2.0.50727_64 - ok 15:36:14.0870 4604 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:36:14.0870 4604 clr_optimization_v4.0.30319_32 - ok 15:36:14.0886 4604 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:36:14.0886 4604 clr_optimization_v4.0.30319_64 - ok 15:36:14.0886 4604 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 15:36:14.0886 4604 CmBatt - ok 15:36:14.0886 4604 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:36:14.0886 4604 cmdide - ok 15:36:14.0901 4604 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 15:36:14.0901 4604 CNG - ok 15:36:14.0901 4604 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 15:36:14.0901 4604 Compbatt - ok 15:36:14.0901 4604 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 15:36:14.0901 4604 CompositeBus - ok 15:36:14.0901 4604 COMSysApp - ok 15:36:14.0917 4604 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:36:14.0917 4604 crcdisk - ok 15:36:14.0917 4604 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:36:14.0917 4604 CryptSvc - ok 15:36:14.0932 4604 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 15:36:14.0932 4604 CSC - ok 15:36:14.0932 4604 [ 04199CA5C4A6F6E935906A74EAFCA8E7 ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys 15:36:14.0932 4604 CSCrySec - ok 15:36:14.0948 4604 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 15:36:14.0948 4604 CscService - ok 15:36:14.0964 4604 [ 0F9FE82E229C039F0AC1996E44059653 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe 15:36:14.0964 4604 CSObjectsSrv - ok 15:36:14.0964 4604 [ 7D7F90460F1309B5205BF8CDFAD63E42 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys 15:36:14.0964 4604 CSVirtualDiskDrv - ok 15:36:14.0979 4604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:36:14.0979 4604 DcomLaunch - ok 15:36:14.0979 4604 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 15:36:14.0995 4604 defragsvc - ok 15:36:14.0995 4604 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:36:14.0995 4604 DfsC - ok 15:36:14.0995 4604 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 15:36:15.0010 4604 Dhcp - ok 15:36:15.0010 4604 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 15:36:15.0010 4604 discache - ok 15:36:15.0010 4604 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 15:36:15.0010 4604 Disk - ok 15:36:15.0010 4604 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 15:36:15.0010 4604 dmvsc - ok 15:36:15.0026 4604 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:36:15.0026 4604 Dnscache - ok 15:36:15.0026 4604 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:36:15.0026 4604 dot3svc - ok 15:36:15.0042 4604 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 15:36:15.0042 4604 DPS - ok 15:36:15.0042 4604 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:36:15.0042 4604 drmkaud - ok 15:36:15.0057 4604 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:36:15.0057 4604 DXGKrnl - ok 15:36:15.0057 4604 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 15:36:15.0057 4604 EapHost - ok 15:36:15.0088 4604 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 15:36:15.0120 4604 ebdrv - ok 15:36:15.0120 4604 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 15:36:15.0120 4604 EFS - ok 15:36:15.0135 4604 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:36:15.0135 4604 ehRecvr - ok 15:36:15.0135 4604 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 15:36:15.0135 4604 ehSched - ok 15:36:15.0151 4604 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 15:36:15.0151 4604 elxstor - ok 15:36:15.0151 4604 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:36:15.0151 4604 ErrDev - ok 15:36:15.0166 4604 [ DB6AEC32FAF5BD002D9ED6C38692D42B ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys 15:36:15.0166 4604 EtronHub3 - ok 15:36:15.0166 4604 [ 9CC2F24274741E12F9DF92125EA6D6D8 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys 15:36:15.0166 4604 EtronXHCI - ok 15:36:15.0166 4604 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 15:36:15.0182 4604 EventSystem - ok 15:36:15.0182 4604 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 15:36:15.0182 4604 exfat - ok 15:36:15.0182 4604 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:36:15.0182 4604 fastfat - ok 15:36:15.0198 4604 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 15:36:15.0198 4604 Fax - ok 15:36:15.0213 4604 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 15:36:15.0213 4604 fdc - ok 15:36:15.0213 4604 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 15:36:15.0213 4604 fdPHost - ok 15:36:15.0213 4604 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 15:36:15.0213 4604 FDResPub - ok 15:36:15.0213 4604 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:36:15.0229 4604 FileInfo - ok 15:36:15.0229 4604 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:36:15.0229 4604 Filetrace - ok 15:36:15.0229 4604 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 15:36:15.0229 4604 flpydisk - ok 15:36:15.0229 4604 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:36:15.0229 4604 FltMgr - ok 15:36:15.0244 4604 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 15:36:15.0260 4604 FontCache - ok 15:36:15.0260 4604 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:36:15.0260 4604 FontCache3.0.0.0 - ok 15:36:15.0260 4604 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:36:15.0260 4604 FsDepends - ok 15:36:15.0276 4604 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:36:15.0276 4604 Fs_Rec - ok 15:36:15.0276 4604 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:36:15.0276 4604 fvevol - ok 15:36:15.0276 4604 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:36:15.0276 4604 gagp30kx - ok 15:36:15.0276 4604 gdrv - ok 15:36:15.0291 4604 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 15:36:15.0291 4604 gpsvc - ok 15:36:15.0307 4604 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 15:36:15.0307 4604 hcw85cir - ok 15:36:15.0307 4604 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:36:15.0307 4604 HdAudAddService - ok 15:36:15.0307 4604 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 15:36:15.0307 4604 HDAudBus - ok 15:36:15.0322 4604 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 15:36:15.0322 4604 HidBatt - ok 15:36:15.0322 4604 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 15:36:15.0322 4604 HidBth - ok 15:36:15.0322 4604 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 15:36:15.0322 4604 HidIr - ok 15:36:15.0322 4604 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 15:36:15.0322 4604 hidserv - ok 15:36:15.0338 4604 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:36:15.0338 4604 HidUsb - ok 15:36:15.0338 4604 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:36:15.0338 4604 hkmsvc - ok 15:36:15.0338 4604 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:36:15.0338 4604 HomeGroupListener - ok 15:36:15.0354 4604 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:36:15.0354 4604 HomeGroupProvider - ok 15:36:15.0354 4604 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 15:36:15.0354 4604 HpSAMD - ok 15:36:15.0369 4604 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:36:15.0369 4604 HTTP - ok 15:36:15.0369 4604 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:36:15.0369 4604 hwpolicy - ok 15:36:15.0369 4604 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 15:36:15.0385 4604 i8042prt - ok 15:36:15.0385 4604 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:36:15.0385 4604 iaStorV - ok 15:36:15.0400 4604 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:36:15.0400 4604 idsvc - ok 15:36:15.0416 4604 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:36:15.0416 4604 iirsp - ok 15:36:15.0416 4604 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 15:36:15.0432 4604 IKEEXT - ok 15:36:15.0432 4604 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 15:36:15.0432 4604 intelide - ok 15:36:15.0432 4604 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 15:36:15.0432 4604 intelppm - ok 15:36:15.0447 4604 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:36:15.0447 4604 IPBusEnum - ok 15:36:15.0447 4604 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:36:15.0447 4604 IpFilterDriver - ok 15:36:15.0447 4604 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:36:15.0463 4604 iphlpsvc - ok 15:36:15.0463 4604 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 15:36:15.0463 4604 IPMIDRV - ok 15:36:15.0463 4604 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:36:15.0463 4604 IPNAT - ok 15:36:15.0463 4604 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:36:15.0463 4604 IRENUM - ok 15:36:15.0478 4604 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:36:15.0478 4604 isapnp - ok 15:36:15.0478 4604 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 15:36:15.0478 4604 iScsiPrt - ok 15:36:15.0478 4604 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:36:15.0478 4604 kbdclass - ok 15:36:15.0494 4604 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:36:15.0494 4604 kbdhid - ok 15:36:15.0494 4604 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 15:36:15.0494 4604 KeyIso - ok 15:36:15.0494 4604 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys 15:36:15.0494 4604 kl1 - ok 15:36:15.0510 4604 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys 15:36:15.0510 4604 KLIF - ok 15:36:15.0525 4604 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys 15:36:15.0525 4604 KLIM6 - ok 15:36:15.0525 4604 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys 15:36:15.0525 4604 klkbdflt - ok 15:36:15.0525 4604 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys 15:36:15.0525 4604 klmouflt - ok 15:36:15.0525 4604 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys 15:36:15.0525 4604 kltdi - ok 15:36:15.0541 4604 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys 15:36:15.0541 4604 kneps - ok 15:36:15.0541 4604 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:36:15.0541 4604 KSecDD - ok 15:36:15.0541 4604 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:36:15.0541 4604 KSecPkg - ok 15:36:15.0541 4604 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 15:36:15.0541 4604 ksthunk - ok 15:36:15.0556 4604 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 15:36:15.0556 4604 KtmRm - ok 15:36:15.0556 4604 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 15:36:15.0572 4604 LanmanServer - ok 15:36:15.0572 4604 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:36:15.0572 4604 LanmanWorkstation - ok 15:36:15.0572 4604 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:36:15.0572 4604 lltdio - ok 15:36:15.0588 4604 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:36:15.0588 4604 lltdsvc - ok 15:36:15.0588 4604 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:36:15.0588 4604 lmhosts - ok 15:36:15.0603 4604 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 15:36:15.0603 4604 LSI_FC - ok 15:36:15.0603 4604 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:36:15.0603 4604 LSI_SAS - ok 15:36:15.0603 4604 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 15:36:15.0603 4604 LSI_SAS2 - ok 15:36:15.0603 4604 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:36:15.0619 4604 LSI_SCSI - ok 15:36:15.0619 4604 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 15:36:15.0619 4604 luafv - ok 15:36:15.0619 4604 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 15:36:15.0619 4604 MBAMProtector - ok 15:36:15.0634 4604 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 15:36:15.0634 4604 MBAMScheduler - ok 15:36:15.0634 4604 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:36:15.0634 4604 MBAMService - ok 15:36:15.0650 4604 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:36:15.0650 4604 Mcx2Svc - ok 15:36:15.0650 4604 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 15:36:15.0650 4604 megasas - ok 15:36:15.0650 4604 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 15:36:15.0666 4604 MegaSR - ok 15:36:15.0666 4604 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 15:36:15.0666 4604 MMCSS - ok 15:36:15.0666 4604 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 15:36:15.0666 4604 Modem - ok 15:36:15.0666 4604 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:36:15.0666 4604 monitor - ok 15:36:15.0666 4604 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:36:15.0666 4604 mouclass - ok 15:36:15.0681 4604 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:36:15.0681 4604 mouhid - ok 15:36:15.0681 4604 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:36:15.0681 4604 mountmgr - ok 15:36:15.0681 4604 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:36:15.0681 4604 MozillaMaintenance - ok 15:36:15.0681 4604 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 15:36:15.0697 4604 mpio - ok 15:36:15.0697 4604 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:36:15.0697 4604 mpsdrv - ok 15:36:15.0697 4604 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:36:15.0712 4604 MpsSvc - ok 15:36:15.0712 4604 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:36:15.0712 4604 MRxDAV - ok 15:36:15.0712 4604 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:36:15.0728 4604 mrxsmb - ok 15:36:15.0728 4604 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:36:15.0728 4604 mrxsmb10 - ok 15:36:15.0728 4604 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:36:15.0728 4604 mrxsmb20 - ok 15:36:15.0744 4604 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 15:36:15.0744 4604 msahci - ok 15:36:15.0744 4604 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:36:15.0744 4604 msdsm - ok 15:36:15.0744 4604 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 15:36:15.0744 4604 MSDTC - ok 15:36:15.0759 4604 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:36:15.0759 4604 Msfs - ok 15:36:15.0759 4604 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:36:15.0759 4604 mshidkmdf - ok 15:36:15.0759 4604 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:36:15.0759 4604 msisadrv - ok 15:36:15.0759 4604 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:36:15.0759 4604 MSiSCSI - ok 15:36:15.0775 4604 msiserver - ok 15:36:15.0775 4604 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:36:15.0775 4604 MSKSSRV - ok 15:36:15.0775 4604 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:36:15.0775 4604 MSPCLOCK - ok 15:36:15.0775 4604 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:36:15.0775 4604 MSPQM - ok 15:36:15.0790 4604 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:36:15.0790 4604 MsRPC - ok 15:36:15.0790 4604 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 15:36:15.0790 4604 mssmbios - ok 15:36:15.0790 4604 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:36:15.0790 4604 MSTEE - ok 15:36:15.0806 4604 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 15:36:15.0806 4604 MTConfig - ok 15:36:15.0806 4604 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 15:36:15.0806 4604 Mup - ok 15:36:15.0806 4604 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 15:36:15.0822 4604 napagent - ok 15:36:15.0822 4604 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:36:15.0822 4604 NativeWifiP - ok 15:36:15.0837 4604 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:36:15.0837 4604 NDIS - ok 15:36:15.0837 4604 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:36:15.0837 4604 NdisCap - ok 15:36:15.0837 4604 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:36:15.0837 4604 NdisTapi - ok 15:36:15.0853 4604 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:36:15.0853 4604 Ndisuio - ok 15:36:15.0853 4604 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:36:15.0853 4604 NdisWan - ok 15:36:15.0853 4604 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:36:15.0853 4604 NDProxy - ok 15:36:15.0853 4604 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:36:15.0868 4604 NetBIOS - ok 15:36:15.0868 4604 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:36:15.0868 4604 NetBT - ok 15:36:15.0868 4604 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 15:36:15.0868 4604 Netlogon - ok 15:36:15.0884 4604 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 15:36:15.0884 4604 Netman - ok 15:36:15.0884 4604 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 15:36:15.0884 4604 netprofm - ok 15:36:15.0900 4604 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:36:15.0900 4604 NetTcpPortSharing - ok 15:36:15.0900 4604 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:36:15.0900 4604 nfrd960 - ok 15:36:15.0915 4604 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:36:15.0915 4604 NlaSvc - ok 15:36:15.0915 4604 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:36:15.0915 4604 Npfs - ok 15:36:15.0915 4604 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 15:36:15.0915 4604 nsi - ok 15:36:15.0915 4604 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:36:15.0915 4604 nsiproxy - ok 15:36:15.0946 4604 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:36:15.0962 4604 Ntfs - ok 15:36:15.0962 4604 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 15:36:15.0962 4604 Null - ok 15:36:15.0962 4604 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:36:15.0962 4604 nvraid - ok 15:36:15.0962 4604 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:36:15.0978 4604 nvstor - ok 15:36:15.0978 4604 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:36:15.0978 4604 nv_agp - ok 15:36:15.0978 4604 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:36:15.0978 4604 ohci1394 - ok 15:36:15.0978 4604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:36:15.0993 4604 p2pimsvc - ok 15:36:15.0993 4604 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 15:36:15.0993 4604 p2psvc - ok 15:36:16.0009 4604 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 15:36:16.0009 4604 Parport - ok 15:36:16.0009 4604 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:36:16.0009 4604 partmgr - ok 15:36:16.0009 4604 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:36:16.0024 4604 PcaSvc - ok 15:36:16.0024 4604 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 15:36:16.0024 4604 pci - ok 15:36:16.0024 4604 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 15:36:16.0024 4604 pciide - ok 15:36:16.0024 4604 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 15:36:16.0024 4604 pcmcia - ok 15:36:16.0040 4604 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 15:36:16.0040 4604 pcw - ok 15:36:16.0040 4604 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:36:16.0056 4604 PEAUTH - ok 15:36:16.0056 4604 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 15:36:16.0071 4604 PeerDistSvc - ok 15:36:16.0102 4604 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 15:36:16.0102 4604 PerfHost - ok 15:36:16.0118 4604 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 15:36:16.0134 4604 pla - ok 15:36:16.0134 4604 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:36:16.0149 4604 PlugPlay - ok 15:36:16.0149 4604 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:36:16.0149 4604 PNRPAutoReg - ok 15:36:16.0149 4604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:36:16.0149 4604 PNRPsvc - ok 15:36:16.0165 4604 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:36:16.0165 4604 PolicyAgent - ok 15:36:16.0180 4604 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 15:36:16.0180 4604 Power - ok 15:36:16.0180 4604 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:36:16.0180 4604 PptpMiniport - ok 15:36:16.0180 4604 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 15:36:16.0180 4604 Processor - ok 15:36:16.0196 4604 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 15:36:16.0196 4604 ProfSvc - ok 15:36:16.0196 4604 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:36:16.0196 4604 ProtectedStorage - ok 15:36:16.0212 4604 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:36:16.0212 4604 Psched - ok 15:36:16.0227 4604 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 15:36:16.0227 4604 ql2300 - ok 15:36:16.0243 4604 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 15:36:16.0243 4604 ql40xx - ok 15:36:16.0243 4604 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 15:36:16.0243 4604 QWAVE - ok 15:36:16.0258 4604 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:36:16.0258 4604 QWAVEdrv - ok 15:36:16.0258 4604 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:36:16.0258 4604 RasAcd - ok 15:36:16.0258 4604 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:36:16.0258 4604 RasAgileVpn - ok 15:36:16.0258 4604 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 15:36:16.0258 4604 RasAuto - ok 15:36:16.0274 4604 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:36:16.0274 4604 Rasl2tp - ok 15:36:16.0274 4604 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 15:36:16.0274 4604 RasMan - ok 15:36:16.0290 4604 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:36:16.0290 4604 RasPppoe - ok 15:36:16.0290 4604 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:36:16.0290 4604 RasSstp - ok 15:36:16.0290 4604 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:36:16.0290 4604 rdbss - ok 15:36:16.0305 4604 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 15:36:16.0305 4604 rdpbus - ok 15:36:16.0305 4604 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:36:16.0305 4604 RDPCDD - ok 15:36:16.0305 4604 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 15:36:16.0305 4604 RDPDR - ok 15:36:16.0321 4604 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:36:16.0321 4604 RDPENCDD - ok 15:36:16.0321 4604 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 15:36:16.0321 4604 RDPREFMP - ok 15:36:16.0321 4604 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 15:36:16.0321 4604 RdpVideoMiniport - ok 15:36:16.0321 4604 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:36:16.0336 4604 RDPWD - ok 15:36:16.0336 4604 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:36:16.0336 4604 rdyboost - ok 15:36:16.0336 4604 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:36:16.0336 4604 RemoteAccess - ok 15:36:16.0352 4604 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:36:16.0352 4604 RemoteRegistry - ok 15:36:16.0352 4604 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:36:16.0352 4604 RpcEptMapper - ok 15:36:16.0352 4604 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 15:36:16.0352 4604 RpcLocator - ok 15:36:16.0368 4604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 15:36:16.0368 4604 RpcSs - ok 15:36:16.0368 4604 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:36:16.0368 4604 rspndr - ok 15:36:16.0383 4604 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 15:36:16.0383 4604 RTL8167 - ok 15:36:16.0383 4604 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 15:36:16.0383 4604 s3cap - ok 15:36:16.0383 4604 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 15:36:16.0383 4604 SamSs - ok 15:36:16.0399 4604 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:36:16.0399 4604 sbp2port - ok 15:36:16.0399 4604 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:36:16.0399 4604 SCardSvr - ok 15:36:16.0414 4604 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:36:16.0414 4604 scfilter - ok 15:36:16.0414 4604 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 15:36:16.0430 4604 Schedule - ok 15:36:16.0430 4604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 15:36:16.0430 4604 SCPolicySvc - ok 15:36:16.0430 4604 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:36:16.0446 4604 SDRSVC - ok 15:36:16.0446 4604 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:36:16.0446 4604 secdrv - ok 15:36:16.0446 4604 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 15:36:16.0446 4604 seclogon - ok 15:36:16.0446 4604 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 15:36:16.0461 4604 SENS - ok 15:36:16.0461 4604 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:36:16.0461 4604 SensrSvc - ok 15:36:16.0461 4604 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 15:36:16.0461 4604 Serenum - ok 15:36:16.0461 4604 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 15:36:16.0461 4604 Serial - ok 15:36:16.0477 4604 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 15:36:16.0477 4604 sermouse - ok 15:36:16.0477 4604 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 15:36:16.0477 4604 SessionEnv - ok 15:36:16.0477 4604 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:36:16.0477 4604 sffdisk - ok 15:36:16.0492 4604 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:36:16.0492 4604 sffp_mmc - ok 15:36:16.0492 4604 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:36:16.0492 4604 sffp_sd - ok 15:36:16.0492 4604 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 15:36:16.0492 4604 sfloppy - ok 15:36:16.0492 4604 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:36:16.0508 4604 SharedAccess - ok 15:36:16.0508 4604 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:36:16.0508 4604 ShellHWDetection - ok 15:36:16.0524 4604 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 15:36:16.0524 4604 SiSRaid2 - ok 15:36:16.0524 4604 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:36:16.0524 4604 SiSRaid4 - ok 15:36:16.0524 4604 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:36:16.0524 4604 Smb - ok 15:36:16.0524 4604 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:36:16.0539 4604 SNMPTRAP - ok 15:36:16.0539 4604 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 15:36:16.0539 4604 spldr - ok 15:36:16.0539 4604 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 15:36:16.0555 4604 Spooler - ok 15:36:16.0586 4604 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 15:36:16.0633 4604 sppsvc - ok 15:36:16.0633 4604 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:36:16.0633 4604 sppuinotify - ok 15:36:16.0633 4604 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 15:36:16.0648 4604 srv - ok 15:36:16.0648 4604 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:36:16.0648 4604 srv2 - ok 15:36:16.0664 4604 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:36:16.0664 4604 srvnet - ok 15:36:16.0664 4604 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:36:16.0664 4604 SSDPSRV - ok 15:36:16.0680 4604 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:36:16.0680 4604 SstpSvc - ok 15:36:16.0680 4604 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 15:36:16.0680 4604 stexstor - ok 15:36:16.0680 4604 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 15:36:16.0695 4604 stisvc - ok 15:36:16.0695 4604 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 15:36:16.0695 4604 storflt - ok 15:36:16.0695 4604 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 15:36:16.0695 4604 storvsc - ok 15:36:16.0695 4604 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 15:36:16.0695 4604 swenum - ok 15:36:16.0711 4604 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 15:36:16.0711 4604 swprv - ok 15:36:16.0711 4604 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys 15:36:16.0726 4604 Synth3dVsc - ok 15:36:16.0742 4604 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 15:36:16.0758 4604 SysMain - ok 15:36:16.0773 4604 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:36:16.0773 4604 TabletInputService - ok 15:36:16.0773 4604 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:36:16.0789 4604 TapiSrv - ok 15:36:16.0789 4604 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 15:36:16.0789 4604 TBS - ok 15:36:16.0804 4604 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:36:16.0820 4604 Tcpip - ok 15:36:16.0836 4604 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:36:16.0851 4604 TCPIP6 - ok 15:36:16.0851 4604 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:36:16.0851 4604 tcpipreg - ok 15:36:16.0867 4604 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:36:16.0867 4604 TDPIPE - ok 15:36:16.0867 4604 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:36:16.0867 4604 TDTCP - ok 15:36:16.0867 4604 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:36:16.0867 4604 tdx - ok 15:36:16.0867 4604 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 15:36:16.0867 4604 TermDD - ok 15:36:16.0882 4604 [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt C:\Windows\system32\drivers\terminpt.sys 15:36:16.0882 4604 terminpt - ok 15:36:16.0882 4604 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 15:36:16.0898 4604 TermService - ok 15:36:16.0898 4604 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 15:36:16.0898 4604 Themes - ok 15:36:16.0898 4604 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 15:36:16.0914 4604 THREADORDER - ok 15:36:16.0914 4604 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 15:36:16.0914 4604 TrkWks - ok 15:36:16.0914 4604 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:36:16.0914 4604 TrustedInstaller - ok 15:36:16.0929 4604 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:36:16.0929 4604 tssecsrv - ok 15:36:16.0929 4604 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:36:16.0929 4604 TsUsbFlt - ok 15:36:16.0929 4604 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 15:36:16.0929 4604 TsUsbGD - ok 15:36:16.0929 4604 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys 15:36:16.0929 4604 tsusbhub - ok 15:36:16.0945 4604 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:36:16.0945 4604 tunnel - ok 15:36:16.0945 4604 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:36:16.0945 4604 uagp35 - ok 15:36:16.0945 4604 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:36:16.0945 4604 udfs - ok 15:36:16.0960 4604 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:36:16.0960 4604 UI0Detect - ok 15:36:16.0960 4604 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:36:16.0960 4604 uliagpkx - ok 15:36:16.0976 4604 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:36:16.0976 4604 umbus - ok 15:36:16.0976 4604 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 15:36:16.0976 4604 UmPass - ok 15:36:16.0976 4604 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 15:36:16.0976 4604 UmRdpService - ok 15:36:16.0992 4604 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 15:36:16.0992 4604 upnphost - ok 15:36:16.0992 4604 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 15:36:16.0992 4604 usbaudio - ok 15:36:17.0007 4604 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:36:17.0007 4604 usbccgp - ok 15:36:17.0007 4604 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:36:17.0007 4604 usbcir - ok 15:36:17.0007 4604 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:36:17.0007 4604 usbehci - ok 15:36:17.0023 4604 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:36:17.0023 4604 usbhub - ok 15:36:17.0023 4604 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 15:36:17.0023 4604 usbohci - ok 15:36:17.0023 4604 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:36:17.0023 4604 usbprint - ok 15:36:17.0023 4604 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 15:36:17.0023 4604 usbscan - ok 15:36:17.0038 4604 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:36:17.0038 4604 USBSTOR - ok 15:36:17.0038 4604 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 15:36:17.0038 4604 usbuhci - ok 15:36:17.0038 4604 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 15:36:17.0038 4604 UxSms - ok 15:36:17.0038 4604 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 15:36:17.0038 4604 VaultSvc - ok 15:36:17.0054 4604 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:36:17.0054 4604 vdrvroot - ok 15:36:17.0054 4604 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 15:36:17.0070 4604 vds - ok 15:36:17.0070 4604 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:36:17.0070 4604 vga - ok 15:36:17.0070 4604 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 15:36:17.0070 4604 VgaSave - ok 15:36:17.0070 4604 VGPU - ok 15:36:17.0070 4604 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 15:36:17.0085 4604 vhdmp - ok 15:36:17.0085 4604 VIAHdAudAddService - ok 15:36:17.0085 4604 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 15:36:17.0085 4604 viaide - ok 15:36:17.0085 4604 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 15:36:17.0085 4604 vmbus - ok 15:36:17.0101 4604 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 15:36:17.0101 4604 VMBusHID - ok 15:36:17.0101 4604 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:36:17.0101 4604 volmgr - ok 15:36:17.0101 4604 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:36:17.0101 4604 volmgrx - ok 15:36:17.0116 4604 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:36:17.0116 4604 volsnap - ok 15:36:17.0116 4604 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:36:17.0116 4604 vsmraid - ok 15:36:17.0148 4604 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 15:36:17.0148 4604 VSS - ok 15:36:17.0148 4604 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 15:36:17.0148 4604 vwifibus - ok 15:36:17.0163 4604 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 15:36:17.0163 4604 W32Time - ok 15:36:17.0163 4604 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 15:36:17.0163 4604 WacomPen - ok 15:36:17.0179 4604 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:36:17.0179 4604 WANARP - ok 15:36:17.0179 4604 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:36:17.0179 4604 Wanarpv6 - ok 15:36:17.0194 4604 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 15:36:17.0210 4604 WatAdminSvc - ok 15:36:17.0226 4604 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 15:36:17.0241 4604 wbengine - ok 15:36:17.0241 4604 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:36:17.0257 4604 WbioSrvc - ok 15:36:17.0257 4604 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:36:17.0257 4604 wcncsvc - ok 15:36:17.0272 4604 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:36:17.0272 4604 WcsPlugInService - ok 15:36:17.0272 4604 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 15:36:17.0272 4604 Wd - ok 15:36:17.0288 4604 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:36:17.0288 4604 Wdf01000 - ok 15:36:17.0288 4604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:36:17.0304 4604 WdiServiceHost - ok 15:36:17.0304 4604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:36:17.0304 4604 WdiSystemHost - ok 15:36:17.0304 4604 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 15:36:17.0319 4604 WebClient - ok 15:36:17.0319 4604 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:36:17.0319 4604 Wecsvc - ok 15:36:17.0319 4604 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:36:17.0319 4604 wercplsupport - ok 15:36:17.0335 4604 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 15:36:17.0335 4604 WerSvc - ok 15:36:17.0335 4604 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:36:17.0335 4604 WfpLwf - ok 15:36:17.0335 4604 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:36:17.0335 4604 WIMMount - ok 15:36:17.0350 4604 WinDefend - ok 15:36:17.0350 4604 WinHttpAutoProxySvc - ok 15:36:17.0350 4604 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:36:17.0366 4604 Winmgmt - ok 15:36:17.0382 4604 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 15:36:17.0397 4604 WinRM - ok 15:36:17.0413 4604 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 15:36:17.0428 4604 Wlansvc - ok 15:36:17.0428 4604 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 15:36:17.0428 4604 WmiAcpi - ok 15:36:17.0428 4604 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:36:17.0428 4604 wmiApSrv - ok 15:36:17.0428 4604 WMPNetworkSvc - ok 15:36:17.0444 4604 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:36:17.0444 4604 WPCSvc - ok 15:36:17.0444 4604 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:36:17.0444 4604 WPDBusEnum - ok 15:36:17.0444 4604 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:36:17.0444 4604 ws2ifsl - ok 15:36:17.0460 4604 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 15:36:17.0460 4604 wscsvc - ok 15:36:17.0460 4604 WSearch - ok 15:36:17.0491 4604 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 15:36:17.0491 4604 wuauserv - ok 15:36:17.0506 4604 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:36:17.0506 4604 WudfPf - ok 15:36:17.0506 4604 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:36:17.0506 4604 wudfsvc - ok 15:36:17.0522 4604 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 15:36:17.0522 4604 WwanSvc - ok 15:36:17.0522 4604 ================ Scan global =============================== 15:36:17.0522 4604 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 15:36:17.0538 4604 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 15:36:17.0538 4604 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 15:36:17.0538 4604 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 15:36:17.0553 4604 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 15:36:17.0553 4604 [Global] - ok 15:36:17.0553 4604 ================ Scan MBR ================================== 15:36:17.0553 4604 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:36:17.0631 4604 \Device\Harddisk0\DR0 - ok 15:36:17.0631 4604 ================ Scan VBR ================================== 15:36:17.0631 4604 [ 239F97050034D5C761AB2DCE87B3BDA1 ] \Device\Harddisk0\DR0\Partition1 15:36:17.0631 4604 \Device\Harddisk0\DR0\Partition1 - ok 15:36:17.0631 4604 [ F68083C969310E714C362B40B53C831E ] \Device\Harddisk0\DR0\Partition2 15:36:17.0631 4604 \Device\Harddisk0\DR0\Partition2 - ok 15:36:17.0631 4604 ============================================================ 15:36:17.0631 4604 Scan finished 15:36:17.0631 4604 ============================================================ 15:36:17.0647 3248 Detected object count: 0 15:36:17.0647 3248 Actual detected object count: 0
-
I made two of these because I couldn't find the log of the first one (I guess I closed the box and didn't realize it) by doing a search. I found it by manually searching the C drive. So, here are both files from ADW. # AdwCleaner v2.114 - Logfile created 03/12/2013 at 15:35:06 # Updated 05/03/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : n - N-PC # Boot Mode : Normal # Running from : C:\Users\h\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Classes\S ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [538 octets] - [12/03/2013 15:35:06] ########## EOF - \AdwCleaner[R1].txt - [597 octets] ########## and now the second one # AdwCleaner v2.114 - Logfile created 03/12/2013 at 15:48:36 # Updated 05/03/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : n - N-PC # Boot Mode : Normal # Running from : C:\Users\h\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Classes\S ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. ************************* AdwCleaner[R1].txt - [663 octets] - [12/03/2013 15:35:06] AdwCleaner[R2].txt - [597 octets] - [12/03/2013 15:48:36] ########## EOF - \AdwCleaner[R2].txt - [656 octets] ##########
-
You said "leave it as it is". Where you referring to just the firewall? Should I just leaving everything in Kasperksy as it is? If i do need to disable the antivirus, should I disable all the types of antivirus (There's file, mail web, and IM antiviruses)?
-
You want me to disable my firewall (I have Kaspersky Pure 3.0 and Malwarebytes Pro active) but NOT turn it off? This I do not understand.
-
Here's the new thread with the new logs http://forums.malwarebytes.org/index.php?showtopic=123684
-
Post number 26 here ( http://forums.malwarebytes.org/index.php?showtopic=123552&st=20 ) contains my first DDS logs (you may want to read that thread anyway). They were done with Kaspersky internet security 2013 active as I do not know if it has a script blocker and am uncomfortable with disabling it. I have attached some new DDS files (ran without disabling kaspersky pure 3.0). Since the last time I have removed Kaspersky internet security and replaced it with Kaspersky pure 3.0. Now my scans are finishing. Both Kasperksy pure 3.0 and Malwarebytes pro have found nothing. Actually, you should read that thread as it will be enlightening. I don't want to remove Kas and MB and reinstall them and do that mini-toolbox thing, but will if I have to. Let me know. If I need to disable kaspersky and run DDS, let me know. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 Run by n at 14:19:07 on 2013-03-10 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8173.5400 [GMT -5:00] . AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:60 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll TCP: NameServer = 8.26.56.26 8.20.247.20 TCP: Interfaces\{D967BCD4-7095-4CCB-8154-F8630495EB7E} : NameServer = 8.26.56.26,8.20.247.20 TCP: Interfaces\{D967BCD4-7095-4CCB-8154-F8630495EB7E} : DHCPNameServer = 8.26.56.26 8.20.247.20 SSODL: WebCheck - <orphaned> x64-mStart Page = about:blank x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-3-8 84536] R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-3-8 66616] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54104] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356968] R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-9 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-9 682344] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29016] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29528] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-9 24176] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-9 565352] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-11-9 46136] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-10 19456] S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-10 29696] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-10 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-10 30208] S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-10 1255736] . =============== Created Last 30 ================ . 2013-03-09 23:44:38 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2BF4CC09-7A2F-4C2B-8E79-56B25D19E8D6}\mpengine.dll 2013-03-09 03:22:41 64856 ----a-w- C:\Windows\System32\klfphc.dll 2013-03-09 03:22:37 84536 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys 2013-03-09 03:22:37 66616 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys 2013-03-09 03:22:31 -------- d-----w- C:\ProgramData\Kaspersky Lab 2013-03-09 03:22:31 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2013-03-09 03:22:31 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch 2013-03-09 03:21:53 89944 ----a-w- C:\Windows\System32\drivers\klflt.sys 2013-03-09 02:51:07 -------- d--h--w- C:\kleaner.tmp 2013-03-08 01:40:37 -------- d-----w- C:\Users\n\AppData\Local\lptmp245130699 2013-03-07 03:13:47 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe 2013-02-21 20:56:13 -------- d-----w- C:\ProgramData\EA Core 2013-02-21 20:55:55 -------- d-----w- C:\ProgramData\EA Logs 2013-02-21 20:32:02 -------- d-----w- C:\Windows\SysWow64\%Report% 2013-02-21 19:13:25 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-02-21 18:14:21 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller 2013-02-21 18:14:13 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation 2013-02-21 17:08:14 -------- d-----w- C:\Program Files (x86)\Origin Games 2013-02-21 17:08:13 -------- d-----w- C:\Users\n\AppData\Local\Origin 2013-02-21 17:08:02 -------- d-----w- C:\ProgramData\Electronic Arts 2013-02-21 17:07:49 -------- d-----w- C:\Program Files (x86)\Origin 2013-02-21 16:38:51 -------- d-----w- C:\Users\n\AppData\Roaming\Origin 2013-02-21 16:36:30 -------- d-----w- C:\ProgramData\Origin 2013-02-13 17:18:49 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 17:18:49 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 17:14:33 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-13 17:14:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 17:14:32 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 17:14:32 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 17:14:32 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 17:14:32 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 17:14:27 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-13 17:14:26 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 17:14:26 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 17:14:25 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-13 17:14:03 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-02-13 17:14:03 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ==================== Find3M ==================== . 2013-02-28 02:19:18 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-28 02:19:18 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-17 07:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-25 21:32:12 1409 ----a-w- C:\Windows\QTFont.for 2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll 2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll 2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll 2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll 2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe 2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll 2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll 2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 14:19:28.51 =============== 3-10 Attach.txt
-
O_O I'll start by posting my old DDS logs and new ones in the malware removal forum. Removing everything is a drastic and time consuming step. O_O
