IP BLOCK - was advised to post here

[lailahuk86]

Avised by MysteryFCM here http://forums.malwarebytes.org/index.php?showtopic=114590

My original post from that topic.

IP-BLOCK 204.160.98.253 (Type: outgoing, Port: 49219, Process: svchost.exe)

Turned my PC on for the first time in a week and got this while running updates. Checked with TCPview and pressed update again after a restart and went through a similar ip 204.160.x.x (can't remember if the 3rd part was the same).

I haven't noticed any symptoms of an infection.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Ruiz at 23:25:17 on 2012-08-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8167.6492 [GMT 1:00]

.

AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mWinlogon: Userinit=userinit.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{C0C10918-0C86-47F9-8401-6EB6B59F9BED} : DhcpNameServer = 192.168.2.1

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ruiz\AppData\Roaming\Mozilla\Firefox\Profiles\8r09c9ur.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: network.proxy.type - 0

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-23 13592]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-21 14:55:58 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-08-21 14:55:58 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-08-21 14:13:12 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{357E339B-A31F-4935-AAF0-9A6EC3B23116}\mpengine.dll

.

==================== Find3M ====================

.

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 11:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 23:25:30.86 ===============

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 23/02/2012 17:21:53

System Uptime: 21/08/2012 23:11:37 (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8Z68-V GEN3

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 324.12 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0000

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\*ISATAP\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

==== System Restore Points ===================

.

RP62: 21/08/2012 15:55:26 - Windows Update

RP63: 21/08/2012 15:56:00 - Windows Update

.

==== Installed Programs ======================

.

Asmedia ASM104x USB 3.0 Host Controller Driver

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Deus Ex: Human Revolution

Diablo III

Fallout: New Vegas

Intel® Management Engine Components

Intel® Rapid Storage Technology

JMicron JMB36X Driver

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mount & Blade: Warband

Mozilla Firefox 14.0.1 (x86 en-GB)

Natural Selection 2

Portal 2

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

StarCraft II

Steam

TERA

The Binding of Isaac

The Elder Scrolls V: Skyrim

The Witcher 2: Assassins of Kings Enhanced Edition

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

.

==== Event Viewer Messages From Past Week ========

.

21/08/2012 17:17:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

21/08/2012 17:17:15, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[lailahuk86]

MBAM log is clean so I attached it.

ComboFix 12-08-22.01 - Ruiz 22/08/2012 18:01:18.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8167.6701 [GMT 1:00]

Running from: c:\users\Ruiz\Desktop\ComboFix.exe

AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))

.

.

2012-08-21 14:55 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-08-21 14:55 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-08-21 14:13 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{357E339B-A31F-4935-AAF0-9A6EC3B23116}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-21 14:10 . 2012-02-23 19:18 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 12:46 . 2012-02-27 15:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-09 05:43 . 2012-07-12 17:07 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-12 17:07 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-12 17:07 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-12 17:07 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-12 17:07 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-12 17:07 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-12 17:07 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-07-12 17:05 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-07-12 17:05 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-07-12 17:05 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-07-12 17:05 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-07-12 17:05 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-07-12 17:05 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-07-12 17:05 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19 . 2012-07-12 17:04 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:15 . 2012-07-12 17:04 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-12 17:07 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-12 17:07 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-12 17:07 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-12 17:07 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-12 17:07 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-12 17:07 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-12 17:07 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-12 17:07 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-12 17:07 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 11:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-23 1255736]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Ruiz\AppData\Roaming\Mozilla\Firefox\Profiles\8r09c9ur.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: network.proxy.type - 0

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-22 18:08:50 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-22 17:08

.

Pre-Run: 341,701,713,920 bytes free

Post-Run: 341,838,348,288 bytes free

.

- - End Of File - - B84D5C651A38487057CE4DF17D6C8BCF

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 23/02/2012 17:21:53

System Uptime: 22/08/2012 18:05:03 (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8Z68-V GEN3

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 318.434 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0000

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\*ISATAP\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

==== System Restore Points ===================

.

RP62: 21/08/2012 15:55:26 - Windows Update

RP63: 21/08/2012 15:56:00 - Windows Update

RP64: 22/08/2012 00:51:14 - Installed DirectX

.

==== Installed Programs ======================

.

Asmedia ASM104x USB 3.0 Host Controller Driver

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Counter-Strike: Global Offensive

Deus Ex: Human Revolution

Diablo III

Fallout: New Vegas

Intel® Management Engine Components

Intel® Rapid Storage Technology

JMicron JMB36X Driver

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mount & Blade: Warband

Mozilla Firefox 14.0.1 (x86 en-GB)

Natural Selection 2

Portal 2

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

StarCraft II

Steam

TERA

The Binding of Isaac

The Elder Scrolls V: Skyrim

The Witcher 2: Assassins of Kings Enhanced Edition

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

.

==== Event Viewer Messages From Past Week ========

.

22/08/2012 18:05:15, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

22/08/2012 18:05:15, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

22/08/2012 18:04:29, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

22/08/2012 18:04:16, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

21/08/2012 17:17:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

21/08/2012 17:17:15, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Ruiz at 18:09:24 on 2012-08-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8167.6694 [GMT 1:00]

.

AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{C0C10918-0C86-47F9-8401-6EB6B59F9BED} : DhcpNameServer = 192.168.2.1

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ruiz\AppData\Roaming\Mozilla\Firefox\Profiles\8r09c9ur.default\

FF - prefs.js: browser.startup.homepage - about:blank

FF - prefs.js: network.proxy.type - 0

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-23 13592]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-22 17:00:53 98816 ----a-w- C:\Windows\sed.exe

2012-08-22 17:00:53 518144 ----a-w- C:\Windows\SWREG.exe

2012-08-22 17:00:53 256000 ----a-w- C:\Windows\PEV.exe

2012-08-22 17:00:53 208896 ----a-w- C:\Windows\MBR.exe

2012-08-21 14:55:58 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-08-21 14:55:58 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-08-21 14:13:12 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{357E339B-A31F-4935-AAF0-9A6EC3B23116}\mpengine.dll

.

==================== Find3M ====================

.

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 11:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 18:09:35.62 ===============

mbam-log-2012-08-22 (17-57-13).txt

[screen317]

Hi,

Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.
  

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Export the threats found (if any), and post them here.
   

Next, please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[lailahuk86]

Was there anything in my logs? The install.exe combofix removed was to do with c++ when installing a game.

https://www.virustotal.com/file/08966ce743aa1cbed0874933e104ef7b913188ecd8f0c679f7d8378516c51da2/analysis/1345659024/

I have eset as my main virus protection/firewall and have run scans, all of them being clean.

# AdwCleaner v1.801 - Logfile created 08/22/2012 at 20:59:34

# Updated 14/08/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ruiz - TOMO

# Boot Mode : Normal

# Running from : C:\Users\Ruiz\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Registre - GUID] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-GB)

Profile name : default

File : C:\Users\Ruiz\AppData\Roaming\Mozilla\Firefox\Profiles\8r09c9ur.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [849 octets] - [22/08/2012 20:58:52]

AdwCleaner[s1].txt - [284 octets] - [22/08/2012 20:59:19]

AdwCleaner[R2].txt - [840 octets] - [22/08/2012 20:59:34]

########## EOF - C:\AdwCleaner[R2].txt - [967 octets] ##########

Results of screen317's Security Check version 0.99.46

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

ESET Smart Security 5.0

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Mozilla Firefox (14.0.1)

````````Process Check: objlist.exe by Laurent````````

ESET NOD32 Antivirus egui.exe

ESET NOD32 Antivirus ekrn.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

20:54:28.0838 3544 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03

20:54:28.0947 3544 ============================================================

20:54:28.0947 3544 Current date / time: 2012/08/22 20:54:28.0947

20:54:28.0947 3544 SystemInfo:

20:54:28.0947 3544

20:54:28.0947 3544 OS Version: 6.1.7601 ServicePack: 1.0

20:54:28.0947 3544 Product type: Workstation

20:54:28.0947 3544 ComputerName: TOMO

20:54:28.0947 3544 UserName: Ruiz

20:54:28.0947 3544 Windows directory: C:\Windows

20:54:28.0947 3544 System windows directory: C:\Windows

20:54:28.0947 3544 Running under WOW64

20:54:28.0947 3544 Processor architecture: Intel x64

20:54:28.0947 3544 Number of processors: 4

20:54:28.0947 3544 Page size: 0x1000

20:54:28.0947 3544 Boot type: Normal boot

20:54:28.0947 3544 ============================================================

20:54:29.0259 3544 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:54:29.0259 3544 ============================================================

20:54:29.0259 3544 \Device\Harddisk0\DR0:

20:54:29.0259 3544 MBR partitions:

20:54:29.0259 3544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

20:54:29.0259 3544 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

20:54:29.0259 3544 ============================================================

20:54:29.0290 3544 C: <-> \Device\Harddisk0\DR0\Partition2

20:54:29.0290 3544 ============================================================

20:54:29.0290 3544 Initialize success

20:54:29.0290 3544 ============================================================

20:54:40.0304 4156 ============================================================

20:54:40.0304 4156 Scan started

20:54:40.0304 4156 Mode: Manual; SigCheck; TDLFS;

20:54:40.0304 4156 ============================================================

20:54:40.0616 4156 ================ Scan system memory ========================

20:54:40.0616 4156 System memory - ok

20:54:40.0616 4156 ================ Scan services =============================

20:54:40.0756 4156 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

20:54:40.0850 4156 1394ohci - ok

20:54:40.0865 4156 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

20:54:40.0865 4156 ACPI - ok

20:54:40.0881 4156 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

20:54:40.0928 4156 AcpiPmi - ok

20:54:40.0959 4156 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

20:54:40.0975 4156 adp94xx - ok

20:54:40.0990 4156 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

20:54:41.0006 4156 adpahci - ok

20:54:41.0037 4156 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

20:54:41.0053 4156 adpu320 - ok

20:54:41.0068 4156 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

20:54:41.0162 4156 AeLookupSvc - ok

20:54:41.0193 4156 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

20:54:41.0224 4156 AFD - ok

20:54:41.0224 4156 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

20:54:41.0240 4156 agp440 - ok

20:54:41.0240 4156 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

20:54:41.0271 4156 ALG - ok

20:54:41.0302 4156 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

20:54:41.0318 4156 aliide - ok

20:54:41.0349 4156 [ B5E2434FC851698C1F119CF1C3935A50 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

20:54:41.0411 4156 AMD External Events Utility - ok

20:54:41.0411 4156 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

20:54:41.0427 4156 amdide - ok

20:54:41.0427 4156 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

20:54:41.0443 4156 AmdK8 - ok

20:54:41.0583 4156 [ 9E3B4946F7E1BCA0B763E19D81EDBF2C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

20:54:41.0786 4156 amdkmdag - ok

20:54:41.0801 4156 [ B9E1C7B7F1865F99B16FF2E1BB94EDB6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

20:54:41.0817 4156 amdkmdap - ok

20:54:41.0817 4156 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

20:54:41.0833 4156 AmdPPM - ok

20:54:41.0879 4156 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

20:54:41.0879 4156 amdsata - ok

20:54:41.0895 4156 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

20:54:41.0911 4156 amdsbs - ok

20:54:41.0926 4156 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

20:54:41.0926 4156 amdxata - ok

20:54:41.0957 4156 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

20:54:42.0051 4156 AppID - ok

20:54:42.0067 4156 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

20:54:42.0098 4156 AppIDSvc - ok

20:54:42.0113 4156 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

20:54:42.0160 4156 Appinfo - ok

20:54:42.0425 4156 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

20:54:42.0425 4156 arc - ok

20:54:42.0457 4156 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

20:54:42.0472 4156 arcsas - ok

20:54:42.0503 4156 [ 6D9C024AA8F24065A6DBEAB1F431D854 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys

20:54:42.0628 4156 asmthub3 - ok

20:54:42.0644 4156 [ ECAD22F15D8F17CC04F24E9A6FB00F2F ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys

20:54:42.0675 4156 asmtxhci - ok

20:54:42.0753 4156 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

20:54:42.0769 4156 aspnet_state - ok

20:54:42.0784 4156 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

20:54:42.0831 4156 AsyncMac - ok

20:54:42.0878 4156 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

20:54:42.0878 4156 atapi - ok

20:54:42.0925 4156 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

20:54:42.0971 4156 AudioEndpointBuilder - ok

20:54:42.0971 4156 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

20:54:43.0003 4156 AudioSrv - ok

20:54:43.0018 4156 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

20:54:43.0065 4156 AxInstSV - ok

20:54:43.0096 4156 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

20:54:43.0112 4156 b06bdrv - ok

20:54:43.0127 4156 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

20:54:43.0143 4156 b57nd60a - ok

20:54:43.0159 4156 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

20:54:43.0190 4156 BDESVC - ok

20:54:43.0205 4156 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

20:54:43.0237 4156 Beep - ok

20:54:43.0283 4156 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

20:54:43.0330 4156 BFE - ok

20:54:43.0361 4156 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

20:54:43.0408 4156 BITS - ok

20:54:43.0424 4156 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

20:54:43.0439 4156 blbdrive - ok

20:54:43.0455 4156 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

20:54:43.0471 4156 bowser - ok

20:54:43.0502 4156 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

20:54:43.0517 4156 BrFiltLo - ok

20:54:43.0517 4156 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

20:54:43.0533 4156 BrFiltUp - ok

20:54:43.0580 4156 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

20:54:43.0611 4156 BridgeMP - ok

20:54:43.0658 4156 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

20:54:43.0673 4156 Browser - ok

20:54:43.0673 4156 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

20:54:43.0689 4156 Brserid - ok

20:54:43.0689 4156 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

20:54:43.0705 4156 BrSerWdm - ok

20:54:43.0736 4156 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

20:54:43.0751 4156 BrUsbMdm - ok

20:54:43.0751 4156 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

20:54:43.0767 4156 BrUsbSer - ok

20:54:43.0783 4156 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

20:54:43.0798 4156 BTHMODEM - ok

20:54:43.0829 4156 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

20:54:43.0876 4156 bthserv - ok

20:54:43.0907 4156 catchme - ok

20:54:43.0923 4156 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

20:54:43.0954 4156 cdfs - ok

20:54:43.0985 4156 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

20:54:44.0017 4156 cdrom - ok

20:54:44.0032 4156 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

20:54:44.0079 4156 CertPropSvc - ok

20:54:44.0079 4156 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

20:54:44.0095 4156 circlass - ok

20:54:44.0110 4156 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

20:54:44.0110 4156 CLFS - ok

20:54:44.0173 4156 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:54:44.0173 4156 clr_optimization_v2.0.50727_32 - ok

20:54:44.0204 4156 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:54:44.0219 4156 clr_optimization_v2.0.50727_64 - ok

20:54:44.0282 4156 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:54:44.0297 4156 clr_optimization_v4.0.30319_32 - ok

20:54:44.0313 4156 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:54:44.0313 4156 clr_optimization_v4.0.30319_64 - ok

20:54:44.0360 4156 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

20:54:44.0360 4156 CmBatt - ok

20:54:44.0375 4156 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

20:54:44.0375 4156 cmdide - ok

20:54:44.0422 4156 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

20:54:44.0438 4156 CNG - ok

20:54:44.0438 4156 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

20:54:44.0453 4156 Compbatt - ok

20:54:44.0469 4156 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

20:54:44.0500 4156 CompositeBus - ok

20:54:44.0500 4156 COMSysApp - ok

20:54:44.0516 4156 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

20:54:44.0531 4156 crcdisk - ok

20:54:44.0563 4156 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

20:54:44.0578 4156 CryptSvc - ok

20:54:44.0594 4156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

20:54:44.0641 4156 DcomLaunch - ok

20:54:44.0656 4156 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

20:54:44.0687 4156 defragsvc - ok

20:54:44.0687 4156 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

20:54:44.0719 4156 DfsC - ok

20:54:44.0750 4156 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

20:54:44.0781 4156 Dhcp - ok

20:54:44.0797 4156 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

20:54:44.0828 4156 discache - ok

20:54:44.0859 4156 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

20:54:44.0875 4156 Disk - ok

20:54:44.0890 4156 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

20:54:44.0906 4156 Dnscache - ok

20:54:44.0921 4156 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

20:54:44.0953 4156 dot3svc - ok

20:54:44.0968 4156 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

20:54:45.0015 4156 DPS - ok

20:54:45.0046 4156 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

20:54:45.0062 4156 drmkaud - ok

20:54:45.0093 4156 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

20:54:45.0124 4156 DXGKrnl - ok

20:54:45.0171 4156 [ 6BAFD9819D9FEC2EDBAEBC8493C711A4 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys

20:54:45.0187 4156 e1cexpress - ok

20:54:45.0218 4156 [ 13533557D01B88C83110D5CF749F14D7 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys

20:54:45.0233 4156 eamonm - ok

20:54:45.0265 4156 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

20:54:45.0296 4156 EapHost - ok

20:54:45.0374 4156 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

20:54:45.0452 4156 ebdrv - ok

20:54:45.0499 4156 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

20:54:45.0530 4156 EFS - ok

20:54:45.0545 4156 [ E097728129E7B79BF1089D7AEF42332B ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys

20:54:45.0545 4156 ehdrv - ok

20:54:45.0608 4156 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

20:54:45.0655 4156 ehRecvr - ok

20:54:45.0670 4156 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

20:54:45.0686 4156 ehSched - ok

20:54:45.0748 4156 [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

20:54:45.0764 4156 ekrn - ok

20:54:45.0826 4156 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

20:54:45.0842 4156 elxstor - ok

20:54:45.0857 4156 [ 198C6FBC30BBD9632EA051203DCCF204 ] epfw C:\Windows\system32\DRIVERS\epfw.sys

20:54:45.0873 4156 epfw - ok

20:54:45.0889 4156 [ 56DE463F517710A8AA44EEF82C35B3C9 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys

20:54:45.0889 4156 EpfwLWF - ok

20:54:45.0904 4156 [ 710B0442BB2F99278D7B8E02A8849C11 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys

20:54:45.0904 4156 epfwwfp - ok

20:54:45.0920 4156 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

20:54:45.0935 4156 ErrDev - ok

20:54:45.0982 4156 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

20:54:46.0029 4156 EventSystem - ok

20:54:46.0060 4156 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

20:54:46.0091 4156 exfat - ok

20:54:46.0091 4156 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

20:54:46.0123 4156 fastfat - ok

20:54:46.0185 4156 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

20:54:46.0216 4156 Fax - ok

20:54:46.0232 4156 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

20:54:46.0247 4156 fdc - ok

20:54:46.0279 4156 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

20:54:46.0325 4156 fdPHost - ok

20:54:46.0341 4156 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

20:54:46.0372 4156 FDResPub - ok

20:54:46.0388 4156 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

20:54:46.0403 4156 FileInfo - ok

20:54:46.0403 4156 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

20:54:46.0435 4156 Filetrace - ok

20:54:46.0481 4156 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

20:54:46.0481 4156 flpydisk - ok

20:54:46.0497 4156 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

20:54:46.0513 4156 FltMgr - ok

20:54:46.0559 4156 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

20:54:46.0591 4156 FontCache - ok

20:54:46.0637 4156 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:54:46.0637 4156 FontCache3.0.0.0 - ok

20:54:46.0653 4156 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

20:54:46.0653 4156 FsDepends - ok

20:54:46.0684 4156 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

20:54:46.0684 4156 Fs_Rec - ok

20:54:46.0700 4156 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

20:54:46.0715 4156 fvevol - ok

20:54:46.0731 4156 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

20:54:46.0747 4156 gagp30kx - ok

20:54:46.0778 4156 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

20:54:46.0809 4156 gpsvc - ok

20:54:46.0825 4156 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

20:54:46.0840 4156 hcw85cir - ok

20:54:46.0887 4156 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

20:54:46.0903 4156 HdAudAddService - ok

20:54:46.0949 4156 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

20:54:46.0965 4156 HDAudBus - ok

20:54:46.0981 4156 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

20:54:46.0996 4156 HidBatt - ok

20:54:46.0996 4156 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

20:54:47.0012 4156 HidBth - ok

20:54:47.0012 4156 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

20:54:47.0027 4156 HidIr - ok

20:54:47.0043 4156 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

20:54:47.0074 4156 hidserv - ok

20:54:47.0090 4156 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

20:54:47.0105 4156 HidUsb - ok

20:54:47.0121 4156 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

20:54:47.0168 4156 hkmsvc - ok

20:54:47.0183 4156 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

20:54:47.0199 4156 HomeGroupListener - ok

20:54:47.0215 4156 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

20:54:47.0261 4156 HomeGroupProvider - ok

20:54:47.0261 4156 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

20:54:47.0277 4156 HpSAMD - ok

20:54:47.0308 4156 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

20:54:47.0355 4156 HTTP - ok

20:54:47.0371 4156 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

20:54:47.0371 4156 hwpolicy - ok

20:54:47.0386 4156 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

20:54:47.0402 4156 i8042prt - ok

20:54:47.0433 4156 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

20:54:47.0433 4156 iaStor - ok

20:54:47.0495 4156 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

20:54:47.0511 4156 IAStorDataMgrSvc - ok

20:54:47.0527 4156 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

20:54:47.0542 4156 iaStorV - ok

20:54:47.0589 4156 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:54:47.0605 4156 idsvc - ok

20:54:47.0636 4156 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

20:54:47.0651 4156 iirsp - ok

20:54:47.0667 4156 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

20:54:47.0714 4156 IKEEXT - ok

20:54:47.0792 4156 [ 589B94A9B73A0E819FF873743A480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

20:54:47.0839 4156 IntcAzAudAddService - ok

20:54:47.0854 4156 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

20:54:47.0854 4156 intelide - ok

20:54:47.0870 4156 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

20:54:47.0901 4156 intelppm - ok

20:54:47.0917 4156 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

20:54:47.0963 4156 IPBusEnum - ok

20:54:47.0979 4156 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:54:47.0995 4156 IpFilterDriver - ok

20:54:48.0041 4156 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

20:54:48.0073 4156 iphlpsvc - ok

20:54:48.0073 4156 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

20:54:48.0088 4156 IPMIDRV - ok

20:54:48.0088 4156 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

20:54:48.0104 4156 IPNAT - ok

20:54:48.0135 4156 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

20:54:48.0135 4156 IRENUM - ok

20:54:48.0151 4156 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

20:54:48.0166 4156 isapnp - ok

20:54:48.0182 4156 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

20:54:48.0197 4156 iScsiPrt - ok

20:54:48.0244 4156 [ A577F5DB30F70ECA9708C07C2EACBD9D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

20:54:48.0244 4156 JRAID - ok

20:54:48.0260 4156 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

20:54:48.0275 4156 kbdclass - ok

20:54:48.0291 4156 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

20:54:48.0307 4156 kbdhid - ok

20:54:48.0338 4156 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

20:54:48.0353 4156 KeyIso - ok

20:54:48.0385 4156 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

20:54:48.0400 4156 KSecDD - ok

20:54:48.0400 4156 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

20:54:48.0416 4156 KSecPkg - ok

20:54:48.0416 4156 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

20:54:48.0463 4156 ksthunk - ok

20:54:48.0478 4156 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

20:54:48.0509 4156 KtmRm - ok

20:54:48.0556 4156 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

20:54:48.0587 4156 LanmanServer - ok

20:54:48.0619 4156 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

20:54:48.0650 4156 LanmanWorkstation - ok

20:54:48.0697 4156 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

20:54:48.0728 4156 lltdio - ok

20:54:48.0743 4156 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

20:54:48.0775 4156 lltdsvc - ok

20:54:48.0790 4156 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

20:54:48.0821 4156 lmhosts - ok

20:54:48.0853 4156 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

20:54:48.0853 4156 LSI_FC - ok

20:54:48.0884 4156 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

20:54:48.0899 4156 LSI_SAS - ok

20:54:48.0915 4156 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

20:54:48.0915 4156 LSI_SAS2 - ok

20:54:48.0931 4156 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

20:54:48.0946 4156 LSI_SCSI - ok

20:54:48.0946 4156 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

20:54:48.0993 4156 luafv - ok

20:54:49.0024 4156 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

20:54:49.0024 4156 MBAMProtector - ok

20:54:49.0055 4156 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:54:49.0071 4156 MBAMService - ok

20:54:49.0102 4156 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

20:54:49.0118 4156 Mcx2Svc - ok

20:54:49.0133 4156 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

20:54:49.0149 4156 megasas - ok

20:54:49.0180 4156 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

20:54:49.0180 4156 MegaSR - ok

20:54:49.0227 4156 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

20:54:49.0227 4156 MEIx64 - ok

20:54:49.0258 4156 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

20:54:49.0289 4156 MMCSS - ok

20:54:49.0305 4156 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

20:54:49.0336 4156 Modem - ok

20:54:49.0352 4156 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

20:54:49.0383 4156 monitor - ok

20:54:49.0399 4156 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

20:54:49.0399 4156 mouclass - ok

20:54:49.0430 4156 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

20:54:49.0461 4156 mouhid - ok

20:54:49.0492 4156 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

20:54:49.0492 4156 mountmgr - ok

20:54:49.0508 4156 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

20:54:49.0523 4156 mpio - ok

20:54:49.0523 4156 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

20:54:49.0555 4156 mpsdrv - ok

20:54:49.0586 4156 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

20:54:49.0617 4156 MpsSvc - ok

20:54:49.0633 4156 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

20:54:49.0648 4156 MRxDAV - ok

20:54:49.0679 4156 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

20:54:49.0695 4156 mrxsmb - ok

20:54:49.0711 4156 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:54:49.0726 4156 mrxsmb10 - ok

20:54:49.0726 4156 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:54:49.0742 4156 mrxsmb20 - ok

20:54:49.0757 4156 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

20:54:49.0757 4156 msahci - ok

20:54:49.0773 4156 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

20:54:49.0789 4156 msdsm - ok

20:54:49.0804 4156 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

20:54:49.0820 4156 MSDTC - ok

20:54:49.0835 4156 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

20:54:49.0867 4156 Msfs - ok

20:54:49.0882 4156 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

20:54:49.0913 4156 mshidkmdf - ok

20:54:49.0929 4156 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

20:54:49.0929 4156 msisadrv - ok

20:54:49.0960 4156 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

20:54:49.0991 4156 MSiSCSI - ok

20:54:50.0007 4156 msiserver - ok

20:54:50.0023 4156 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

20:54:50.0054 4156 MSKSSRV - ok

20:54:50.0054 4156 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

20:54:50.0101 4156 MSPCLOCK - ok

20:54:50.0101 4156 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

20:54:50.0147 4156 MSPQM - ok

20:54:50.0163 4156 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

20:54:50.0179 4156 MsRPC - ok

20:54:50.0210 4156 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

20:54:50.0210 4156 mssmbios - ok

20:54:50.0225 4156 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

20:54:50.0257 4156 MSTEE - ok

20:54:50.0272 4156 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

20:54:50.0272 4156 MTConfig - ok

20:54:50.0288 4156 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

20:54:50.0303 4156 Mup - ok

20:54:50.0319 4156 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

20:54:50.0350 4156 napagent - ok

20:54:50.0381 4156 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

20:54:50.0413 4156 NativeWifiP - ok

20:54:50.0428 4156 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

20:54:50.0459 4156 NDIS - ok

20:54:50.0475 4156 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

20:54:50.0491 4156 NdisCap - ok

20:54:50.0522 4156 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

20:54:50.0537 4156 NdisTapi - ok

20:54:50.0553 4156 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

20:54:50.0584 4156 Ndisuio - ok

20:54:50.0584 4156 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

20:54:50.0631 4156 NdisWan - ok

20:54:50.0647 4156 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

20:54:50.0662 4156 NDProxy - ok

20:54:50.0662 4156 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

20:54:50.0709 4156 NetBIOS - ok

20:54:50.0725 4156 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

20:54:50.0756 4156 NetBT - ok

20:54:50.0771 4156 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

20:54:50.0787 4156 Netlogon - ok

20:54:50.0818 4156 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

20:54:50.0849 4156 Netman - ok

20:54:50.0896 4156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:54:50.0912 4156 NetMsmqActivator - ok

20:54:50.0927 4156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:54:50.0927 4156 NetPipeActivator - ok

20:54:50.0943 4156 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

20:54:50.0974 4156 netprofm - ok

20:54:50.0974 4156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:54:50.0990 4156 NetTcpActivator - ok

20:54:50.0990 4156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:54:50.0990 4156 NetTcpPortSharing - ok

20:54:51.0021 4156 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

20:54:51.0021 4156 nfrd960 - ok

20:54:51.0052 4156 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

20:54:51.0083 4156 NlaSvc - ok

20:54:51.0099 4156 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

20:54:51.0115 4156 Npfs - ok

20:54:51.0146 4156 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

20:54:51.0177 4156 nsi - ok

20:54:51.0208 4156 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

20:54:51.0224 4156 nsiproxy - ok

20:54:51.0286 4156 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

20:54:51.0317 4156 Ntfs - ok

20:54:51.0349 4156 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

20:54:51.0364 4156 Null - ok

20:54:51.0411 4156 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

20:54:51.0411 4156 nvraid - ok

20:54:51.0427 4156 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

20:54:51.0427 4156 nvstor - ok

20:54:51.0458 4156 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

20:54:51.0458 4156 nv_agp - ok

20:54:51.0473 4156 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

20:54:51.0473 4156 ohci1394 - ok

20:54:51.0505 4156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

20:54:51.0520 4156 p2pimsvc - ok

20:54:51.0551 4156 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

20:54:51.0551 4156 p2psvc - ok

20:54:51.0567 4156 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

20:54:51.0567 4156 Parport - ok

20:54:51.0598 4156 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

20:54:51.0614 4156 partmgr - ok

20:54:51.0629 4156 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

20:54:51.0645 4156 PcaSvc - ok

20:54:51.0661 4156 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

20:54:51.0676 4156 pci - ok

20:54:51.0676 4156 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

20:54:51.0692 4156 pciide - ok

20:54:51.0692 4156 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

20:54:51.0707 4156 pcmcia - ok

20:54:51.0707 4156 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

20:54:51.0723 4156 pcw - ok

20:54:51.0739 4156 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

20:54:51.0770 4156 PEAUTH - ok

20:54:51.0832 4156 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

20:54:51.0848 4156 PerfHost - ok

20:54:51.0879 4156 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

20:54:51.0941 4156 pla - ok

20:54:51.0988 4156 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

20:54:52.0004 4156 PlugPlay - ok

20:54:52.0019 4156 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

20:54:52.0066 4156 PNRPAutoReg - ok

20:54:52.0082 4156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

20:54:52.0082 4156 PNRPsvc - ok

20:54:52.0113 4156 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

20:54:52.0144 4156 PolicyAgent - ok

20:54:52.0175 4156 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

20:54:52.0207 4156 Power - ok

20:54:52.0238 4156 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

20:54:52.0285 4156 PptpMiniport - ok

20:54:52.0300 4156 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

20:54:52.0316 4156 Processor - ok

20:54:52.0363 4156 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

20:54:52.0363 4156 ProfSvc - ok

20:54:52.0378 4156 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

20:54:52.0409 4156 ProtectedStorage - ok

20:54:52.0425 4156 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

20:54:52.0456 4156 Psched - ok

20:54:52.0503 4156 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

20:54:52.0534 4156 ql2300 - ok

20:54:52.0565 4156 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

20:54:52.0565 4156 ql40xx - ok

20:54:52.0597 4156 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

20:54:52.0612 4156 QWAVE - ok

20:54:52.0612 4156 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

20:54:52.0643 4156 QWAVEdrv - ok

20:54:52.0643 4156 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

20:54:52.0675 4156 RasAcd - ok

20:54:52.0690 4156 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

20:54:52.0721 4156 RasAgileVpn - ok

20:54:52.0737 4156 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

20:54:52.0768 4156 RasAuto - ok

20:54:52.0784 4156 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

20:54:52.0815 4156 Rasl2tp - ok

20:54:52.0862 4156 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

20:54:52.0877 4156 RasMan - ok

20:54:52.0893 4156 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

20:54:52.0924 4156 RasPppoe - ok

20:54:52.0940 4156 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

20:54:52.0987 4156 RasSstp - ok

20:54:53.0002 4156 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

20:54:53.0033 4156 rdbss - ok

20:54:53.0049 4156 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

20:54:53.0049 4156 rdpbus - ok

20:54:53.0065 4156 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

20:54:53.0080 4156 RDPCDD - ok

20:54:53.0096 4156 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

20:54:53.0143 4156 RDPENCDD - ok

20:54:53.0158 4156 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

20:54:53.0174 4156 RDPREFMP - ok

20:54:53.0205 4156 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

20:54:53.0205 4156 RDPWD - ok

20:54:53.0236 4156 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

20:54:53.0252 4156 rdyboost - ok

20:54:53.0267 4156 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

20:54:53.0299 4156 RemoteAccess - ok

20:54:53.0314 4156 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

20:54:53.0345 4156 RemoteRegistry - ok

20:54:53.0345 4156 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

20:54:53.0392 4156 RpcEptMapper - ok

20:54:53.0408 4156 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

20:54:53.0408 4156 RpcLocator - ok

20:54:53.0423 4156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

20:54:53.0439 4156 RpcSs - ok

20:54:53.0470 4156 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

20:54:53.0501 4156 rspndr - ok

20:54:53.0501 4156 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

20:54:53.0517 4156 SamSs - ok

20:54:53.0533 4156 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

20:54:53.0533 4156 sbp2port - ok

20:54:53.0548 4156 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

20:54:53.0579 4156 SCardSvr - ok

20:54:53.0595 4156 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

20:54:53.0611 4156 scfilter - ok

20:54:53.0642 4156 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

20:54:53.0673 4156 Schedule - ok

20:54:53.0704 4156 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

20:54:53.0720 4156 SCPolicySvc - ok

20:54:53.0735 4156 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

20:54:53.0735 4156 SDRSVC - ok

20:54:53.0767 4156 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

20:54:53.0798 4156 secdrv - ok

20:54:53.0813 4156 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

20:54:53.0829 4156 seclogon - ok

20:54:53.0845 4156 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

20:54:53.0876 4156 SENS - ok

20:54:53.0891 4156 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

20:54:53.0907 4156 SensrSvc - ok

20:54:53.0938 4156 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

20:54:53.0954 4156 Serenum - ok

20:54:53.0985 4156 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

20:54:54.0001 4156 Serial - ok

20:54:54.0016 4156 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

20:54:54.0032 4156 sermouse - ok

20:54:54.0047 4156 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

20:54:54.0079 4156 SessionEnv - ok

20:54:54.0079 4156 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

20:54:54.0110 4156 sffdisk - ok

20:54:54.0110 4156 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

20:54:54.0110 4156 sffp_mmc - ok

20:54:54.0125 4156 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

20:54:54.0125 4156 sffp_sd - ok

20:54:54.0141 4156 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

20:54:54.0157 4156 sfloppy - ok

20:54:54.0235 4156 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

20:54:54.0266 4156 SharedAccess - ok

20:54:54.0281 4156 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

20:54:54.0313 4156 ShellHWDetection - ok

20:54:54.0344 4156 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

20:54:54.0344 4156 SiSRaid2 - ok

20:54:54.0359 4156 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

20:54:54.0375 4156 SiSRaid4 - ok

20:54:54.0391 4156 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

20:54:54.0422 4156 Smb - ok

20:54:54.0453 4156 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

20:54:54.0469 4156 SNMPTRAP - ok

20:54:54.0469 4156 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

20:54:54.0484 4156 spldr - ok

20:54:54.0515 4156 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

20:54:54.0531 4156 Spooler - ok

20:54:54.0578 4156 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

20:54:54.0671 4156 sppsvc - ok

20:54:54.0687 4156 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

20:54:54.0703 4156 sppuinotify - ok

20:54:54.0749 4156 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

20:54:54.0765 4156 srv - ok

20:54:54.0781 4156 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

20:54:54.0796 4156 srv2 - ok

20:54:54.0812 4156 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

20:54:54.0827 4156 srvnet - ok

20:54:54.0859 4156 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

20:54:54.0890 4156 SSDPSRV - ok

20:54:54.0890 4156 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

20:54:54.0921 4156 SstpSvc - ok

20:54:54.0952 4156 Steam Client Service - ok

20:54:54.0968 4156 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

20:54:54.0983 4156 stexstor - ok

20:54:54.0999 4156 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

20:54:55.0015 4156 stisvc - ok

20:54:55.0030 4156 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

20:54:55.0030 4156 swenum - ok

20:54:55.0046 4156 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

20:54:55.0077 4156 swprv - ok

20:54:55.0108 4156 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

20:54:55.0155 4156 SysMain - ok

20:54:55.0171 4156 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

20:54:55.0171 4156 TabletInputService - ok

20:54:55.0186 4156 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

20:54:55.0217 4156 TapiSrv - ok

20:54:55.0233 4156 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

20:54:55.0249 4156 TBS - ok

20:54:55.0295 4156 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

20:54:55.0342 4156 Tcpip - ok

20:54:55.0373 4156 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

20:54:55.0389 4156 TCPIP6 - ok

20:54:55.0420 4156 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

20:54:55.0451 4156 tcpipreg - ok

20:54:55.0451 4156 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

20:54:55.0467 4156 TDPIPE - ok

20:54:55.0483 4156 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

20:54:55.0498 4156 TDTCP - ok

20:54:55.0514 4156 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

20:54:55.0529 4156 tdx - ok

20:54:55.0561 4156 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

20:54:55.0561 4156 TermDD - ok

20:54:55.0592 4156 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

20:54:55.0623 4156 TermService - ok

20:54:55.0639 4156 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

20:54:55.0654 4156 Themes - ok

20:54:55.0670 4156 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

20:54:55.0685 4156 THREADORDER - ok

20:54:55.0685 4156 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

20:54:55.0732 4156 TrkWks - ok

20:54:55.0763 4156 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

20:54:55.0795 4156 TrustedInstaller - ok

20:54:55.0810 4156 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

20:54:55.0841 4156 tssecsrv - ok

20:54:55.0873 4156 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

20:54:55.0873 4156 TsUsbFlt - ok

20:54:55.0888 4156 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

20:54:55.0888 4156 TsUsbGD - ok

20:54:55.0904 4156 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

20:54:55.0951 4156 tunnel - ok

20:54:55.0951 4156 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

20:54:55.0966 4156 uagp35 - ok

20:54:55.0982 4156 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

20:54:56.0029 4156 udfs - ok

20:54:56.0044 4156 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

20:54:56.0060 4156 UI0Detect - ok

20:54:56.0075 4156 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

20:54:56.0075 4156 uliagpkx - ok

20:54:56.0091 4156 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

20:54:56.0107 4156 umbus - ok

20:54:56.0107 4156 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

20:54:56.0122 4156 UmPass - ok

20:54:56.0138 4156 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

20:54:56.0169 4156 upnphost - ok

20:54:56.0200 4156 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

20:54:56.0231 4156 usbaudio - ok

20:54:56.0263 4156 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

20:54:56.0278 4156 usbccgp - ok

20:54:56.0309 4156 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

20:54:56.0325 4156 usbcir - ok

20:54:56.0341 4156 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

20:54:56.0372 4156 usbehci - ok

20:54:56.0372 4156 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

20:54:56.0403 4156 usbhub - ok

20:54:56.0419 4156 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

20:54:56.0419 4156 usbohci - ok

20:54:56.0434 4156 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys

20:54:56.0450 4156 usbprint - ok

20:54:56.0465 4156 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

20:54:56.0481 4156 USBSTOR - ok

20:54:56.0497 4156 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

20:54:56.0512 4156 usbuhci - ok

20:54:56.0528 4156 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

20:54:56.0559 4156 UxSms - ok

20:54:56.0590 4156 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

20:54:56.0606 4156 VaultSvc - ok

20:54:56.0637 4156 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

20:54:56.0637 4156 vdrvroot - ok

20:54:56.0653 4156 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

20:54:56.0684 4156 vds - ok

20:54:56.0715 4156 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

20:54:56.0715 4156 vga - ok

20:54:56.0731 4156 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

20:54:56.0777 4156 VgaSave - ok

20:54:56.0777 4156 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

20:54:56.0777 4156 vhdmp - ok

20:54:56.0793 4156 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

20:54:56.0793 4156 viaide - ok

20:54:56.0824 4156 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

20:54:56.0824 4156 volmgr - ok

20:54:56.0840 4156 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

20:54:56.0855 4156 volmgrx - ok

20:54:56.0887 4156 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys

20:54:56.0902 4156 volsnap - ok

20:54:56.0918 4156 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

20:54:56.0918 4156 vsmraid - ok

20:54:56.0949 4156 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

20:54:57.0011 4156 VSS - ok

20:54:57.0027 4156 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

20:54:57.0058 4156 vwifibus - ok

20:54:57.0074 4156 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

20:54:57.0089 4156 W32Time - ok

20:54:57.0105 4156 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

20:54:57.0121 4156 WacomPen - ok

20:54:57.0136 4156 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

20:54:57.0167 4156 WANARP - ok

20:54:57.0183 4156 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

20:54:57.0199 4156 Wanarpv6 - ok

20:54:57.0245 4156 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

20:54:57.0277 4156 WatAdminSvc - ok

20:54:57.0323 4156 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

20:54:57.0370 4156 wbengine - ok

20:54:57.0386 4156 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

20:54:57.0401 4156 WbioSrvc - ok

20:54:57.0401 4156 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

20:54:57.0433 4156 wcncsvc - ok

20:54:57.0448 4156 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

20:54:57.0448 4156 WcsPlugInService - ok

20:54:57.0479 4156 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

20:54:57.0479 4156 Wd - ok

20:54:57.0495 4156 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

20:54:57.0511 4156 Wdf01000 - ok

20:54:57.0526 4156 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

20:54:57.0573 4156 WdiServiceHost - ok

20:54:57.0573 4156 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

20:54:57.0589 4156 WdiSystemHost - ok

20:54:57.0604 4156 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

20:54:57.0620 4156 WebClient - ok

20:54:57.0635 4156 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

20:54:57.0682 4156 Wecsvc - ok

20:54:57.0682 4156 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

20:54:57.0713 4156 wercplsupport - ok

20:54:57.0729 4156 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

20:54:57.0760 4156 WerSvc - ok

20:54:57.0776 4156 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

20:54:57.0807 4156 WfpLwf - ok

20:54:57.0807 4156 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

20:54:57.0807 4156 WIMMount - ok

20:54:57.0838 4156 WinDefend - ok

20:54:57.0838 4156 WinHttpAutoProxySvc - ok

20:54:57.0885 4156 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

20:54:57.0916 4156 Winmgmt - ok

20:54:57.0963 4156 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

20:54:58.0025 4156 WinRM - ok

20:54:58.0072 4156 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

20:54:58.0103 4156 Wlansvc - ok

20:54:58.0119 4156 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

20:54:58.0150 4156 WmiAcpi - ok

20:54:58.0166 4156 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

20:54:58.0197 4156 wmiApSrv - ok

20:54:58.0213 4156 WMPNetworkSvc - ok

20:54:58.0228 4156 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

20:54:58.0244 4156 WPCSvc - ok

20:54:58.0259 4156 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

20:54:58.0275 4156 WPDBusEnum - ok

20:54:58.0306 4156 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

20:54:58.0322 4156 ws2ifsl - ok

20:54:58.0337 4156 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

20:54:58.0353 4156 wscsvc - ok

20:54:58.0353 4156 WSearch - ok

20:54:58.0415 4156 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

20:54:58.0478 4156 wuauserv - ok

20:54:58.0478 4156 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

20:54:58.0509 4156 WudfPf - ok

20:54:58.0525 4156 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

20:54:58.0556 4156 wudfsvc - ok

20:54:58.0571 4156 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

20:54:58.0587 4156 WwanSvc - ok

20:54:58.0603 4156 ================ Scan global ===============================

20:54:58.0618 4156 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

20:54:58.0649 4156 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

20:54:58.0649 4156 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

20:54:58.0681 4156 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

20:54:58.0712 4156 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

20:54:58.0712 4156 [Global] - ok

20:54:58.0712 4156 ================ Scan MBR ==================================

20:54:58.0727 4156 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

20:54:58.0977 4156 \Device\Harddisk0\DR0 - ok

20:54:58.0977 4156 ================ Scan VBR ==================================

20:54:58.0977 4156 [ 21137EE539A97D3A4DE313DDF05FB745 ] \Device\Harddisk0\DR0\Partition1

20:54:58.0977 4156 \Device\Harddisk0\DR0\Partition1 - ok

20:54:59.0008 4156 [ C89F64986F5A8A47891F64F61896059F ] \Device\Harddisk0\DR0\Partition2

20:54:59.0008 4156 \Device\Harddisk0\DR0\Partition2 - ok

20:54:59.0008 4156 ============================================================

20:54:59.0008 4156 Scan finished

20:54:59.0008 4156 ============================================================

20:54:59.0024 4976 Detected object count: 0

20:54:59.0024 4976 Actual detected object count: 0

20:55:51.0846 4204 Deinitialize success

[screen317]

I'm not seeing anything malware-related here. Can you post a protection log from MBAM?

[lailahuk86]

2012/08/21 15:12:22 +0100 TOMO Ruiz IP-BLOCK 204.160.98.253 (Type: outgoing, Port: 49219, Process: svchost.exe)

2012/08/21 15:12:46 +0100 TOMO Ruiz IP-BLOCK 204.160.98.253 (Type: outgoing, Port: 49232, Process: svchost.exe)

2012/08/21 15:12:46 +0100 TOMO Ruiz IP-BLOCK 204.160.98.253 (Type: outgoing, Port: 49234, Process: svchost.exe)

2012/08/21 15:12:46 +0100 TOMO Ruiz IP-BLOCK 204.160.98.253 (Type: outgoing, Port: 49236, Process: svchost.exe)

2012/08/21 15:12:54 +0100 TOMO Ruiz IP-BLOCK 204.160.98.253 (Type: outgoing, Port: 49238, Process: svchost.exe)

2012/08/21 15:12:54 +0100 TOMO Ruiz IP-BLOCK 204.160.98.253 (Type: outgoing, Port: 49240, Process: svchost.exe)

This was the only time it has happened and it was during windows update (I was updating MBAM, eset and checking firefox updates and it's addons too (noscript got updated).

[screen317]

Hi,

Is it still occurring without Windows Updates, or any other updates, going on?

[lailah_uk86]

Nope. The log i posted is the only time the IP Block has ever happened to me.

(username is slightly different becausei i'm posting from another pc)

[screen317]

In that case it looks like an isolated incident from an update.. If it occurs repeatedly then it's more likely an issue. Are you experiencing any current issues?

[lailahuk86]

Nope no issues i've noticed before or after. I just checked through all the protection logs incase I missed anything and there was no other blocks.

[screen317]

Great.

In that case I'll keep this topic open for a few more days in case something comes up.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!