Jump to content

PC help


djbusta

Recommended Posts

Hello,

I recently bought an old alienware computer from a friend that had a bunch of viruses. After installing windows 7 It seems to be running smoother, yet still seems a bit glitchy. I downloaded DDS and here are the two logs it produced, hopefully someone can let me know if I have any issues I would really appreciate it. Just a young college kid with no money trying to use this computer for gaming and dont have the money to take it to get fixed. Thanks so much for your help!

DDS (Ver_2012-11-07.01) - NTFS_x86

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2

Run by Busta at 17:05:42 on 2012-11-09

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2048.1415 [GMT -8:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\System32\WinService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\SOUNDMAN.EXE

C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\Users\Busta\AppData\Local\Apps\2.0\A81M0EKW.RMM\M5R8EYE8.BJE\curs..tion_9e9e83ddf3ed3ead_0005.0001_161f1f0e4761792c\CurseClient.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [soundMan] SOUNDMAN.EXE

StartupFolder: c:\users\busta\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{1BCCB3E2-B580-4677-9B30-B75DE2FAED4D} : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{4F828CCA-FF27-494D-80B0-6A727E7E4998} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\busta\appdata\roaming\mozilla\firefox\profiles\79bjpox7.default\

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2012-11-7 21728]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-7 399432]

R2 SCM_Service;SCM_Service;c:\windows\system32\WinService.exe [2012-11-7 186848]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-7 676936]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-7 22856]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-6 14848]

S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2012-11-7 377856]

S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-11-6 24064]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-6 49664]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-6 27136]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-11-6 1343400]

.

=============== Created Last 30 ================

.

2012-11-10 00:54:02 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2012-11-10 00:53:58 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{701343d3-37d1-44fa-a26d-4369c769d001}\mpengine.dll

2012-11-09 05:22:22 -------- d-----w- c:\program files\CCleaner

2012-11-08 12:07:19 -------- d-----w- c:\users\busta\appdata\local\Macromedia

2012-11-08 12:07:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-08 12:07:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-08 03:50:30 -------- d-----w- c:\users\busta\appdata\local\Mozilla

2012-11-07 22:52:28 -------- d-----w- c:\windows\PCHEALTH

2012-11-07 22:50:09 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-11-07 22:48:49 -------- d-----w- c:\users\busta\appdata\local\Microsoft Help

2012-11-07 22:47:38 -------- d-----w- c:\users\busta\appdata\roaming\Malwarebytes

2012-11-07 22:47:12 -------- d-----w- c:\programdata\Malwarebytes

2012-11-07 22:47:10 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-07 22:47:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-07 22:39:22 377856 ----a-w- c:\windows\system32\drivers\wg111v2.sys

2012-11-07 22:39:22 290816 ------w- c:\windows\system32\SCMLib.dll

2012-11-07 22:39:22 21728 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys

2012-11-07 22:39:22 186848 ----a-w- c:\windows\system32\WinService.exe

2012-11-07 22:39:21 -------- d-----w- c:\program files\NETGEAR

2012-11-07 09:22:26 -------- d-sh--w- C:\Recovery

2012-11-07 09:05:53 -------- d-----w- c:\windows\Panther

2012-11-07 08:58:08 -------- d-----w- C:\Windows.old

2012-11-07 08:56:17 -------- d-sh--w- C:\Boot

2012-11-07 07:55:03 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-11-07 07:54:59 -------- d-----w- c:\program files\NVIDIA Corporation

2012-11-07 07:50:17 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-11-07 07:50:14 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2012-11-07 07:50:14 247808 ----a-w- c:\windows\system32\schannel.dll

2012-11-07 07:50:14 220160 ----a-w- c:\windows\system32\ncrypt.dll

2012-11-07 07:50:14 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-11-07 07:50:14 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2012-11-07 07:50:10 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-11-07 07:50:08 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-11-07 07:45:34 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-11-07 07:44:32 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-11-07 07:39:24 -------- d-----w- c:\windows\system32\Wat

2012-11-07 07:05:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2012-11-07 07:05:33 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-11-07 07:05:33 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-11-07 07:05:33 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-11-07 07:05:21 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2012-11-07 07:05:12 741376 ----a-w- c:\windows\system32\inetcomm.dll

2012-11-07 07:05:12 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2012-11-07 07:05:12 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2012-11-07 07:05:12 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2012-11-07 07:05:09 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-11-07 07:05:09 1288472 ----a-w- c:\windows\system32\ntdll.dll

2012-11-07 07:05:07 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-11-07 07:05:04 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-07 07:03:58 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-11-07 06:56:23 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-11-07 06:56:23 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-11-07 06:46:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-07 06:46:12 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-07 06:46:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-07 06:44:18 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-11-07 06:43:58 -------- d-----w- c:\users\busta\appdata\local\ElevatedDiagnostics

2012-11-07 06:36:14 -------- d-----w- c:\users\busta\appdata\local\CRE

2012-11-07 06:36:07 -------- d-----w- c:\program files\Conduit

2012-11-07 06:36:06 -------- d-sh--w- c:\windows\Installer

2012-11-07 06:36:02 -------- d-----w- c:\users\busta\appdata\local\Conduit

2012-11-07 06:34:06 -------- d-----w- c:\programdata\Blizzard Entertainment

2012-11-07 06:34:06 -------- d-----w- c:\program files\World of Warcraft

2012-11-07 06:34:06 -------- d-----w- c:\program files\common files\Blizzard Entertainment

2012-11-07 06:33:31 -------- d-----w- c:\programdata\Battle.net

2012-11-07 06:31:44 -------- d-----w- c:\users\busta\appdata\local\Google

2012-11-07 06:31:32 -------- d-----w- c:\users\busta\appdata\local\Deployment

2012-11-07 06:31:32 -------- d-----w- c:\users\busta\appdata\local\Apps

2012-11-07 06:30:22 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-11-07 06:30:14 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-11-07 06:30:04 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-11-07 06:30:04 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-11-07 00:08:01 55808 ----a-w- C:\devcon.exe

2012-11-07 00:08:01 335029 ----a-w- C:\DPsFnshr.exe

2012-11-07 00:08:01 291573 ----a-w- C:\DSPdsblr.exe

2012-11-07 00:08:01 281723 ----a-w- C:\pmtimer.exe

2012-11-07 00:08:01 20992 ----a-w- C:\makePNF.exe

2012-11-07 00:08:01 137728 ----a-w- C:\mute.exe

2012-11-07 00:07:53 -------- d-----w- C:\D

.

==================== Find3M ====================

.

2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 15:52:09 3072 ----a-w- c:\windows\system32\drivers\en-us\tsusbflt.sys.mui

2012-08-23 14:48:14 221184 ----a-w- c:\windows\system32\rdpudd.dll

2012-08-23 14:46:55 24064 ----a-w- c:\windows\system32\drivers\terminpt.sys

2012-08-23 14:44:32 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys

2012-08-23 14:41:34 27136 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys

2012-08-23 14:40:25 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2012-08-23 14:10:40 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2012-08-23 14:10:04 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2012-08-23 13:52:25 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2012-08-23 13:47:20 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll

2012-08-23 13:46:20 16896 ----a-w- c:\windows\system32\wksprtPS.dll

2012-08-23 13:32:59 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll

2012-08-23 13:18:14 37376 ----a-w- c:\windows\system32\tsgqec.dll

2012-08-23 11:40:43 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe

2012-08-23 11:32:48 317440 ----a-w- c:\windows\system32\wksprt.exe

2012-08-23 11:15:57 269312 ----a-w- c:\windows\system32\aaclient.dll

2012-08-23 11:12:17 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll

2012-08-23 10:39:24 1048064 ----a-w- c:\windows\system32\mstsc.exe

2012-08-23 10:08:49 2739712 ----a-w- c:\windows\system32\rdpcorets.dll

2012-08-23 08:19:01 4916224 ----a-w- c:\windows\system32\mstscax.dll

2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 17:06:25.13 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 11/7/2012 1:23:28 AM

System Uptime: 11/9/2012 4:44:36 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5ND2-SLI

Processor: Intel® Pentium® D CPU 3.00GHz | Socket 775 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 169.825 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: SM Bus Controller

Device ID: PCI\VEN_10DE&DEV_0034&SUBSYS_818A1043&REV_A2\3&2411E6FE&2&51

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_10DE&DEV_0034&SUBSYS_818A1043&REV_A2\3&2411E6FE&2&51

Service:

.

==== System Restore Points ===================

.

RP10: 11/7/2012 2:39:04 PM - Installed NETGEAR WG111v2 wireless USB 2.0 adapter

RP11: 11/7/2012 2:39:42 PM - Device Driver Package Install: NETGEAR Inc. Network Protocol

RP12: 11/7/2012 2:47:31 PM - Installed Microsoft Office Professional 2010 Trial

RP13: 11/8/2012 1:41:08 AM - Windows Update

RP14: 11/8/2012 3:58:21 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

CCleaner

Curse Client

Definition update for Microsoft Office 2010 (KB982726)

ERUNT 1.1j

Google Chrome

Google Update Helper

Java 7 Update 9

Java Auto Updater

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

NETGEAR WG111v2 wireless USB 2.0 adapter

NVIDIA Display Control Panel

NVIDIA Drivers

PVSonyDll

Realtek AC'97 Audio

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

11/8/2012 9:42:15 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

11/7/2012 2:40:22 PM, Error: Service Control Manager [7030] - The SCM_Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/7/2012 2:32:04 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

11/6/2012 11:29:59 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 (KB2544521).

11/6/2012 11:07:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80080005: Security Update for Windows 7 (KB2691442).

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Ok so this is the mbam log and combofix log

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.10.07

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Busta :: BUSTA-PC [administrator]

Protection: Enabled

11/10/2012 2:47:57 PM

mbam-log-2012-11-10 (14-47-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 185621

Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ComboFix 12-11-09.02 - Busta 11/10/2012 14:35:07.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2048.643 [GMT -8:00]

Running from: c:\users\Busta\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\winservice.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_SCM_Service

.

.

((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))

.

.

2012-11-10 22:41 . 2012-11-10 22:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-10 00:53 . 2012-10-17 09:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{701343D3-37D1-44FA-A26D-4369C769D001}\mpengine.dll

2012-11-09 05:22 . 2012-11-09 05:22 -------- d-----w- c:\program files\CCleaner

2012-11-09 05:15 . 2012-11-09 05:16 -------- d-----w- c:\program files\ERUNT

2012-11-08 12:07 . 2012-11-08 12:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-08 12:07 . 2012-11-08 12:07 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-08 12:06 . 2012-11-08 12:06 -------- d-----w- c:\windows\system32\Macromed

2012-11-08 03:14 . 2012-11-08 03:14 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-11-07 22:52 . 2012-11-07 22:52 -------- d-----w- c:\windows\PCHEALTH

2012-11-07 22:52 . 2012-11-07 22:52 -------- d-----w- c:\program files\Microsoft.NET

2012-11-07 22:50 . 2012-11-07 22:50 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-11-07 22:48 . 2012-11-08 02:07 -------- d-----w- c:\programdata\Microsoft Help

2012-11-07 22:47 . 2012-11-07 22:47 -------- d-----r- C:\MSOCache

2012-11-07 22:47 . 2012-11-07 22:47 -------- d-----w- c:\programdata\Malwarebytes

2012-11-07 22:47 . 2012-11-07 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-07 22:47 . 2012-09-30 03:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-07 22:39 . 2010-04-06 22:12 377856 ----a-w- c:\windows\system32\drivers\wg111v2.sys

2012-11-07 22:39 . 2007-07-17 23:15 290816 ------w- c:\windows\system32\SCMLib.dll

2012-11-07 22:39 . 2007-01-19 11:20 21728 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys

2012-11-07 22:39 . 2012-11-07 22:39 -------- d-----w- c:\program files\NETGEAR

2012-11-07 22:39 . 2012-11-07 22:39 -------- d--h--w- c:\program files\InstallShield Installation Information

2012-11-07 09:24 . 2012-11-08 06:09 -------- d-----w- c:\users\Busta

2012-11-07 09:22 . 2012-11-07 09:22 -------- d-----w- C:\Recovery

2012-11-07 09:05 . 2012-11-09 05:24 -------- d-----w- c:\windows\Panther

2012-11-07 08:58 . 2012-11-07 08:58 -------- d-----w- C:\Windows.old

2012-11-07 08:56 . 2012-11-07 09:05 -------- d-----w- C:\Boot

2012-11-07 08:01 . 2012-11-07 08:01 -------- d-----w- c:\programdata\NVIDIA

2012-11-07 07:55 . 2012-11-07 07:55 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-11-07 07:54 . 2012-11-07 07:55 -------- d-----w- c:\program files\NVIDIA Corporation

2012-11-07 07:50 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-11-07 07:50 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-11-07 07:50 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2012-11-07 07:50 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll

2012-11-07 07:50 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll

2012-11-07 07:50 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2012-11-07 07:50 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-11-07 07:50 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-11-07 07:45 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-11-07 07:44 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-11-07 07:39 . 2012-11-07 07:39 -------- d-----w- c:\windows\system32\Wat

2012-11-07 07:05 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2012-11-07 07:05 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-11-07 07:05 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-11-07 07:05 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-11-07 07:05 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2012-11-07 07:05 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll

2012-11-07 07:05 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2012-11-07 07:05 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2012-11-07 07:05 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2012-11-07 07:05 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-11-07 07:05 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll

2012-11-07 07:05 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-11-07 07:05 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-07 07:03 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-11-07 06:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-11-07 06:56 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-11-07 06:46 . 2012-11-07 06:46 -------- d-----w- c:\program files\Common Files\Java

2012-11-07 06:46 . 2012-11-07 06:45 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-07 06:46 . 2012-11-07 06:45 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-07 06:46 . 2012-11-07 06:45 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-07 06:45 . 2012-11-07 06:45 -------- d-----w- c:\program files\Java

2012-11-07 06:45 . 2012-11-07 06:45 -------- d-----w- c:\programdata\McAfee

2012-11-07 06:44 . 2012-05-31 19:25 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-11-07 06:36 . 2012-11-07 06:36 -------- d-----w- c:\program files\Conduit

2012-11-07 06:36 . 2012-11-08 02:07 -------- d-sh--w- c:\windows\Installer

2012-11-07 06:34 . 2012-11-08 03:53 -------- d-----w- c:\program files\World of Warcraft

2012-11-07 06:34 . 2012-11-07 06:34 -------- d-----w- c:\programdata\Blizzard Entertainment

2012-11-07 06:34 . 2012-11-07 06:34 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2012-11-07 06:33 . 2012-11-07 06:33 -------- d-----w- c:\programdata\Battle.net

2012-11-07 06:31 . 2012-11-07 06:32 -------- d-----w- c:\program files\Google

2012-11-07 06:30 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-11-07 06:30 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-11-07 06:30 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-11-07 06:30 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-11-07 06:30 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-11-07 06:30 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-11-07 06:30 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-11-07 06:30 . 2012-06-02 23:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-11-07 06:30 . 2012-06-02 23:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-11-07 00:08 . 2010-06-15 18:15 281723 ----a-w- C:\pmtimer.exe

2012-11-07 00:08 . 2010-06-15 18:15 291573 ----a-w- C:\DSPdsblr.exe

2012-11-07 00:08 . 2010-06-15 18:15 335029 ----a-w- C:\DPsFnshr.exe

2012-11-07 00:08 . 2010-01-24 04:05 55808 ----a-w- C:\devcon.exe

2012-11-07 00:08 . 2010-01-24 04:05 20992 ----a-w- C:\makePNF.exe

2012-11-07 00:08 . 2010-01-24 04:05 137728 ----a-w- C:\mute.exe

2012-11-07 00:07 . 2010-08-08 19:17 -------- d-----w- C:\D

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-23 15:52 . 2012-11-07 07:56 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui

2012-10-24 17:50 . 2012-11-08 03:14 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]

.

c:\users\Busta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2012-11-7 0]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2012-11-7 1268192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

GPSvcGroup REG_MULTI_SZ GPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 12:07]

.

2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-07 06:31]

.

2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-07 06:31]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Busta\AppData\Roaming\Mozilla\Firefox\Profiles\79bjpox7.default\

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\SOUNDMAN.EXE

c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2012-11-10 14:46:20 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-10 22:46

.

Pre-Run: 182,970,036,224 bytes free

Post-Run: 182,775,578,624 bytes free

.

- - End Of File - - 42CD3478179086B2C8F250C5ABD4A24C

Link to post
Share on other sites

and these are the new dds reports

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 11/7/2012 1:23:28 AM

System Uptime: 11/10/2012 2:42:18 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5ND2-SLI

Processor: Intel® Pentium® D CPU 3.00GHz | Socket 775 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 170.151 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: SM Bus Controller

Device ID: PCI\VEN_10DE&DEV_0034&SUBSYS_818A1043&REV_A2\3&2411E6FE&2&51

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_10DE&DEV_0034&SUBSYS_818A1043&REV_A2\3&2411E6FE&2&51

Service:

.

==== System Restore Points ===================

.

RP12: 11/7/2012 2:47:31 PM - Installed Microsoft Office Professional 2010 Trial

RP13: 11/8/2012 1:41:08 AM - Windows Update

RP14: 11/8/2012 3:58:21 AM - Windows Update

RP15: 11/10/2012 2:33:38 PM - ComboFix created restore point

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

CCleaner

Curse Client

Definition update for Microsoft Office 2010 (KB982726)

ERUNT 1.1j

Google Chrome

Google Update Helper

Java 7 Update 9

Java Auto Updater

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

NETGEAR WG111v2 wireless USB 2.0 adapter

NVIDIA Display Control Panel

NVIDIA Drivers

PVSonyDll

Realtek AC'97 Audio

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

11/8/2012 9:42:15 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

11/7/2012 2:40:22 PM, Error: Service Control Manager [7030] - The SCM_Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/7/2012 2:32:04 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

11/6/2012 11:29:59 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 (KB2544521).

11/6/2012 11:07:10 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80080005: Security Update for Windows 7 (KB2691442).

11/10/2012 2:41:27 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/10/2012 2:34:47 PM, Error: Service Control Manager [7034] - The SCM_Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

DDS (Ver_2012-11-07.01) - NTFS_x86

Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2

Run by Busta at 14:53:47 on 2012-11-10

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2048.1313 [GMT -8:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\SOUNDMAN.EXE

C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Explorer.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

.

============== Pseudo HJT Report ===============

.

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [soundMan] SOUNDMAN.EXE

StartupFolder: c:\users\busta\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v2\WG111v2.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{1BCCB3E2-B580-4677-9B30-B75DE2FAED4D} : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{4F828CCA-FF27-494D-80B0-6A727E7E4998} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\busta\appdata\roaming\mozilla\firefox\profiles\79bjpox7.default\

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2012-11-7 21728]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-7 399432]

R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2012-11-7 377856]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-7 676936]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-7 22856]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-6 14848]

S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-11-6 24064]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-6 49664]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-6 27136]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-11-6 1343400]

.

=============== Created Last 30 ================

.

2012-11-10 22:43:24 -------- d-----w- C:\$RECYCLE.BIN

2012-11-10 22:41:14 -------- d-----w- c:\users\busta\appdata\local\temp

2012-11-10 22:33:23 98816 ----a-w- c:\windows\sed.exe

2012-11-10 22:33:23 256000 ----a-w- c:\windows\PEV.exe

2012-11-10 22:33:23 208896 ----a-w- c:\windows\MBR.exe

2012-11-10 00:54:02 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2012-11-10 00:53:58 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{701343d3-37d1-44fa-a26d-4369c769d001}\mpengine.dll

2012-11-09 05:22:22 -------- d-----w- c:\program files\CCleaner

2012-11-08 12:07:19 -------- d-----w- c:\users\busta\appdata\local\Macromedia

2012-11-08 12:07:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-08 12:07:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-08 03:50:30 -------- d-----w- c:\users\busta\appdata\local\Mozilla

2012-11-07 22:52:28 -------- d-----w- c:\windows\PCHEALTH

2012-11-07 22:50:09 -------- d-----w- c:\program files\Microsoft Analysis Services

2012-11-07 22:48:49 -------- d-----w- c:\users\busta\appdata\local\Microsoft Help

2012-11-07 22:47:38 -------- d-----w- c:\users\busta\appdata\roaming\Malwarebytes

2012-11-07 22:47:12 -------- d-----w- c:\programdata\Malwarebytes

2012-11-07 22:47:10 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-07 22:47:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-07 22:39:22 377856 ----a-w- c:\windows\system32\drivers\wg111v2.sys

2012-11-07 22:39:22 290816 ------w- c:\windows\system32\SCMLib.dll

2012-11-07 22:39:22 21728 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys

2012-11-07 22:39:21 -------- d-----w- c:\program files\NETGEAR

2012-11-07 09:22:26 -------- d-----w- C:\Recovery

2012-11-07 09:05:53 -------- d-----w- c:\windows\Panther

2012-11-07 08:58:08 -------- d-----w- C:\Windows.old

2012-11-07 08:56:17 -------- d-----w- C:\Boot

2012-11-07 07:55:03 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-11-07 07:54:59 -------- d-----w- c:\program files\NVIDIA Corporation

2012-11-07 07:50:17 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-11-07 07:50:14 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2012-11-07 07:50:14 247808 ----a-w- c:\windows\system32\schannel.dll

2012-11-07 07:50:14 220160 ----a-w- c:\windows\system32\ncrypt.dll

2012-11-07 07:50:14 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-11-07 07:50:14 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2012-11-07 07:50:10 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-11-07 07:50:08 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-11-07 07:45:34 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2012-11-07 07:44:32 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2012-11-07 07:39:24 -------- d-----w- c:\windows\system32\Wat

2012-11-07 07:05:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2012-11-07 07:05:33 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-11-07 07:05:33 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-11-07 07:05:33 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-11-07 07:05:21 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2012-11-07 07:05:12 741376 ----a-w- c:\windows\system32\inetcomm.dll

2012-11-07 07:05:12 311808 ----a-w- c:\windows\system32\drivers\srv.sys

2012-11-07 07:05:12 310272 ----a-w- c:\windows\system32\drivers\srv2.sys

2012-11-07 07:05:12 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys

2012-11-07 07:05:09 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-11-07 07:05:09 1288472 ----a-w- c:\windows\system32\ntdll.dll

2012-11-07 07:05:07 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-11-07 07:05:04 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-07 07:03:58 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-11-07 06:56:23 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-11-07 06:56:23 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-11-07 06:46:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-07 06:46:12 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-07 06:46:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-07 06:44:18 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-11-07 06:43:58 -------- d-----w- c:\users\busta\appdata\local\ElevatedDiagnostics

2012-11-07 06:36:14 -------- d-----w- c:\users\busta\appdata\local\CRE

2012-11-07 06:36:07 -------- d-----w- c:\program files\Conduit

2012-11-07 06:36:06 -------- d-sh--w- c:\windows\Installer

2012-11-07 06:36:02 -------- d-----w- c:\users\busta\appdata\local\Conduit

2012-11-07 06:34:06 -------- d-----w- c:\programdata\Blizzard Entertainment

2012-11-07 06:34:06 -------- d-----w- c:\program files\World of Warcraft

2012-11-07 06:34:06 -------- d-----w- c:\program files\common files\Blizzard Entertainment

2012-11-07 06:33:31 -------- d-----w- c:\programdata\Battle.net

2012-11-07 06:31:44 -------- d-----w- c:\users\busta\appdata\local\Google

2012-11-07 06:31:32 -------- d-----w- c:\users\busta\appdata\local\Deployment

2012-11-07 06:31:32 -------- d-----w- c:\users\busta\appdata\local\Apps

2012-11-07 06:30:22 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-11-07 06:30:14 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-11-07 06:30:04 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-11-07 06:30:04 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-11-07 00:08:01 55808 ----a-w- C:\devcon.exe

2012-11-07 00:08:01 335029 ----a-w- C:\DPsFnshr.exe

2012-11-07 00:08:01 291573 ----a-w- C:\DSPdsblr.exe

2012-11-07 00:08:01 281723 ----a-w- C:\pmtimer.exe

2012-11-07 00:08:01 20992 ----a-w- C:\makePNF.exe

2012-11-07 00:08:01 137728 ----a-w- C:\mute.exe

2012-11-07 00:07:53 -------- d-----w- C:\D

.

==================== Find3M ====================

.

2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-23 15:52:09 3072 ----a-w- c:\windows\system32\drivers\en-us\tsusbflt.sys.mui

2012-08-23 14:48:14 221184 ----a-w- c:\windows\system32\rdpudd.dll

2012-08-23 14:46:55 24064 ----a-w- c:\windows\system32\drivers\terminpt.sys

2012-08-23 14:44:32 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys

2012-08-23 14:41:34 27136 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys

2012-08-23 14:40:25 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2012-08-23 14:10:40 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2012-08-23 14:10:04 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2012-08-23 13:52:25 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2012-08-23 13:47:20 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll

2012-08-23 13:46:20 16896 ----a-w- c:\windows\system32\wksprtPS.dll

2012-08-23 13:32:59 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll

2012-08-23 13:18:14 37376 ----a-w- c:\windows\system32\tsgqec.dll

2012-08-23 11:40:43 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe

2012-08-23 11:32:48 317440 ----a-w- c:\windows\system32\wksprt.exe

2012-08-23 11:15:57 269312 ----a-w- c:\windows\system32\aaclient.dll

2012-08-23 11:12:17 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll

2012-08-23 10:39:24 1048064 ----a-w- c:\windows\system32\mstsc.exe

2012-08-23 10:08:49 2739712 ----a-w- c:\windows\system32\rdpcorets.dll

2012-08-23 08:19:01 4916224 ----a-w- c:\windows\system32\mstscax.dll

2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 14:54:12.06 ===============

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

this is the tdss log

16:10:49.0772 3480 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

16:10:50.0131 3480 ============================================================

16:10:50.0131 3480 Current date / time: 2012/11/12 16:10:50.0131

16:10:50.0131 3480 SystemInfo:

16:10:50.0131 3480

16:10:50.0131 3480 OS Version: 6.1.7601 ServicePack: 1.0

16:10:50.0131 3480 Product type: Workstation

16:10:50.0131 3480 ComputerName: BUSTA-PC

16:10:50.0131 3480 UserName: Busta

16:10:50.0131 3480 Windows directory: C:\Windows

16:10:50.0131 3480 System windows directory: C:\Windows

16:10:50.0131 3480 Processor architecture: Intel x86

16:10:50.0131 3480 Number of processors: 2

16:10:50.0131 3480 Page size: 0x1000

16:10:50.0131 3480 Boot type: Normal boot

16:10:50.0131 3480 ============================================================

16:10:51.0194 3480 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

16:10:51.0194 3480 ============================================================

16:10:51.0194 3480 \Device\Harddisk0\DR0:

16:10:51.0194 3480 MBR partitions:

16:10:51.0194 3480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681

16:10:51.0194 3480 ============================================================

16:10:51.0209 3480 C: <-> \Device\Harddisk0\DR0\Partition1

16:10:51.0209 3480 ============================================================

16:10:51.0209 3480 Initialize success

16:10:51.0209 3480 ============================================================

16:10:59.0241 1428 ============================================================

16:10:59.0241 1428 Scan started

16:10:59.0241 1428 Mode: Manual;

16:10:59.0241 1428 ============================================================

16:10:59.0834 1428 ================ Scan system memory ========================

16:10:59.0834 1428 System memory - ok

16:10:59.0834 1428 ================ Scan services =============================

16:10:59.0975 1428 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

16:10:59.0975 1428 1394ohci - ok

16:11:00.0006 1428 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys

16:11:00.0006 1428 ACPI - ok

16:11:00.0038 1428 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

16:11:00.0053 1428 AcpiPmi - ok

16:11:00.0116 1428 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

16:11:00.0116 1428 AdobeFlashPlayerUpdateSvc - ok

16:11:00.0163 1428 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

16:11:00.0178 1428 adp94xx - ok

16:11:00.0209 1428 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys

16:11:00.0209 1428 adpahci - ok

16:11:00.0225 1428 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

16:11:00.0225 1428 adpu320 - ok

16:11:00.0256 1428 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

16:11:00.0256 1428 AeLookupSvc - ok

16:11:00.0303 1428 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys

16:11:00.0319 1428 AFD - ok

16:11:00.0319 1428 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys

16:11:00.0334 1428 agp440 - ok

16:11:00.0366 1428 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

16:11:00.0381 1428 aic78xx - ok

16:11:00.0506 1428 [ 7997B6F02CBDA0E31FA18CC85871B938 ] ALCXWDM C:\Windows\system32\drivers\RTKVAC.SYS

16:11:00.0538 1428 ALCXWDM - ok

16:11:00.0584 1428 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

16:11:00.0584 1428 ALG - ok

16:11:00.0616 1428 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys

16:11:00.0616 1428 aliide - ok

16:11:00.0631 1428 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys

16:11:00.0631 1428 amdagp - ok

16:11:00.0647 1428 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys

16:11:00.0647 1428 amdide - ok

16:11:00.0678 1428 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

16:11:00.0678 1428 AmdK8 - ok

16:11:00.0709 1428 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

16:11:00.0709 1428 AmdPPM - ok

16:11:00.0741 1428 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys

16:11:00.0741 1428 amdsata - ok

16:11:00.0772 1428 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

16:11:00.0772 1428 amdsbs - ok

16:11:00.0788 1428 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys

16:11:00.0788 1428 amdxata - ok

16:11:00.0819 1428 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys

16:11:00.0834 1428 AppID - ok

16:11:00.0881 1428 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

16:11:00.0881 1428 AppIDSvc - ok

16:11:00.0913 1428 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll

16:11:00.0913 1428 Appinfo - ok

16:11:00.0959 1428 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll

16:11:00.0959 1428 AppMgmt - ok

16:11:00.0991 1428 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys

16:11:00.0991 1428 arc - ok

16:11:01.0006 1428 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys

16:11:01.0006 1428 arcsas - ok

16:11:01.0053 1428 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

16:11:01.0053 1428 AsyncMac - ok

16:11:01.0069 1428 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys

16:11:01.0069 1428 atapi - ok

16:11:01.0100 1428 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:11:01.0116 1428 AudioEndpointBuilder - ok

16:11:01.0116 1428 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll

16:11:01.0131 1428 Audiosrv - ok

16:11:01.0163 1428 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll

16:11:01.0163 1428 AxInstSV - ok

16:11:01.0209 1428 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys

16:11:01.0209 1428 b06bdrv - ok

16:11:01.0241 1428 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

16:11:01.0256 1428 b57nd60x - ok

16:11:01.0288 1428 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

16:11:01.0288 1428 BDESVC - ok

16:11:01.0319 1428 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

16:11:01.0319 1428 Beep - ok

16:11:01.0366 1428 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll

16:11:01.0381 1428 BFE - ok

16:11:01.0413 1428 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll

16:11:01.0413 1428 BITS - ok

16:11:01.0444 1428 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

16:11:01.0444 1428 blbdrive - ok

16:11:01.0491 1428 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

16:11:01.0491 1428 bowser - ok

16:11:01.0506 1428 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

16:11:01.0506 1428 BrFiltLo - ok

16:11:01.0522 1428 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

16:11:01.0522 1428 BrFiltUp - ok

16:11:01.0569 1428 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

16:11:01.0569 1428 BridgeMP - ok

16:11:01.0584 1428 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll

16:11:01.0584 1428 Browser - ok

16:11:01.0600 1428 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

16:11:01.0616 1428 Brserid - ok

16:11:01.0631 1428 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

16:11:01.0631 1428 BrSerWdm - ok

16:11:01.0647 1428 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

16:11:01.0647 1428 BrUsbMdm - ok

16:11:01.0663 1428 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

16:11:01.0663 1428 BrUsbSer - ok

16:11:01.0678 1428 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

16:11:01.0678 1428 BTHMODEM - ok

16:11:01.0725 1428 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

16:11:01.0725 1428 bthserv - ok

16:11:01.0819 1428 catchme - ok

16:11:01.0866 1428 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

16:11:01.0866 1428 cdfs - ok

16:11:01.0913 1428 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

16:11:01.0913 1428 cdrom - ok

16:11:01.0959 1428 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll

16:11:01.0975 1428 CertPropSvc - ok

16:11:01.0991 1428 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys

16:11:01.0991 1428 circlass - ok

16:11:02.0006 1428 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

16:11:02.0006 1428 CLFS - ok

16:11:02.0100 1428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:11:02.0100 1428 clr_optimization_v2.0.50727_32 - ok

16:11:02.0116 1428 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

16:11:02.0131 1428 CmBatt - ok

16:11:02.0163 1428 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys

16:11:02.0163 1428 cmdide - ok

16:11:02.0194 1428 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys

16:11:02.0194 1428 CNG - ok

16:11:02.0209 1428 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys

16:11:02.0209 1428 Compbatt - ok

16:11:02.0241 1428 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

16:11:02.0241 1428 CompositeBus - ok

16:11:02.0256 1428 COMSysApp - ok

16:11:02.0272 1428 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

16:11:02.0272 1428 crcdisk - ok

16:11:02.0334 1428 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll

16:11:02.0334 1428 CryptSvc - ok

16:11:02.0350 1428 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys

16:11:02.0366 1428 CSC - ok

16:11:02.0381 1428 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll

16:11:02.0397 1428 CscService - ok

16:11:02.0428 1428 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll

16:11:02.0444 1428 DcomLaunch - ok

16:11:02.0459 1428 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

16:11:02.0459 1428 defragsvc - ok

16:11:02.0506 1428 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

16:11:02.0506 1428 DfsC - ok

16:11:02.0538 1428 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll

16:11:02.0553 1428 Dhcp - ok

16:11:02.0569 1428 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

16:11:02.0569 1428 discache - ok

16:11:02.0584 1428 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys

16:11:02.0584 1428 Disk - ok

16:11:02.0616 1428 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

16:11:02.0616 1428 dmvsc - ok

16:11:02.0631 1428 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

16:11:02.0647 1428 Dnscache - ok

16:11:02.0663 1428 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll

16:11:02.0663 1428 dot3svc - ok

16:11:02.0694 1428 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll

16:11:02.0694 1428 DPS - ok

16:11:02.0741 1428 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

16:11:02.0741 1428 drmkaud - ok

16:11:02.0772 1428 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

16:11:02.0788 1428 DXGKrnl - ok

16:11:02.0866 1428 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

16:11:02.0897 1428 E1G60 - ok

16:11:02.0928 1428 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

16:11:02.0928 1428 EapHost - ok

16:11:03.0022 1428 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys

16:11:03.0084 1428 ebdrv - ok

16:11:03.0100 1428 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe

16:11:03.0116 1428 EFS - ok

16:11:03.0178 1428 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

16:11:03.0178 1428 ehRecvr - ok

16:11:03.0209 1428 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

16:11:03.0209 1428 ehSched - ok

16:11:03.0241 1428 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys

16:11:03.0256 1428 elxstor - ok

16:11:03.0288 1428 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys

16:11:03.0288 1428 ErrDev - ok

16:11:03.0350 1428 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

16:11:03.0350 1428 EventSystem - ok

16:11:03.0381 1428 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

16:11:03.0381 1428 exfat - ok

16:11:03.0413 1428 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

16:11:03.0413 1428 fastfat - ok

16:11:03.0506 1428 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe

16:11:03.0553 1428 Fax - ok

16:11:03.0584 1428 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys

16:11:03.0584 1428 fdc - ok

16:11:03.0616 1428 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

16:11:03.0616 1428 fdPHost - ok

16:11:03.0631 1428 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

16:11:03.0631 1428 FDResPub - ok

16:11:03.0663 1428 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

16:11:03.0663 1428 FileInfo - ok

16:11:03.0678 1428 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

16:11:03.0678 1428 Filetrace - ok

16:11:03.0694 1428 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

16:11:03.0694 1428 flpydisk - ok

16:11:03.0725 1428 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

16:11:03.0725 1428 FltMgr - ok

16:11:03.0772 1428 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll

16:11:03.0772 1428 FontCache - ok

16:11:03.0834 1428 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

16:11:03.0850 1428 FontCache3.0.0.0 - ok

16:11:03.0850 1428 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

16:11:03.0850 1428 FsDepends - ok

16:11:03.0881 1428 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

16:11:03.0881 1428 Fs_Rec - ok

16:11:03.0913 1428 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

16:11:03.0913 1428 fvevol - ok

16:11:03.0959 1428 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

16:11:03.0959 1428 gagp30kx - ok

16:11:03.0991 1428 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll

16:11:04.0006 1428 gpsvc - ok

16:11:04.0084 1428 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

16:11:04.0084 1428 gupdate - ok

16:11:04.0084 1428 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

16:11:04.0084 1428 gupdatem - ok

16:11:04.0116 1428 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

16:11:04.0116 1428 hcw85cir - ok

16:11:04.0131 1428 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

16:11:04.0131 1428 HDAudBus - ok

16:11:04.0147 1428 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

16:11:04.0147 1428 HidBatt - ok

16:11:04.0163 1428 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys

16:11:04.0163 1428 HidBth - ok

16:11:04.0194 1428 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys

16:11:04.0209 1428 HidIr - ok

16:11:04.0225 1428 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll

16:11:04.0225 1428 hidserv - ok

16:11:04.0272 1428 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

16:11:04.0272 1428 HidUsb - ok

16:11:04.0288 1428 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll

16:11:04.0288 1428 hkmsvc - ok

16:11:04.0334 1428 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

16:11:04.0334 1428 HomeGroupListener - ok

16:11:04.0366 1428 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

16:11:04.0366 1428 HomeGroupProvider - ok

16:11:04.0397 1428 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

16:11:04.0397 1428 HpSAMD - ok

16:11:04.0444 1428 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys

16:11:04.0444 1428 HTTP - ok

16:11:04.0459 1428 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

16:11:04.0459 1428 hwpolicy - ok

16:11:04.0491 1428 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

16:11:04.0491 1428 i8042prt - ok

16:11:04.0538 1428 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

16:11:04.0538 1428 iaStorV - ok

16:11:04.0600 1428 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

16:11:04.0616 1428 idsvc - ok

16:11:04.0631 1428 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys

16:11:04.0631 1428 iirsp - ok

16:11:04.0694 1428 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll

16:11:04.0709 1428 IKEEXT - ok

16:11:04.0725 1428 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys

16:11:04.0725 1428 intelide - ok

16:11:04.0741 1428 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

16:11:04.0741 1428 intelppm - ok

16:11:04.0772 1428 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

16:11:04.0788 1428 IPBusEnum - ok

16:11:04.0788 1428 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:11:04.0788 1428 IpFilterDriver - ok

16:11:04.0819 1428 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

16:11:04.0834 1428 iphlpsvc - ok

16:11:04.0850 1428 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

16:11:04.0866 1428 IPMIDRV - ok

16:11:04.0881 1428 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

16:11:04.0881 1428 IPNAT - ok

16:11:04.0913 1428 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

16:11:04.0913 1428 IRENUM - ok

16:11:04.0944 1428 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys

16:11:04.0944 1428 isapnp - ok

16:11:04.0959 1428 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

16:11:04.0975 1428 iScsiPrt - ok

16:11:05.0006 1428 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

16:11:05.0006 1428 kbdclass - ok

16:11:05.0038 1428 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

16:11:05.0038 1428 kbdhid - ok

16:11:05.0053 1428 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe

16:11:05.0053 1428 KeyIso - ok

16:11:05.0084 1428 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

16:11:05.0084 1428 KSecDD - ok

16:11:05.0116 1428 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

16:11:05.0116 1428 KSecPkg - ok

16:11:05.0147 1428 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

16:11:05.0147 1428 KtmRm - ok

16:11:05.0194 1428 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll

16:11:05.0194 1428 LanmanServer - ok

16:11:05.0241 1428 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:11:05.0241 1428 LanmanWorkstation - ok

16:11:05.0303 1428 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

16:11:05.0303 1428 lltdio - ok

16:11:05.0334 1428 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

16:11:05.0334 1428 lltdsvc - ok

16:11:05.0350 1428 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

16:11:05.0366 1428 lmhosts - ok

16:11:05.0413 1428 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

16:11:05.0413 1428 LSI_FC - ok

16:11:05.0428 1428 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

16:11:05.0428 1428 LSI_SAS - ok

16:11:05.0444 1428 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

16:11:05.0444 1428 LSI_SAS2 - ok

16:11:05.0459 1428 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

16:11:05.0459 1428 LSI_SCSI - ok

16:11:05.0491 1428 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

16:11:05.0491 1428 luafv - ok

16:11:05.0538 1428 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

16:11:05.0538 1428 MBAMProtector - ok

16:11:05.0584 1428 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

16:11:05.0584 1428 MBAMScheduler - ok

16:11:05.0616 1428 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

16:11:05.0631 1428 MBAMService - ok

16:11:05.0663 1428 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

16:11:05.0663 1428 Mcx2Svc - ok

16:11:05.0694 1428 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys

16:11:05.0694 1428 megasas - ok

16:11:05.0725 1428 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

16:11:05.0741 1428 MegaSR - ok

16:11:05.0756 1428 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

16:11:05.0756 1428 MMCSS - ok

16:11:05.0772 1428 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

16:11:05.0772 1428 Modem - ok

16:11:05.0803 1428 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

16:11:05.0819 1428 monitor - ok

16:11:05.0881 1428 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

16:11:05.0881 1428 mouclass - ok

16:11:05.0928 1428 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

16:11:05.0928 1428 mouhid - ok

16:11:05.0944 1428 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

16:11:05.0944 1428 mountmgr - ok

16:11:05.0991 1428 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

16:11:05.0991 1428 MozillaMaintenance - ok

16:11:06.0022 1428 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys

16:11:06.0022 1428 mpio - ok

16:11:06.0038 1428 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

16:11:06.0038 1428 mpsdrv - ok

16:11:06.0100 1428 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll

16:11:06.0100 1428 MpsSvc - ok

16:11:06.0116 1428 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

16:11:06.0131 1428 MRxDAV - ok

16:11:06.0178 1428 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

16:11:06.0178 1428 mrxsmb - ok

16:11:06.0194 1428 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:11:06.0194 1428 mrxsmb10 - ok

16:11:06.0225 1428 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:11:06.0225 1428 mrxsmb20 - ok

16:11:06.0241 1428 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys

16:11:06.0241 1428 msahci - ok

16:11:06.0272 1428 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys

16:11:06.0272 1428 msdsm - ok

16:11:06.0319 1428 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

16:11:06.0334 1428 MSDTC - ok

16:11:06.0334 1428 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

16:11:06.0350 1428 Msfs - ok

16:11:06.0366 1428 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

16:11:06.0366 1428 mshidkmdf - ok

16:11:06.0381 1428 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

16:11:06.0381 1428 msisadrv - ok

16:11:06.0428 1428 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

16:11:06.0428 1428 MSiSCSI - ok

16:11:06.0428 1428 msiserver - ok

16:11:06.0475 1428 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

16:11:06.0475 1428 MSKSSRV - ok

16:11:06.0491 1428 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

16:11:06.0491 1428 MSPCLOCK - ok

16:11:06.0506 1428 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

16:11:06.0522 1428 MSPQM - ok

16:11:06.0538 1428 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

16:11:06.0538 1428 MsRPC - ok

16:11:06.0553 1428 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

16:11:06.0553 1428 mssmbios - ok

16:11:06.0553 1428 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

16:11:06.0553 1428 MSTEE - ok

16:11:06.0569 1428 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

16:11:06.0569 1428 MTConfig - ok

16:11:06.0616 1428 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

16:11:06.0616 1428 MTsensor - ok

16:11:06.0631 1428 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

16:11:06.0631 1428 Mup - ok

16:11:06.0678 1428 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll

16:11:06.0678 1428 napagent - ok

16:11:06.0741 1428 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

16:11:06.0741 1428 NativeWifiP - ok

16:11:06.0788 1428 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys

16:11:06.0788 1428 NDIS - ok

16:11:06.0819 1428 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

16:11:06.0819 1428 NdisCap - ok

16:11:06.0866 1428 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

16:11:06.0866 1428 NdisTapi - ok

16:11:06.0897 1428 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

16:11:06.0897 1428 Ndisuio - ok

16:11:06.0913 1428 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

16:11:06.0913 1428 NdisWan - ok

16:11:06.0928 1428 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

16:11:06.0928 1428 NDProxy - ok

16:11:06.0959 1428 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

16:11:06.0959 1428 NetBIOS - ok

16:11:06.0975 1428 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

16:11:06.0975 1428 NetBT - ok

16:11:06.0991 1428 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe

16:11:06.0991 1428 Netlogon - ok

16:11:07.0038 1428 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

16:11:07.0053 1428 Netman - ok

16:11:07.0069 1428 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

16:11:07.0069 1428 netprofm - ok

16:11:07.0100 1428 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:11:07.0116 1428 NetTcpPortSharing - ok

16:11:07.0147 1428 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

16:11:07.0147 1428 nfrd960 - ok

16:11:07.0178 1428 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll

16:11:07.0178 1428 NlaSvc - ok

16:11:07.0194 1428 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

16:11:07.0194 1428 Npfs - ok

16:11:07.0225 1428 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

16:11:07.0225 1428 nsi - ok

16:11:07.0241 1428 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

16:11:07.0241 1428 nsiproxy - ok

16:11:07.0303 1428 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

16:11:07.0319 1428 Ntfs - ok

16:11:07.0334 1428 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

16:11:07.0334 1428 Null - ok

16:11:07.0616 1428 [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

16:11:07.0678 1428 nvlddmkm - ok

16:11:07.0709 1428 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys

16:11:07.0709 1428 nvraid - ok

16:11:07.0741 1428 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys

16:11:07.0756 1428 nvstor - ok

16:11:07.0788 1428 [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc C:\Windows\system32\nvvsvc.exe

16:11:07.0788 1428 nvsvc - ok

16:11:07.0819 1428 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

16:11:07.0819 1428 nv_agp - ok

16:11:07.0850 1428 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

16:11:07.0866 1428 ohci1394 - ok

16:11:07.0913 1428 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:11:07.0913 1428 ose - ok

16:11:08.0194 1428 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:11:08.0350 1428 osppsvc - ok

16:11:08.0397 1428 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

16:11:08.0397 1428 p2pimsvc - ok

16:11:08.0428 1428 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

16:11:08.0428 1428 p2psvc - ok

16:11:08.0475 1428 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

16:11:08.0475 1428 Parport - ok

16:11:08.0506 1428 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys

16:11:08.0506 1428 partmgr - ok

16:11:08.0522 1428 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

16:11:08.0522 1428 Parvdm - ok

16:11:08.0538 1428 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

16:11:08.0538 1428 PcaSvc - ok

16:11:08.0569 1428 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys

16:11:08.0569 1428 pci - ok

16:11:08.0584 1428 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys

16:11:08.0584 1428 pciide - ok

16:11:08.0600 1428 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

16:11:08.0600 1428 pcmcia - ok

16:11:08.0616 1428 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

16:11:08.0616 1428 pcw - ok

16:11:08.0678 1428 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

16:11:08.0678 1428 PEAUTH - ok

16:11:08.0725 1428 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

16:11:08.0741 1428 PeerDistSvc - ok

16:11:08.0803 1428 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll

16:11:08.0819 1428 pla - ok

16:11:08.0881 1428 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll

16:11:08.0881 1428 PlugPlay - ok

16:11:08.0913 1428 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

16:11:08.0913 1428 PNRPAutoReg - ok

16:11:08.0928 1428 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

16:11:08.0944 1428 PNRPsvc - ok

16:11:08.0959 1428 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

16:11:08.0975 1428 PolicyAgent - ok

16:11:08.0991 1428 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll

16:11:08.0991 1428 Power - ok

16:11:09.0038 1428 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

16:11:09.0038 1428 PptpMiniport - ok

16:11:09.0053 1428 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys

16:11:09.0069 1428 Processor - ok

16:11:09.0116 1428 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll

16:11:09.0116 1428 ProfSvc - ok

16:11:09.0131 1428 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

16:11:09.0147 1428 ProtectedStorage - ok

16:11:09.0178 1428 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

16:11:09.0178 1428 Psched - ok

16:11:09.0225 1428 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

16:11:09.0241 1428 ql2300 - ok

16:11:09.0272 1428 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

16:11:09.0272 1428 ql40xx - ok

16:11:09.0303 1428 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

16:11:09.0303 1428 QWAVE - ok

16:11:09.0334 1428 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

16:11:09.0334 1428 QWAVEdrv - ok

16:11:09.0350 1428 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

16:11:09.0350 1428 RasAcd - ok

16:11:09.0397 1428 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

16:11:09.0397 1428 RasAgileVpn - ok

16:11:09.0413 1428 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

16:11:09.0413 1428 RasAuto - ok

16:11:09.0428 1428 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

16:11:09.0428 1428 Rasl2tp - ok

16:11:09.0475 1428 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll

16:11:09.0475 1428 RasMan - ok

16:11:09.0491 1428 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

16:11:09.0491 1428 RasPppoe - ok

16:11:09.0506 1428 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

16:11:09.0506 1428 RasSstp - ok

16:11:09.0538 1428 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

16:11:09.0538 1428 rdbss - ok

16:11:09.0569 1428 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

16:11:09.0569 1428 rdpbus - ok

16:11:09.0569 1428 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

16:11:09.0569 1428 RDPCDD - ok

16:11:09.0600 1428 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

16:11:09.0600 1428 RDPDR - ok

16:11:09.0631 1428 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

16:11:09.0631 1428 RDPENCDD - ok

16:11:09.0663 1428 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

16:11:09.0663 1428 RDPREFMP - ok

16:11:09.0678 1428 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

16:11:09.0678 1428 RdpVideoMiniport - ok

16:11:09.0709 1428 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

16:11:09.0709 1428 RDPWD - ok

16:11:09.0772 1428 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

16:11:09.0772 1428 rdyboost - ok

16:11:09.0819 1428 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

16:11:09.0834 1428 RemoteAccess - ok

16:11:09.0866 1428 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

16:11:09.0866 1428 RemoteRegistry - ok

16:11:09.0897 1428 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

16:11:09.0897 1428 RpcEptMapper - ok

16:11:09.0928 1428 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

16:11:09.0928 1428 RpcLocator - ok

16:11:09.0944 1428 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll

16:11:09.0959 1428 RpcSs - ok

16:11:09.0991 1428 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

16:11:09.0991 1428 rspndr - ok

16:11:10.0038 1428 [ 86D27D129CC701183E22EFD001BE926F ] RTL8187 C:\Windows\system32\DRIVERS\wg111v2.sys

16:11:10.0053 1428 RTL8187 - ok

16:11:10.0084 1428 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

16:11:10.0084 1428 s3cap - ok

16:11:10.0084 1428 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe

16:11:10.0084 1428 SamSs - ok

16:11:10.0131 1428 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

16:11:10.0131 1428 sbp2port - ok

16:11:10.0163 1428 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

16:11:10.0178 1428 SCardSvr - ok

16:11:10.0178 1428 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

16:11:10.0178 1428 scfilter - ok

16:11:10.0225 1428 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll

16:11:10.0241 1428 Schedule - ok

16:11:10.0288 1428 [ 3B68015683C27CB00C7A6B60A37CBCFD ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys

16:11:10.0288 1428 SCMNdisP - ok

16:11:10.0303 1428 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll

16:11:10.0303 1428 SCPolicySvc - ok

16:11:10.0319 1428 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll

16:11:10.0334 1428 SDRSVC - ok

16:11:10.0366 1428 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

16:11:10.0381 1428 secdrv - ok

16:11:10.0381 1428 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

16:11:10.0397 1428 seclogon - ok

16:11:10.0428 1428 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll

16:11:10.0428 1428 SENS - ok

16:11:10.0444 1428 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

16:11:10.0459 1428 SensrSvc - ok

16:11:10.0475 1428 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

16:11:10.0475 1428 Serenum - ok

16:11:10.0491 1428 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

16:11:10.0491 1428 Serial - ok

16:11:10.0506 1428 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys

16:11:10.0522 1428 sermouse - ok

16:11:10.0553 1428 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll

16:11:10.0569 1428 SessionEnv - ok

16:11:10.0584 1428 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

16:11:10.0584 1428 sffdisk - ok

16:11:10.0584 1428 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

16:11:10.0584 1428 sffp_mmc - ok

16:11:10.0616 1428 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

16:11:10.0616 1428 sffp_sd - ok

16:11:10.0631 1428 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

16:11:10.0631 1428 sfloppy - ok

16:11:10.0663 1428 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

16:11:10.0663 1428 SharedAccess - ok

16:11:10.0694 1428 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:11:10.0694 1428 ShellHWDetection - ok

16:11:10.0709 1428 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys

16:11:10.0709 1428 sisagp - ok

16:11:10.0741 1428 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

16:11:10.0741 1428 SiSRaid2 - ok

16:11:10.0756 1428 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

16:11:10.0756 1428 SiSRaid4 - ok

16:11:10.0788 1428 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

16:11:10.0803 1428 Smb - ok

16:11:10.0834 1428 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

16:11:10.0834 1428 SNMPTRAP - ok

16:11:10.0850 1428 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

16:11:10.0850 1428 spldr - ok

16:11:10.0897 1428 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe

16:11:10.0913 1428 Spooler - ok

16:11:11.0006 1428 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe

16:11:11.0022 1428 sppsvc - ok

16:11:11.0038 1428 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll

16:11:11.0053 1428 sppuinotify - ok

16:11:11.0100 1428 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys

16:11:11.0100 1428 srv - ok

16:11:11.0116 1428 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

16:11:11.0116 1428 srv2 - ok

16:11:11.0147 1428 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

16:11:11.0147 1428 srvnet - ok

16:11:11.0178 1428 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

16:11:11.0178 1428 SSDPSRV - ok

16:11:11.0194 1428 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

16:11:11.0194 1428 SstpSvc - ok

16:11:11.0225 1428 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys

16:11:11.0225 1428 stexstor - ok

16:11:11.0303 1428 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll

16:11:11.0334 1428 StiSvc - ok

16:11:11.0366 1428 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

16:11:11.0366 1428 storflt - ok

16:11:11.0413 1428 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys

16:11:11.0413 1428 storvsc - ok

16:11:11.0413 1428 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

16:11:11.0428 1428 swenum - ok

16:11:11.0459 1428 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

16:11:11.0459 1428 swprv - ok

16:11:11.0491 1428 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys

16:11:11.0491 1428 Synth3dVsc - ok

16:11:11.0538 1428 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll

16:11:11.0553 1428 SysMain - ok

16:11:11.0569 1428 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:11:11.0569 1428 TabletInputService - ok

16:11:11.0600 1428 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll

16:11:11.0600 1428 TapiSrv - ok

16:11:11.0616 1428 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

16:11:11.0631 1428 TBS - ok

16:11:11.0678 1428 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys

16:11:11.0694 1428 Tcpip - ok

16:11:11.0741 1428 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

16:11:11.0741 1428 TCPIP6 - ok

16:11:11.0772 1428 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

16:11:11.0772 1428 tcpipreg - ok

16:11:11.0803 1428 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

16:11:11.0803 1428 TDPIPE - ok

16:11:11.0834 1428 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

16:11:11.0834 1428 TDTCP - ok

16:11:11.0850 1428 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

16:11:11.0850 1428 tdx - ok

16:11:11.0881 1428 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

16:11:11.0881 1428 TermDD - ok

16:11:11.0897 1428 [ E951866BAC5A23403F62A349EDBB6EEB ] terminpt C:\Windows\system32\drivers\terminpt.sys

16:11:11.0897 1428 terminpt - ok

16:11:11.0944 1428 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll

16:11:11.0959 1428 TermService - ok

16:11:11.0975 1428 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

16:11:11.0975 1428 Themes - ok

16:11:11.0991 1428 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

16:11:11.0991 1428 THREADORDER - ok

16:11:12.0022 1428 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

16:11:12.0038 1428 TrkWks - ok

16:11:12.0084 1428 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:11:12.0084 1428 TrustedInstaller - ok

16:11:12.0100 1428 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

16:11:12.0100 1428 tssecsrv - ok

16:11:12.0131 1428 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

16:11:12.0131 1428 TsUsbFlt - ok

16:11:12.0163 1428 [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

16:11:12.0163 1428 TsUsbGD - ok

16:11:12.0194 1428 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys

16:11:12.0194 1428 tsusbhub - ok

16:11:12.0225 1428 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

16:11:12.0225 1428 tunnel - ok

16:11:12.0241 1428 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys

16:11:12.0241 1428 uagp35 - ok

16:11:12.0272 1428 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys

16:11:12.0272 1428 udfs - ok

16:11:12.0303 1428 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

16:11:12.0319 1428 UI0Detect - ok

16:11:12.0350 1428 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

16:11:12.0350 1428 uliagpkx - ok

16:11:12.0381 1428 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys

16:11:12.0381 1428 umbus - ok

16:11:12.0397 1428 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys

16:11:12.0397 1428 UmPass - ok

16:11:12.0428 1428 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll

16:11:12.0428 1428 UmRdpService - ok

16:11:12.0459 1428 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

16:11:12.0475 1428 upnphost - ok

16:11:12.0491 1428 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

16:11:12.0491 1428 usbccgp - ok

16:11:12.0522 1428 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys

16:11:12.0522 1428 usbcir - ok

16:11:12.0553 1428 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

16:11:12.0553 1428 usbehci - ok

16:11:12.0584 1428 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

16:11:12.0600 1428 usbhub - ok

16:11:12.0616 1428 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

16:11:12.0616 1428 usbohci - ok

16:11:12.0631 1428 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys

16:11:12.0631 1428 usbprint - ok

16:11:12.0647 1428 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS

16:11:12.0647 1428 USBSTOR - ok

16:11:12.0663 1428 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

16:11:12.0663 1428 usbuhci - ok

16:11:12.0694 1428 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

16:11:12.0694 1428 UxSms - ok

16:11:12.0725 1428 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe

16:11:12.0725 1428 VaultSvc - ok

16:11:12.0756 1428 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

16:11:12.0756 1428 vdrvroot - ok

16:11:12.0788 1428 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe

16:11:12.0788 1428 vds - ok

16:11:12.0834 1428 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

16:11:12.0834 1428 vga - ok

16:11:12.0834 1428 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

16:11:12.0850 1428 VgaSave - ok

16:11:12.0850 1428 VGPU - ok

16:11:12.0897 1428 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

16:11:12.0897 1428 vhdmp - ok

16:11:12.0928 1428 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys

16:11:12.0928 1428 viaagp - ok

16:11:12.0944 1428 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys

16:11:12.0944 1428 ViaC7 - ok

16:11:12.0959 1428 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys

16:11:12.0959 1428 viaide - ok

16:11:12.0991 1428 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys

16:11:12.0991 1428 vmbus - ok

16:11:13.0006 1428 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

16:11:13.0006 1428 VMBusHID - ok

16:11:13.0038 1428 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys

16:11:13.0038 1428 volmgr - ok

16:11:13.0053 1428 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

16:11:13.0053 1428 volmgrx - ok

16:11:13.0084 1428 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys

16:11:13.0084 1428 volsnap - ok

16:11:13.0131 1428 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

16:11:13.0147 1428 vsmraid - ok

16:11:13.0178 1428 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe

16:11:13.0194 1428 VSS - ok

16:11:13.0225 1428 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

16:11:13.0225 1428 vwifibus - ok

16:11:13.0256 1428 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

16:11:13.0256 1428 vwififlt - ok

16:11:13.0334 1428 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

16:11:13.0334 1428 W32Time - ok

16:11:13.0366 1428 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

16:11:13.0381 1428 WacomPen - ok

16:11:13.0413 1428 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

16:11:13.0413 1428 WANARP - ok

16:11:13.0428 1428 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

16:11:13.0428 1428 Wanarpv6 - ok

16:11:13.0506 1428 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

16:11:13.0522 1428 WatAdminSvc - ok

16:11:13.0584 1428 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe

16:11:13.0600 1428 wbengine - ok

16:11:13.0616 1428 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

16:11:13.0616 1428 WbioSrvc - ok

16:11:13.0647 1428 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll

16:11:13.0647 1428 wcncsvc - ok

16:11:13.0663 1428 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:11:13.0678 1428 WcsPlugInService - ok

16:11:13.0694 1428 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys

16:11:13.0694 1428 Wd - ok

16:11:13.0725 1428 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

16:11:13.0725 1428 Wdf01000 - ok

16:11:13.0756 1428 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

16:11:13.0756 1428 WdiServiceHost - ok

16:11:13.0772 1428 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

16:11:13.0772 1428 WdiSystemHost - ok

16:11:13.0788 1428 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll

16:11:13.0803 1428 WebClient - ok

16:11:13.0819 1428 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

16:11:13.0834 1428 Wecsvc - ok

16:11:13.0850 1428 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

16:11:13.0850 1428 wercplsupport - ok

16:11:13.0897 1428 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

16:11:13.0897 1428 WerSvc - ok

16:11:14.0006 1428 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

16:11:14.0006 1428 WfpLwf - ok

16:11:14.0022 1428 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

16:11:14.0022 1428 WIMMount - ok

16:11:14.0084 1428 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

16:11:14.0084 1428 WinDefend - ok

16:11:14.0100 1428 WinHttpAutoProxySvc - ok

16:11:14.0147 1428 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

16:11:14.0147 1428 Winmgmt - ok

16:11:14.0209 1428 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll

16:11:14.0225 1428 WinRM - ok

16:11:14.0288 1428 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

16:11:14.0303 1428 Wlansvc - ok

16:11:14.0334 1428 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

16:11:14.0334 1428 WmiAcpi - ok

16:11:14.0350 1428 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

16:11:14.0350 1428 wmiApSrv - ok

16:11:14.0428 1428 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

16:11:14.0444 1428 WMPNetworkSvc - ok

16:11:14.0459 1428 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

16:11:14.0475 1428 WPCSvc - ok

16:11:14.0475 1428 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

16:11:14.0491 1428 WPDBusEnum - ok

16:11:14.0506 1428 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

16:11:14.0506 1428 ws2ifsl - ok

16:11:14.0538 1428 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll

16:11:14.0538 1428 wscsvc - ok

16:11:14.0553 1428 WSearch - ok

16:11:14.0616 1428 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

16:11:14.0631 1428 wuauserv - ok

16:11:14.0647 1428 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

16:11:14.0647 1428 WudfPf - ok

16:11:14.0694 1428 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

16:11:14.0694 1428 wudfsvc - ok

16:11:14.0725 1428 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll

16:11:14.0741 1428 WwanSvc - ok

16:11:14.0756 1428 ================ Scan global ===============================

16:11:14.0788 1428 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

16:11:14.0819 1428 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll

16:11:14.0834 1428 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll

16:11:14.0866 1428 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

16:11:14.0897 1428 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

16:11:14.0897 1428 [Global] - ok

16:11:14.0897 1428 ================ Scan MBR ==================================

16:11:14.0913 1428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

16:11:15.0334 1428 \Device\Harddisk0\DR0 - ok

16:11:15.0334 1428 ================ Scan VBR ==================================

16:11:15.0334 1428 [ DB30C159EE617A639483FFE4FCE584C9 ] \Device\Harddisk0\DR0\Partition1

16:11:15.0334 1428 \Device\Harddisk0\DR0\Partition1 - ok

16:11:15.0334 1428 ============================================================

16:11:15.0334 1428 Scan finished

16:11:15.0334 1428 ============================================================

16:11:15.0350 0168 Detected object count: 0

16:11:15.0350 0168 Actual detected object count: 0

Link to post
Share on other sites

eset found 24 threats

C:\Windows.old\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\ycqovo36.default\user.js JS/SecurityDisabler.A.Gen application cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\ycqovo36.default\extensions\ojclrmzlsk@ojclrmzlsk.org.xpi JS/Redirector.NCA trojan deleted - quarantined

C:\Windows.old\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\ycqovo36.default\extensions\plugin@startsearcher.com\content\sudoku.js Win32/StartSearcher application cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\ycqovo36.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\18\3b4bb792-46c72ebd multiple threats deleted - quarantined

C:\Windows.old\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\2\334b81c2-58360e94 multiple threats deleted - quarantined

C:\Windows.old\Documents and Settings\Alex\Application Data\Sun\Java\Deployment\cache\6.0\63\30f7177f-226ce1b7 a variant of Java/Exploit.CVE-2012-1723.AL trojan deleted - quarantined

C:\Windows.old\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagfgbgfgbdegbdcgfdhdjdbdedbdggb\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Alex\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagfgbgfgbdegbdcgfdhdjdbdedbdggb\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Alex\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\27\5e65a3db-191decce Java/Exploit.CVE-2012-1723.BP trojan deleted - quarantined

C:\Windows.old\Documents and Settings\Alex\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\38\1ad0b766-2b9d76da a variant of Java/Exploit.CVE-2012-4681.AK trojan deleted - quarantined

C:\Windows.old\Documents and Settings\Alex\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\57\287adeb9-5d2a138b a variant of Java/Exploit.CVE-2012-4681.AK trojan deleted - quarantined

C:\Windows.old\Documents and Settings\Alex\Local Settings\Temp\124kkk290347.exe Win32/LockScreen.AKU trojan cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Alex\Local Settings\Temp\ezLooker-S-Setup_Suite1.exe Win32/Adware.Yontoo application cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Alex\Local Settings\Temp\YontooFFClient.xpi Win32/Adware.Yontoo application deleted - quarantined

C:\Windows.old\Documents and Settings\Alex\Local Settings\Temp\YontooSetup-S.exe Win32/Adware.Yontoo application cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Alex\Local Settings\TempDIR\BetterInstaller.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\CXYF8PER\ezLooker-S-Setup_Suite1[1].exe Win32/Adware.Yontoo application cleaned by deleting - quarantined

C:\Windows.old\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined

C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined

C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined

C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined

C:\Windows.old\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined

Link to post
Share on other sites

adcleaner log

# AdwCleaner v2.007 - Logfile created 11/12/2012 at 17:32:41

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Busta - BUSTA-PC

# Boot Mode : Normal

# Running from : C:\Users\Busta\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\user.js

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Users\Busta\AppData\Local\Conduit

Folder Found : C:\Users\Busta\AppData\LocalLow\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKU\S-1-5-21-2150842207-1263672275-3154387700-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Busta\AppData\Roaming\Mozilla\Firefox\Profiles\79bjpox7.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Busta\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1775 octets] - [12/11/2012 17:32:28]

AdwCleaner[R2].txt - [1706 octets] - [12/11/2012 17:32:41]

########## EOF - C:\AdwCleaner[R2].txt - [1766 octets] ##########

Link to post
Share on other sites

  • Staff

Hi,

Please try this link instead:

http://www.bleepingcomputer.com/download/securitycheck/

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Link to post
Share on other sites

this is security check

Results of screen317's Security Check version 0.99.54

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

CCleaner

Java 7 Update 9

Adobe Flash Player 11.5.502.110

Mozilla Firefox (16.0.2)

Google Chrome 23.0.1271.64

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

this is adcleaner

# AdwCleaner v2.007 - Logfile created 11/15/2012 at 00:28:08

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Busta - BUSTA-PC

# Boot Mode : Normal

# Running from : C:\Users\Busta\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\user.js

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Users\Busta\AppData\Local\Conduit

Folder Deleted : C:\Users\Busta\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Busta\AppData\Roaming\Mozilla\Firefox\Profiles\79bjpox7.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Busta\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1775 octets] - [12/11/2012 17:32:28]

AdwCleaner[R2].txt - [1835 octets] - [12/11/2012 17:32:41]

AdwCleaner[R3].txt - [1893 octets] - [12/11/2012 17:37:00]

AdwCleaner[s1].txt - [1693 octets] - [15/11/2012 00:28:08]

########## EOF - C:\AdwCleaner[s1].txt - [1753 octets] ##########

Link to post
Share on other sites

  • Staff

Hi,

I apologize for the delay.

Run TFC by OldTimer to clear temporary files:

  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Please double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with Yes.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck and TDSSKiller.

Click Start, type in Windows Update, and click on Windows Update when it appears. Install all available updates.

Let me know what issues remain.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.