Is it malware? What happened?

[Deeter]

Post number 26 here ( http://forums.malwarebytes.org/index.php?showtopic=123552&st=20 ) contains my first DDS logs (you may want to read that thread anyway). They were done with Kaspersky internet security 2013 active as I do not know if it has a script blocker and am uncomfortable with disabling it.

I have attached some new DDS files (ran without disabling kaspersky pure 3.0). Since the last time I have removed Kaspersky internet security and replaced it with Kaspersky pure 3.0. Now my scans are finishing. Both Kasperksy pure 3.0 and Malwarebytes pro have found nothing.

Actually, you should read that thread as it will be enlightening.

I don't want to remove Kas and MB and reinstall them and do that mini-toolbox thing, but will if I have to. Let me know.

If I need to disable kaspersky and run DDS, let me know.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464

Run by n at 14:19:07 on 2013-03-10

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8173.5400 [GMT -5:00]

.

AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll

TB: Kaspersky Passsword Manager Toolbar: {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"

dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll

TCP: NameServer = 8.26.56.26 8.20.247.20

TCP: Interfaces\{D967BCD4-7095-4CCB-8154-F8630495EB7E} : NameServer = 8.26.56.26,8.20.247.20

TCP: Interfaces\{D967BCD4-7095-4CCB-8154-F8630495EB7E} : DHCPNameServer = 8.26.56.26 8.20.247.20

SSODL: WebCheck - <orphaned>

x64-mStart Page = about:blank

x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll

x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -

x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -

x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2013-3-8 84536]

R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013-3-8 66616]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]

R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-10-18 54104]

R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2012-12-20 356968]

R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-9 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-9 682344]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-9-3 29016]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-9-3 29528]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-9 24176]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-9 565352]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-11-9 46136]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-10 19456]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-10 29696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-10 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-10 30208]

S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-10 1255736]

.

=============== Created Last 30 ================

.

2013-03-09 23:44:38 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2BF4CC09-7A2F-4C2B-8E79-56B25D19E8D6}\mpengine.dll

2013-03-09 03:22:41 64856 ----a-w- C:\Windows\System32\klfphc.dll

2013-03-09 03:22:37 84536 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys

2013-03-09 03:22:37 66616 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys

2013-03-09 03:22:31 -------- d-----w- C:\ProgramData\Kaspersky Lab

2013-03-09 03:22:31 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2013-03-09 03:22:31 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch

2013-03-09 03:21:53 89944 ----a-w- C:\Windows\System32\drivers\klflt.sys

2013-03-09 02:51:07 -------- d--h--w- C:\kleaner.tmp

2013-03-08 01:40:37 -------- d-----w- C:\Users\n\AppData\Local\lptmp245130699

2013-03-07 03:13:47 9842040 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe

2013-02-21 20:56:13 -------- d-----w- C:\ProgramData\EA Core

2013-02-21 20:55:55 -------- d-----w- C:\ProgramData\EA Logs

2013-02-21 20:32:02 -------- d-----w- C:\Windows\SysWow64\%Report%

2013-02-21 19:13:25 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-02-21 18:14:21 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2013-02-21 18:14:13 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2013-02-21 17:08:14 -------- d-----w- C:\Program Files (x86)\Origin Games

2013-02-21 17:08:13 -------- d-----w- C:\Users\n\AppData\Local\Origin

2013-02-21 17:08:02 -------- d-----w- C:\ProgramData\Electronic Arts

2013-02-21 17:07:49 -------- d-----w- C:\Program Files (x86)\Origin

2013-02-21 16:38:51 -------- d-----w- C:\Users\n\AppData\Roaming\Origin

2013-02-21 16:36:30 -------- d-----w- C:\ProgramData\Origin

2013-02-13 17:18:49 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 17:18:49 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 17:14:33 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 17:14:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 17:14:32 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 17:14:32 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 17:14:32 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 17:14:32 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 17:14:27 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 17:14:26 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 17:14:26 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 17:14:25 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 17:14:03 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 17:14:03 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2013-02-28 02:19:18 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-28 02:19:18 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-17 07:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-25 21:32:12 1409 ----a-w- C:\Windows\QTFont.for

2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll

2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll

2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll

2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe

2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll

2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll

2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 14:19:28.51 ===============

3-10 Attach.txt

[Maurice Naggar]

Hello Deeter.

I will be helping you. Please follow my guidance. If as we go along, if something is not clear, then Stop and ask me.

Always wait for my reply.

Meantime, do not do any tweaks / changes / additions to the system before asking me first.

Going forward, always Copy & Paste all contents of log(s) directly within main-body of reply box.

You may use 1 reply per each log.

Start NOTEPAD

Start NOTEPAD. Check and make sure "word wrap" is off.

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

Now exit Notepad.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Press Windows-key +R key on your keyboard to get RUN option.
  
• Type in

  explorer.exe

  and press Enter to start Windows Explorer.
  

• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 5

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

• the contents of C:\AdwCleaner[R1].txt;
  
• the contents of TDSSKILLER log;
  
• the contents of RKReport log;
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[Deeter]

You want me to disable my firewall (I have Kaspersky Pure 3.0 and Malwarebytes Pro active) but NOT turn it off?

This I do not understand.

[Maurice Naggar]

Leave the firewall on. Leave it as is. As to MBAM, it should not be necessary to worry about it, either.

All I asked, is to turn off the Antivirus component of Kaspersky.

[Deeter]

You said "leave it as it is". Where you referring to just the firewall? Should I just leaving everything in Kasperksy as it is? If i do need to disable the antivirus, should I disable all the types of antivirus (There's file, mail web, and IM antiviruses)?

[Maurice Naggar]

You said "leave it as it is". Where you referring to just the firewall?

YES !!

Should I just leaving everything in Kasperksy as it is? If i do need to disable the antivirus, should I disable all the types of antivirus (There's file, mail web, and IM antiviruses)?

Turn off all of Kaspersky. I think that is the easiest for you to do.

[Deeter]

I made two of these because I couldn't find the log of the first one (I guess I closed the box and didn't realize it) by doing a search. I found it by manually searching the C drive.

So, here are both files from ADW.

# AdwCleaner v2.114 - Logfile created 03/12/2013 at 15:35:06

# Updated 05/03/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : n - N-PC

# Boot Mode : Normal

# Running from : C:\Users\h\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\S

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [538 octets] - [12/03/2013 15:35:06]

########## EOF - \AdwCleaner[R1].txt - [597 octets] ##########

and now the second one

# AdwCleaner v2.114 - Logfile created 03/12/2013 at 15:48:36

# Updated 05/03/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : n - N-PC

# Boot Mode : Normal

# Running from : C:\Users\h\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\S

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [663 octets] - [12/03/2013 15:35:06]

AdwCleaner[R2].txt - [597 octets] - [12/03/2013 15:48:36]

########## EOF - \AdwCleaner[R2].txt - [656 octets] ##########

[Deeter]

TDSSKiller found nothing, but I cannot post the log as there is no way to copy it or save it. Right clicking does nothing.

Never mind I had to use control C. I'm glad that worked.

I pasted it into word pad first so that I could save it and close it while having no programs running for the Rogue Killer program.

15:36:02.0062 1660 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

15:36:02.0078 1660 ============================================================

15:36:02.0078 1660 Current date / time: 2013/03/12 15:36:02.0078

15:36:02.0078 1660 SystemInfo:

15:36:02.0078 1660

15:36:02.0078 1660 OS Version: 6.1.7601 ServicePack: 1.0

15:36:02.0078 1660 Product type: Workstation

15:36:02.0078 1660 ComputerName: N-PC

15:36:02.0078 1660 UserName: n

15:36:02.0078 1660 Windows directory: C:\Windows

15:36:02.0078 1660 System windows directory: C:\Windows

15:36:02.0078 1660 Running under WOW64

15:36:02.0078 1660 Processor architecture: Intel x64

15:36:02.0078 1660 Number of processors: 4

15:36:02.0078 1660 Page size: 0x1000

15:36:02.0078 1660 Boot type: Normal boot

15:36:02.0078 1660 ============================================================

15:36:02.0250 1660 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

15:36:02.0265 1660 ============================================================

15:36:02.0265 1660 \Device\Harddisk0\DR0:

15:36:02.0265 1660 MBR partitions:

15:36:02.0265 1660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

15:36:02.0265 1660 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800

15:36:02.0265 1660 ============================================================

15:36:02.0265 1660 C: <-> \Device\Harddisk0\DR0\Partition2

15:36:02.0265 1660 ============================================================

15:36:02.0265 1660 Initialize success

15:36:02.0265 1660 ============================================================

15:36:14.0012 4604 ============================================================

15:36:14.0012 4604 Scan started

15:36:14.0012 4604 Mode: Manual;

15:36:14.0012 4604 ============================================================

15:36:14.0121 4604 ================ Scan system memory ========================

15:36:14.0121 4604 System memory - ok

15:36:14.0121 4604 ================ Scan services =============================

15:36:14.0230 4604 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

15:36:14.0230 4604 1394ohci - ok

15:36:14.0230 4604 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

15:36:14.0230 4604 ACPI - ok

15:36:14.0246 4604 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

15:36:14.0246 4604 AcpiPmi - ok

15:36:14.0262 4604 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

15:36:14.0262 4604 AdobeARMservice - ok

15:36:14.0340 4604 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:36:14.0340 4604 AdobeFlashPlayerUpdateSvc - ok

15:36:14.0355 4604 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

15:36:14.0355 4604 adp94xx - ok

15:36:14.0371 4604 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

15:36:14.0371 4604 adpahci - ok

15:36:14.0386 4604 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

15:36:14.0386 4604 adpu320 - ok

15:36:14.0386 4604 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

15:36:14.0386 4604 AeLookupSvc - ok

15:36:14.0402 4604 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

15:36:14.0402 4604 AFD - ok

15:36:14.0418 4604 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

15:36:14.0418 4604 agp440 - ok

15:36:14.0418 4604 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

15:36:14.0418 4604 ALG - ok

15:36:14.0418 4604 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

15:36:14.0418 4604 aliide - ok

15:36:14.0418 4604 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

15:36:14.0418 4604 AMD External Events Utility - ok

15:36:14.0433 4604 AMD FUEL Service - ok

15:36:14.0433 4604 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

15:36:14.0433 4604 amdide - ok

15:36:14.0433 4604 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys

15:36:14.0433 4604 amdiox64 - ok

15:36:14.0433 4604 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

15:36:14.0433 4604 AmdK8 - ok

15:36:14.0542 4604 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

15:36:14.0589 4604 amdkmdag - ok

15:36:14.0605 4604 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

15:36:14.0605 4604 amdkmdap - ok

15:36:14.0605 4604 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

15:36:14.0605 4604 AmdPPM - ok

15:36:14.0620 4604 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

15:36:14.0620 4604 amdsata - ok

15:36:14.0620 4604 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

15:36:14.0620 4604 amdsbs - ok

15:36:14.0620 4604 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

15:36:14.0620 4604 amdxata - ok

15:36:14.0636 4604 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

15:36:14.0636 4604 AODDriver4.01 - ok

15:36:14.0636 4604 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

15:36:14.0636 4604 AppID - ok

15:36:14.0636 4604 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

15:36:14.0636 4604 AppIDSvc - ok

15:36:14.0636 4604 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

15:36:14.0636 4604 Appinfo - ok

15:36:14.0652 4604 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

15:36:14.0652 4604 AppMgmt - ok

15:36:14.0652 4604 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

15:36:14.0652 4604 arc - ok

15:36:14.0652 4604 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

15:36:14.0652 4604 arcsas - ok

15:36:14.0667 4604 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

15:36:14.0667 4604 AsyncMac - ok

15:36:14.0667 4604 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

15:36:14.0667 4604 atapi - ok

15:36:14.0667 4604 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

15:36:14.0667 4604 AtiHDAudioService - ok

15:36:14.0683 4604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:36:14.0683 4604 AudioEndpointBuilder - ok

15:36:14.0698 4604 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

15:36:14.0698 4604 AudioSrv - ok

15:36:14.0714 4604 [ C6CDA4E093DD3B2977F87DA498827FCB ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

15:36:14.0714 4604 AVP - ok

15:36:14.0714 4604 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

15:36:14.0714 4604 AxInstSV - ok

15:36:14.0730 4604 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

15:36:14.0730 4604 b06bdrv - ok

15:36:14.0730 4604 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

15:36:14.0730 4604 b57nd60a - ok

15:36:14.0745 4604 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

15:36:14.0745 4604 BDESVC - ok

15:36:14.0745 4604 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

15:36:14.0745 4604 Beep - ok

15:36:14.0745 4604 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

15:36:14.0761 4604 BFE - ok

15:36:14.0776 4604 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

15:36:14.0776 4604 BITS - ok

15:36:14.0776 4604 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

15:36:14.0776 4604 blbdrive - ok

15:36:14.0792 4604 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

15:36:14.0792 4604 bowser - ok

15:36:14.0792 4604 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

15:36:14.0792 4604 BrFiltLo - ok

15:36:14.0792 4604 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

15:36:14.0792 4604 BrFiltUp - ok

15:36:14.0792 4604 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

15:36:14.0792 4604 Browser - ok

15:36:14.0808 4604 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

15:36:14.0808 4604 Brserid - ok

15:36:14.0808 4604 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

15:36:14.0808 4604 BrSerWdm - ok

15:36:14.0808 4604 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

15:36:14.0808 4604 BrUsbMdm - ok

15:36:14.0808 4604 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

15:36:14.0808 4604 BrUsbSer - ok

15:36:14.0823 4604 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

15:36:14.0823 4604 BTHMODEM - ok

15:36:14.0823 4604 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

15:36:14.0823 4604 bthserv - ok

15:36:14.0823 4604 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

15:36:14.0823 4604 cdfs - ok

15:36:14.0839 4604 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

15:36:14.0839 4604 cdrom - ok

15:36:14.0839 4604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

15:36:14.0839 4604 CertPropSvc - ok

15:36:14.0839 4604 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

15:36:14.0839 4604 circlass - ok

15:36:14.0854 4604 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

15:36:14.0854 4604 CLFS - ok

15:36:14.0854 4604 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:36:14.0854 4604 clr_optimization_v2.0.50727_32 - ok

15:36:14.0870 4604 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:36:14.0870 4604 clr_optimization_v2.0.50727_64 - ok

15:36:14.0870 4604 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:36:14.0870 4604 clr_optimization_v4.0.30319_32 - ok

15:36:14.0886 4604 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:36:14.0886 4604 clr_optimization_v4.0.30319_64 - ok

15:36:14.0886 4604 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

15:36:14.0886 4604 CmBatt - ok

15:36:14.0886 4604 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

15:36:14.0886 4604 cmdide - ok

15:36:14.0901 4604 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

15:36:14.0901 4604 CNG - ok

15:36:14.0901 4604 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

15:36:14.0901 4604 Compbatt - ok

15:36:14.0901 4604 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

15:36:14.0901 4604 CompositeBus - ok

15:36:14.0901 4604 COMSysApp - ok

15:36:14.0917 4604 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

15:36:14.0917 4604 crcdisk - ok

15:36:14.0917 4604 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

15:36:14.0917 4604 CryptSvc - ok

15:36:14.0932 4604 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

15:36:14.0932 4604 CSC - ok

15:36:14.0932 4604 [ 04199CA5C4A6F6E935906A74EAFCA8E7 ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys

15:36:14.0932 4604 CSCrySec - ok

15:36:14.0948 4604 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

15:36:14.0948 4604 CscService - ok

15:36:14.0964 4604 [ 0F9FE82E229C039F0AC1996E44059653 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

15:36:14.0964 4604 CSObjectsSrv - ok

15:36:14.0964 4604 [ 7D7F90460F1309B5205BF8CDFAD63E42 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys

15:36:14.0964 4604 CSVirtualDiskDrv - ok

15:36:14.0979 4604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

15:36:14.0979 4604 DcomLaunch - ok

15:36:14.0979 4604 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

15:36:14.0995 4604 defragsvc - ok

15:36:14.0995 4604 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

15:36:14.0995 4604 DfsC - ok

15:36:14.0995 4604 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

15:36:15.0010 4604 Dhcp - ok

15:36:15.0010 4604 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

15:36:15.0010 4604 discache - ok

15:36:15.0010 4604 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

15:36:15.0010 4604 Disk - ok

15:36:15.0010 4604 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

15:36:15.0010 4604 dmvsc - ok

15:36:15.0026 4604 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

15:36:15.0026 4604 Dnscache - ok

15:36:15.0026 4604 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

15:36:15.0026 4604 dot3svc - ok

15:36:15.0042 4604 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

15:36:15.0042 4604 DPS - ok

15:36:15.0042 4604 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

15:36:15.0042 4604 drmkaud - ok

15:36:15.0057 4604 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

15:36:15.0057 4604 DXGKrnl - ok

15:36:15.0057 4604 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

15:36:15.0057 4604 EapHost - ok

15:36:15.0088 4604 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

15:36:15.0120 4604 ebdrv - ok

15:36:15.0120 4604 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

15:36:15.0120 4604 EFS - ok

15:36:15.0135 4604 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

15:36:15.0135 4604 ehRecvr - ok

15:36:15.0135 4604 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

15:36:15.0135 4604 ehSched - ok

15:36:15.0151 4604 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

15:36:15.0151 4604 elxstor - ok

15:36:15.0151 4604 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

15:36:15.0151 4604 ErrDev - ok

15:36:15.0166 4604 [ DB6AEC32FAF5BD002D9ED6C38692D42B ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys

15:36:15.0166 4604 EtronHub3 - ok

15:36:15.0166 4604 [ 9CC2F24274741E12F9DF92125EA6D6D8 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys

15:36:15.0166 4604 EtronXHCI - ok

15:36:15.0166 4604 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

15:36:15.0182 4604 EventSystem - ok

15:36:15.0182 4604 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

15:36:15.0182 4604 exfat - ok

15:36:15.0182 4604 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

15:36:15.0182 4604 fastfat - ok

15:36:15.0198 4604 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

15:36:15.0198 4604 Fax - ok

15:36:15.0213 4604 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

15:36:15.0213 4604 fdc - ok

15:36:15.0213 4604 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

15:36:15.0213 4604 fdPHost - ok

15:36:15.0213 4604 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

15:36:15.0213 4604 FDResPub - ok

15:36:15.0213 4604 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

15:36:15.0229 4604 FileInfo - ok

15:36:15.0229 4604 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

15:36:15.0229 4604 Filetrace - ok

15:36:15.0229 4604 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

15:36:15.0229 4604 flpydisk - ok

15:36:15.0229 4604 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

15:36:15.0229 4604 FltMgr - ok

15:36:15.0244 4604 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

15:36:15.0260 4604 FontCache - ok

15:36:15.0260 4604 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:36:15.0260 4604 FontCache3.0.0.0 - ok

15:36:15.0260 4604 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

15:36:15.0260 4604 FsDepends - ok

15:36:15.0276 4604 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

15:36:15.0276 4604 Fs_Rec - ok

15:36:15.0276 4604 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

15:36:15.0276 4604 fvevol - ok

15:36:15.0276 4604 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

15:36:15.0276 4604 gagp30kx - ok

15:36:15.0276 4604 gdrv - ok

15:36:15.0291 4604 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

15:36:15.0291 4604 gpsvc - ok

15:36:15.0307 4604 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

15:36:15.0307 4604 hcw85cir - ok

15:36:15.0307 4604 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:36:15.0307 4604 HdAudAddService - ok

15:36:15.0307 4604 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

15:36:15.0307 4604 HDAudBus - ok

15:36:15.0322 4604 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

15:36:15.0322 4604 HidBatt - ok

15:36:15.0322 4604 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

15:36:15.0322 4604 HidBth - ok

15:36:15.0322 4604 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

15:36:15.0322 4604 HidIr - ok

15:36:15.0322 4604 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

15:36:15.0322 4604 hidserv - ok

15:36:15.0338 4604 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

15:36:15.0338 4604 HidUsb - ok

15:36:15.0338 4604 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

15:36:15.0338 4604 hkmsvc - ok

15:36:15.0338 4604 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:36:15.0338 4604 HomeGroupListener - ok

15:36:15.0354 4604 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:36:15.0354 4604 HomeGroupProvider - ok

15:36:15.0354 4604 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

15:36:15.0354 4604 HpSAMD - ok

15:36:15.0369 4604 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

15:36:15.0369 4604 HTTP - ok

15:36:15.0369 4604 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

15:36:15.0369 4604 hwpolicy - ok

15:36:15.0369 4604 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

15:36:15.0385 4604 i8042prt - ok

15:36:15.0385 4604 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

15:36:15.0385 4604 iaStorV - ok

15:36:15.0400 4604 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:36:15.0400 4604 idsvc - ok

15:36:15.0416 4604 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

15:36:15.0416 4604 iirsp - ok

15:36:15.0416 4604 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

15:36:15.0432 4604 IKEEXT - ok

15:36:15.0432 4604 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

15:36:15.0432 4604 intelide - ok

15:36:15.0432 4604 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys

15:36:15.0432 4604 intelppm - ok

15:36:15.0447 4604 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

15:36:15.0447 4604 IPBusEnum - ok

15:36:15.0447 4604 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:36:15.0447 4604 IpFilterDriver - ok

15:36:15.0447 4604 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

15:36:15.0463 4604 iphlpsvc - ok

15:36:15.0463 4604 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

15:36:15.0463 4604 IPMIDRV - ok

15:36:15.0463 4604 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

15:36:15.0463 4604 IPNAT - ok

15:36:15.0463 4604 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

15:36:15.0463 4604 IRENUM - ok

15:36:15.0478 4604 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

15:36:15.0478 4604 isapnp - ok

15:36:15.0478 4604 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

15:36:15.0478 4604 iScsiPrt - ok

15:36:15.0478 4604 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

15:36:15.0478 4604 kbdclass - ok

15:36:15.0494 4604 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

15:36:15.0494 4604 kbdhid - ok

15:36:15.0494 4604 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

15:36:15.0494 4604 KeyIso - ok

15:36:15.0494 4604 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys

15:36:15.0494 4604 kl1 - ok

15:36:15.0510 4604 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys

15:36:15.0510 4604 KLIF - ok

15:36:15.0525 4604 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys

15:36:15.0525 4604 KLIM6 - ok

15:36:15.0525 4604 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys

15:36:15.0525 4604 klkbdflt - ok

15:36:15.0525 4604 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys

15:36:15.0525 4604 klmouflt - ok

15:36:15.0525 4604 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys

15:36:15.0525 4604 kltdi - ok

15:36:15.0541 4604 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys

15:36:15.0541 4604 kneps - ok

15:36:15.0541 4604 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

15:36:15.0541 4604 KSecDD - ok

15:36:15.0541 4604 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

15:36:15.0541 4604 KSecPkg - ok

15:36:15.0541 4604 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

15:36:15.0541 4604 ksthunk - ok

15:36:15.0556 4604 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

15:36:15.0556 4604 KtmRm - ok

15:36:15.0556 4604 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

15:36:15.0572 4604 LanmanServer - ok

15:36:15.0572 4604 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:36:15.0572 4604 LanmanWorkstation - ok

15:36:15.0572 4604 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

15:36:15.0572 4604 lltdio - ok

15:36:15.0588 4604 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

15:36:15.0588 4604 lltdsvc - ok

15:36:15.0588 4604 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

15:36:15.0588 4604 lmhosts - ok

15:36:15.0603 4604 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

15:36:15.0603 4604 LSI_FC - ok

15:36:15.0603 4604 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

15:36:15.0603 4604 LSI_SAS - ok

15:36:15.0603 4604 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

15:36:15.0603 4604 LSI_SAS2 - ok

15:36:15.0603 4604 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

15:36:15.0619 4604 LSI_SCSI - ok

15:36:15.0619 4604 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

15:36:15.0619 4604 luafv - ok

15:36:15.0619 4604 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

15:36:15.0619 4604 MBAMProtector - ok

15:36:15.0634 4604 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

15:36:15.0634 4604 MBAMScheduler - ok

15:36:15.0634 4604 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:36:15.0634 4604 MBAMService - ok

15:36:15.0650 4604 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

15:36:15.0650 4604 Mcx2Svc - ok

15:36:15.0650 4604 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

15:36:15.0650 4604 megasas - ok

15:36:15.0650 4604 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

15:36:15.0666 4604 MegaSR - ok

15:36:15.0666 4604 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

15:36:15.0666 4604 MMCSS - ok

15:36:15.0666 4604 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

15:36:15.0666 4604 Modem - ok

15:36:15.0666 4604 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

15:36:15.0666 4604 monitor - ok

15:36:15.0666 4604 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

15:36:15.0666 4604 mouclass - ok

15:36:15.0681 4604 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

15:36:15.0681 4604 mouhid - ok

15:36:15.0681 4604 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

15:36:15.0681 4604 mountmgr - ok

15:36:15.0681 4604 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

15:36:15.0681 4604 MozillaMaintenance - ok

15:36:15.0681 4604 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

15:36:15.0697 4604 mpio - ok

15:36:15.0697 4604 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

15:36:15.0697 4604 mpsdrv - ok

15:36:15.0697 4604 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

15:36:15.0712 4604 MpsSvc - ok

15:36:15.0712 4604 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

15:36:15.0712 4604 MRxDAV - ok

15:36:15.0712 4604 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

15:36:15.0728 4604 mrxsmb - ok

15:36:15.0728 4604 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:36:15.0728 4604 mrxsmb10 - ok

15:36:15.0728 4604 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:36:15.0728 4604 mrxsmb20 - ok

15:36:15.0744 4604 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

15:36:15.0744 4604 msahci - ok

15:36:15.0744 4604 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

15:36:15.0744 4604 msdsm - ok

15:36:15.0744 4604 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

15:36:15.0744 4604 MSDTC - ok

15:36:15.0759 4604 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

15:36:15.0759 4604 Msfs - ok

15:36:15.0759 4604 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

15:36:15.0759 4604 mshidkmdf - ok

15:36:15.0759 4604 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

15:36:15.0759 4604 msisadrv - ok

15:36:15.0759 4604 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

15:36:15.0759 4604 MSiSCSI - ok

15:36:15.0775 4604 msiserver - ok

15:36:15.0775 4604 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

15:36:15.0775 4604 MSKSSRV - ok

15:36:15.0775 4604 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

15:36:15.0775 4604 MSPCLOCK - ok

15:36:15.0775 4604 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

15:36:15.0775 4604 MSPQM - ok

15:36:15.0790 4604 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

15:36:15.0790 4604 MsRPC - ok

15:36:15.0790 4604 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

15:36:15.0790 4604 mssmbios - ok

15:36:15.0790 4604 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

15:36:15.0790 4604 MSTEE - ok

15:36:15.0806 4604 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

15:36:15.0806 4604 MTConfig - ok

15:36:15.0806 4604 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

15:36:15.0806 4604 Mup - ok

15:36:15.0806 4604 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

15:36:15.0822 4604 napagent - ok

15:36:15.0822 4604 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

15:36:15.0822 4604 NativeWifiP - ok

15:36:15.0837 4604 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

15:36:15.0837 4604 NDIS - ok

15:36:15.0837 4604 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

15:36:15.0837 4604 NdisCap - ok

15:36:15.0837 4604 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

15:36:15.0837 4604 NdisTapi - ok

15:36:15.0853 4604 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

15:36:15.0853 4604 Ndisuio - ok

15:36:15.0853 4604 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

15:36:15.0853 4604 NdisWan - ok

15:36:15.0853 4604 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

15:36:15.0853 4604 NDProxy - ok

15:36:15.0853 4604 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

15:36:15.0868 4604 NetBIOS - ok

15:36:15.0868 4604 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

15:36:15.0868 4604 NetBT - ok

15:36:15.0868 4604 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

15:36:15.0868 4604 Netlogon - ok

15:36:15.0884 4604 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

15:36:15.0884 4604 Netman - ok

15:36:15.0884 4604 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

15:36:15.0884 4604 netprofm - ok

15:36:15.0900 4604 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:36:15.0900 4604 NetTcpPortSharing - ok

15:36:15.0900 4604 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

15:36:15.0900 4604 nfrd960 - ok

15:36:15.0915 4604 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

15:36:15.0915 4604 NlaSvc - ok

15:36:15.0915 4604 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

15:36:15.0915 4604 Npfs - ok

15:36:15.0915 4604 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

15:36:15.0915 4604 nsi - ok

15:36:15.0915 4604 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

15:36:15.0915 4604 nsiproxy - ok

15:36:15.0946 4604 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

15:36:15.0962 4604 Ntfs - ok

15:36:15.0962 4604 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

15:36:15.0962 4604 Null - ok

15:36:15.0962 4604 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

15:36:15.0962 4604 nvraid - ok

15:36:15.0962 4604 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

15:36:15.0978 4604 nvstor - ok

15:36:15.0978 4604 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

15:36:15.0978 4604 nv_agp - ok

15:36:15.0978 4604 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

15:36:15.0978 4604 ohci1394 - ok

15:36:15.0978 4604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

15:36:15.0993 4604 p2pimsvc - ok

15:36:15.0993 4604 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

15:36:15.0993 4604 p2psvc - ok

15:36:16.0009 4604 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

15:36:16.0009 4604 Parport - ok

15:36:16.0009 4604 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

15:36:16.0009 4604 partmgr - ok

15:36:16.0009 4604 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

15:36:16.0024 4604 PcaSvc - ok

15:36:16.0024 4604 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

15:36:16.0024 4604 pci - ok

15:36:16.0024 4604 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

15:36:16.0024 4604 pciide - ok

15:36:16.0024 4604 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

15:36:16.0024 4604 pcmcia - ok

15:36:16.0040 4604 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

15:36:16.0040 4604 pcw - ok

15:36:16.0040 4604 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

15:36:16.0056 4604 PEAUTH - ok

15:36:16.0056 4604 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

15:36:16.0071 4604 PeerDistSvc - ok

15:36:16.0102 4604 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

15:36:16.0102 4604 PerfHost - ok

15:36:16.0118 4604 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

15:36:16.0134 4604 pla - ok

15:36:16.0134 4604 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

15:36:16.0149 4604 PlugPlay - ok

15:36:16.0149 4604 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

15:36:16.0149 4604 PNRPAutoReg - ok

15:36:16.0149 4604 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

15:36:16.0149 4604 PNRPsvc - ok

15:36:16.0165 4604 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

15:36:16.0165 4604 PolicyAgent - ok

15:36:16.0180 4604 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

15:36:16.0180 4604 Power - ok

15:36:16.0180 4604 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

15:36:16.0180 4604 PptpMiniport - ok

15:36:16.0180 4604 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

15:36:16.0180 4604 Processor - ok

15:36:16.0196 4604 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

15:36:16.0196 4604 ProfSvc - ok

15:36:16.0196 4604 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

15:36:16.0196 4604 ProtectedStorage - ok

15:36:16.0212 4604 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

15:36:16.0212 4604 Psched - ok

15:36:16.0227 4604 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

15:36:16.0227 4604 ql2300 - ok

15:36:16.0243 4604 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

15:36:16.0243 4604 ql40xx - ok

15:36:16.0243 4604 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

15:36:16.0243 4604 QWAVE - ok

15:36:16.0258 4604 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

15:36:16.0258 4604 QWAVEdrv - ok

15:36:16.0258 4604 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

15:36:16.0258 4604 RasAcd - ok

15:36:16.0258 4604 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

15:36:16.0258 4604 RasAgileVpn - ok

15:36:16.0258 4604 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

15:36:16.0258 4604 RasAuto - ok

15:36:16.0274 4604 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

15:36:16.0274 4604 Rasl2tp - ok

15:36:16.0274 4604 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

15:36:16.0274 4604 RasMan - ok

15:36:16.0290 4604 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

15:36:16.0290 4604 RasPppoe - ok

15:36:16.0290 4604 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

15:36:16.0290 4604 RasSstp - ok

15:36:16.0290 4604 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

15:36:16.0290 4604 rdbss - ok

15:36:16.0305 4604 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

15:36:16.0305 4604 rdpbus - ok

15:36:16.0305 4604 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

15:36:16.0305 4604 RDPCDD - ok

15:36:16.0305 4604 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

15:36:16.0305 4604 RDPDR - ok

15:36:16.0321 4604 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

15:36:16.0321 4604 RDPENCDD - ok

15:36:16.0321 4604 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

15:36:16.0321 4604 RDPREFMP - ok

15:36:16.0321 4604 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

15:36:16.0321 4604 RdpVideoMiniport - ok

15:36:16.0321 4604 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

15:36:16.0336 4604 RDPWD - ok

15:36:16.0336 4604 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

15:36:16.0336 4604 rdyboost - ok

15:36:16.0336 4604 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

15:36:16.0336 4604 RemoteAccess - ok

15:36:16.0352 4604 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

15:36:16.0352 4604 RemoteRegistry - ok

15:36:16.0352 4604 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

15:36:16.0352 4604 RpcEptMapper - ok

15:36:16.0352 4604 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

15:36:16.0352 4604 RpcLocator - ok

15:36:16.0368 4604 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

15:36:16.0368 4604 RpcSs - ok

15:36:16.0368 4604 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

15:36:16.0368 4604 rspndr - ok

15:36:16.0383 4604 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

15:36:16.0383 4604 RTL8167 - ok

15:36:16.0383 4604 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

15:36:16.0383 4604 s3cap - ok

15:36:16.0383 4604 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

15:36:16.0383 4604 SamSs - ok

15:36:16.0399 4604 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

15:36:16.0399 4604 sbp2port - ok

15:36:16.0399 4604 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

15:36:16.0399 4604 SCardSvr - ok

15:36:16.0414 4604 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

15:36:16.0414 4604 scfilter - ok

15:36:16.0414 4604 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

15:36:16.0430 4604 Schedule - ok

15:36:16.0430 4604 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

15:36:16.0430 4604 SCPolicySvc - ok

15:36:16.0430 4604 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

15:36:16.0446 4604 SDRSVC - ok

15:36:16.0446 4604 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

15:36:16.0446 4604 secdrv - ok

15:36:16.0446 4604 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

15:36:16.0446 4604 seclogon - ok

15:36:16.0446 4604 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

15:36:16.0461 4604 SENS - ok

15:36:16.0461 4604 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

15:36:16.0461 4604 SensrSvc - ok

15:36:16.0461 4604 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

15:36:16.0461 4604 Serenum - ok

15:36:16.0461 4604 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

15:36:16.0461 4604 Serial - ok

15:36:16.0477 4604 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

15:36:16.0477 4604 sermouse - ok

15:36:16.0477 4604 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

15:36:16.0477 4604 SessionEnv - ok

15:36:16.0477 4604 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

15:36:16.0477 4604 sffdisk - ok

15:36:16.0492 4604 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

15:36:16.0492 4604 sffp_mmc - ok

15:36:16.0492 4604 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

15:36:16.0492 4604 sffp_sd - ok

15:36:16.0492 4604 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

15:36:16.0492 4604 sfloppy - ok

15:36:16.0492 4604 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

15:36:16.0508 4604 SharedAccess - ok

15:36:16.0508 4604 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:36:16.0508 4604 ShellHWDetection - ok

15:36:16.0524 4604 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

15:36:16.0524 4604 SiSRaid2 - ok

15:36:16.0524 4604 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

15:36:16.0524 4604 SiSRaid4 - ok

15:36:16.0524 4604 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

15:36:16.0524 4604 Smb - ok

15:36:16.0524 4604 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

15:36:16.0539 4604 SNMPTRAP - ok

15:36:16.0539 4604 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

15:36:16.0539 4604 spldr - ok

15:36:16.0539 4604 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

15:36:16.0555 4604 Spooler - ok

15:36:16.0586 4604 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

15:36:16.0633 4604 sppsvc - ok

15:36:16.0633 4604 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

15:36:16.0633 4604 sppuinotify - ok

15:36:16.0633 4604 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

15:36:16.0648 4604 srv - ok

15:36:16.0648 4604 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

15:36:16.0648 4604 srv2 - ok

15:36:16.0664 4604 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

15:36:16.0664 4604 srvnet - ok

15:36:16.0664 4604 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

15:36:16.0664 4604 SSDPSRV - ok

15:36:16.0680 4604 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

15:36:16.0680 4604 SstpSvc - ok

15:36:16.0680 4604 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

15:36:16.0680 4604 stexstor - ok

15:36:16.0680 4604 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

15:36:16.0695 4604 stisvc - ok

15:36:16.0695 4604 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

15:36:16.0695 4604 storflt - ok

15:36:16.0695 4604 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

15:36:16.0695 4604 storvsc - ok

15:36:16.0695 4604 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

15:36:16.0695 4604 swenum - ok

15:36:16.0711 4604 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

15:36:16.0711 4604 swprv - ok

15:36:16.0711 4604 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys

15:36:16.0726 4604 Synth3dVsc - ok

15:36:16.0742 4604 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

15:36:16.0758 4604 SysMain - ok

15:36:16.0773 4604 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:36:16.0773 4604 TabletInputService - ok

15:36:16.0773 4604 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

15:36:16.0789 4604 TapiSrv - ok

15:36:16.0789 4604 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

15:36:16.0789 4604 TBS - ok

15:36:16.0804 4604 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

15:36:16.0820 4604 Tcpip - ok

15:36:16.0836 4604 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

15:36:16.0851 4604 TCPIP6 - ok

15:36:16.0851 4604 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

15:36:16.0851 4604 tcpipreg - ok

15:36:16.0867 4604 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

15:36:16.0867 4604 TDPIPE - ok

15:36:16.0867 4604 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

15:36:16.0867 4604 TDTCP - ok

15:36:16.0867 4604 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

15:36:16.0867 4604 tdx - ok

15:36:16.0867 4604 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

15:36:16.0867 4604 TermDD - ok

15:36:16.0882 4604 [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt C:\Windows\system32\drivers\terminpt.sys

15:36:16.0882 4604 terminpt - ok

15:36:16.0882 4604 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

15:36:16.0898 4604 TermService - ok

15:36:16.0898 4604 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

15:36:16.0898 4604 Themes - ok

15:36:16.0898 4604 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

15:36:16.0914 4604 THREADORDER - ok

15:36:16.0914 4604 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

15:36:16.0914 4604 TrkWks - ok

15:36:16.0914 4604 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:36:16.0914 4604 TrustedInstaller - ok

15:36:16.0929 4604 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

15:36:16.0929 4604 tssecsrv - ok

15:36:16.0929 4604 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

15:36:16.0929 4604 TsUsbFlt - ok

15:36:16.0929 4604 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

15:36:16.0929 4604 TsUsbGD - ok

15:36:16.0929 4604 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys

15:36:16.0929 4604 tsusbhub - ok

15:36:16.0945 4604 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

15:36:16.0945 4604 tunnel - ok

15:36:16.0945 4604 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

15:36:16.0945 4604 uagp35 - ok

15:36:16.0945 4604 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

15:36:16.0945 4604 udfs - ok

15:36:16.0960 4604 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

15:36:16.0960 4604 UI0Detect - ok

15:36:16.0960 4604 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

15:36:16.0960 4604 uliagpkx - ok

15:36:16.0976 4604 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

15:36:16.0976 4604 umbus - ok

15:36:16.0976 4604 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

15:36:16.0976 4604 UmPass - ok

15:36:16.0976 4604 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

15:36:16.0976 4604 UmRdpService - ok

15:36:16.0992 4604 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

15:36:16.0992 4604 upnphost - ok

15:36:16.0992 4604 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

15:36:16.0992 4604 usbaudio - ok

15:36:17.0007 4604 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

15:36:17.0007 4604 usbccgp - ok

15:36:17.0007 4604 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

15:36:17.0007 4604 usbcir - ok

15:36:17.0007 4604 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

15:36:17.0007 4604 usbehci - ok

15:36:17.0023 4604 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

15:36:17.0023 4604 usbhub - ok

15:36:17.0023 4604 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

15:36:17.0023 4604 usbohci - ok

15:36:17.0023 4604 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

15:36:17.0023 4604 usbprint - ok

15:36:17.0023 4604 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

15:36:17.0023 4604 usbscan - ok

15:36:17.0038 4604 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:36:17.0038 4604 USBSTOR - ok

15:36:17.0038 4604 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

15:36:17.0038 4604 usbuhci - ok

15:36:17.0038 4604 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

15:36:17.0038 4604 UxSms - ok

15:36:17.0038 4604 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

15:36:17.0038 4604 VaultSvc - ok

15:36:17.0054 4604 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

15:36:17.0054 4604 vdrvroot - ok

15:36:17.0054 4604 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

15:36:17.0070 4604 vds - ok

15:36:17.0070 4604 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

15:36:17.0070 4604 vga - ok

15:36:17.0070 4604 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

15:36:17.0070 4604 VgaSave - ok

15:36:17.0070 4604 VGPU - ok

15:36:17.0070 4604 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

15:36:17.0085 4604 vhdmp - ok

15:36:17.0085 4604 VIAHdAudAddService - ok

15:36:17.0085 4604 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

15:36:17.0085 4604 viaide - ok

15:36:17.0085 4604 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

15:36:17.0085 4604 vmbus - ok

15:36:17.0101 4604 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

15:36:17.0101 4604 VMBusHID - ok

15:36:17.0101 4604 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

15:36:17.0101 4604 volmgr - ok

15:36:17.0101 4604 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

15:36:17.0101 4604 volmgrx - ok

15:36:17.0116 4604 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

15:36:17.0116 4604 volsnap - ok

15:36:17.0116 4604 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

15:36:17.0116 4604 vsmraid - ok

15:36:17.0148 4604 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

15:36:17.0148 4604 VSS - ok

15:36:17.0148 4604 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

15:36:17.0148 4604 vwifibus - ok

15:36:17.0163 4604 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

15:36:17.0163 4604 W32Time - ok

15:36:17.0163 4604 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

15:36:17.0163 4604 WacomPen - ok

15:36:17.0179 4604 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

15:36:17.0179 4604 WANARP - ok

15:36:17.0179 4604 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

15:36:17.0179 4604 Wanarpv6 - ok

15:36:17.0194 4604 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

15:36:17.0210 4604 WatAdminSvc - ok

15:36:17.0226 4604 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

15:36:17.0241 4604 wbengine - ok

15:36:17.0241 4604 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

15:36:17.0257 4604 WbioSrvc - ok

15:36:17.0257 4604 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

15:36:17.0257 4604 wcncsvc - ok

15:36:17.0272 4604 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:36:17.0272 4604 WcsPlugInService - ok

15:36:17.0272 4604 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

15:36:17.0272 4604 Wd - ok

15:36:17.0288 4604 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

15:36:17.0288 4604 Wdf01000 - ok

15:36:17.0288 4604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

15:36:17.0304 4604 WdiServiceHost - ok

15:36:17.0304 4604 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

15:36:17.0304 4604 WdiSystemHost - ok

15:36:17.0304 4604 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

15:36:17.0319 4604 WebClient - ok

15:36:17.0319 4604 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

15:36:17.0319 4604 Wecsvc - ok

15:36:17.0319 4604 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

15:36:17.0319 4604 wercplsupport - ok

15:36:17.0335 4604 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

15:36:17.0335 4604 WerSvc - ok

15:36:17.0335 4604 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

15:36:17.0335 4604 WfpLwf - ok

15:36:17.0335 4604 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

15:36:17.0335 4604 WIMMount - ok

15:36:17.0350 4604 WinDefend - ok

15:36:17.0350 4604 WinHttpAutoProxySvc - ok

15:36:17.0350 4604 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

15:36:17.0366 4604 Winmgmt - ok

15:36:17.0382 4604 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

15:36:17.0397 4604 WinRM - ok

15:36:17.0413 4604 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

15:36:17.0428 4604 Wlansvc - ok

15:36:17.0428 4604 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

15:36:17.0428 4604 WmiAcpi - ok

15:36:17.0428 4604 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

15:36:17.0428 4604 wmiApSrv - ok

15:36:17.0428 4604 WMPNetworkSvc - ok

15:36:17.0444 4604 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

15:36:17.0444 4604 WPCSvc - ok

15:36:17.0444 4604 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

15:36:17.0444 4604 WPDBusEnum - ok

15:36:17.0444 4604 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

15:36:17.0444 4604 ws2ifsl - ok

15:36:17.0460 4604 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

15:36:17.0460 4604 wscsvc - ok

15:36:17.0460 4604 WSearch - ok

15:36:17.0491 4604 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

15:36:17.0491 4604 wuauserv - ok

15:36:17.0506 4604 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

15:36:17.0506 4604 WudfPf - ok

15:36:17.0506 4604 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

15:36:17.0506 4604 wudfsvc - ok

15:36:17.0522 4604 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

15:36:17.0522 4604 WwanSvc - ok

15:36:17.0522 4604 ================ Scan global ===============================

15:36:17.0522 4604 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

15:36:17.0538 4604 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

15:36:17.0538 4604 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

15:36:17.0538 4604 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

15:36:17.0553 4604 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

15:36:17.0553 4604 [Global] - ok

15:36:17.0553 4604 ================ Scan MBR ==================================

15:36:17.0553 4604 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

15:36:17.0631 4604 \Device\Harddisk0\DR0 - ok

15:36:17.0631 4604 ================ Scan VBR ==================================

15:36:17.0631 4604 [ 239F97050034D5C761AB2DCE87B3BDA1 ] \Device\Harddisk0\DR0\Partition1

15:36:17.0631 4604 \Device\Harddisk0\DR0\Partition1 - ok

15:36:17.0631 4604 [ F68083C969310E714C362B40B53C831E ] \Device\Harddisk0\DR0\Partition2

15:36:17.0631 4604 \Device\Harddisk0\DR0\Partition2 - ok

15:36:17.0631 4604 ============================================================

15:36:17.0631 4604 Scan finished

15:36:17.0631 4604 ============================================================

15:36:17.0647 3248 Detected object count: 0

15:36:17.0647 3248 Actual detected object count: 0

[Deeter]

Here is the rogue killer report. It found 2 items.

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : n [Admin rights]

Mode : Scan -- Date : 03/12/2013 16:11:45

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D967BCD4-7095-4CCB-

8154-F8630495EB7E} : NameServer (8.26.56.26,8.20.247.20) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{D967BCD4-7095-4CCB-

8154-F8630495EB7E} : NameServer (8.26.56.26,8.20.247.20) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1)

-> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1)

-> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: MKNSSDCR120GB ATA Device +++++

--- User ---

[MBR] 90caabd5a02593aa93b7586638a26408

[bSP] 7daaa6eec4392aeffbecdd118806e365 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_03122013_02d1611.txt >>

RKreport[1]_S_03122013_02d1611.txt

[Maurice Naggar]

Please -only- use NOTEPAD when opening and copying contents of logs. Not wordpad nor any other app.

Task 1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Task 2

• Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• Right-Click RogueKiller and select Run as Administrator.
  
• Wait until Prescan finishes.
  
• On the RogueKiller console, click the DNSFix tab.
  Put a check next to all of these and uncheck the rest: (if found)
  [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{D967BCD4-7095-4CCB-8154-F8630495EB7E} : NameServer (8.26.56.26,8.20.247.20)
  [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{D967BCD4-7095-4CCB-8154-F8630495EB7E} : NameServer (8.26.56.26,8.20.247.20)
  
  
• Then click on Delete on the right hand column under Options.
  
• When done, logoff & Restart the system.
• The log will be found as RKreport
  Copy & Paste the contents into next reply.

Task 3

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

• Turn OFF your antivirus program.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  
• If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.
  
• Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.
  
• You will see a screen similar to this:
  
  Click the checkbox to participate, and then click on Continue button.
  
• Next
  
  Click on Select onjects for scanning
  
• Next
  
  Put a checkmark by clicking on the boxes as shown.
  Do not select Temporary files or System Restore points.
  Then click on Start scanning button
  
• The scan in progress will be shown like this
  
  
• IF something is detected, you will see a screen similar to this
  
  For each item "detected", click on the Action column down arrow, like this
  
  Your options will be Cure or Ignore
  IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
  Typically, you will keep the Cute default.
  Then click on the Neutralize button.
  
• When the actions are completed, you will see this
  
  
• Click on the green Open Report line. It will pop-up the report in NOTEPAD.
  Save the report to your desktop. The report will be called Cureit.log
  
• Close Dr.Web Cureit.
  
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  
• After reboot, attach the log Cureit.log you saved previously in your next reply.
  

Re-Enable your antivirus program when all done.

[Deeter]

I noticed that you said I should use rogue killer to delete those two name server things. I would like to note that I did set my pc to hook to the comodo DNS servers, which correspond to those numbers.

Does this change anything? Was a virus found or the result of one or did these detection software-s view my alteration to connect to the comodo DNS as something that was wrong?

[Maurice Naggar]

Then if you have not run Roguekiller, scratch that part. and do the rest of what I outlined.

It would now appear that that was a false catch from roguekiller.

If you have done the roguekiller bit, can you restore your comodo DNS.

[Deeter]

R. Kill

I tried running this program both ways.

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/13/2013 01:08:27 PM in x64 mode.

Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:

C:\Users\n\Desktop\rkill\rkill-03-13-2013-01-08-29.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/13/2013 01:08:35 PM

Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

And here's the second time I ran it with the alternate download

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/13/2013 01:09:54 PM in x64 mode.

Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/13/2013 01:10:02 PM

Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

[Deeter]

I ran rogue killer again to see what it would do. And I got the same two (they look the same) warnings I got when I first ran it. A screen shot is attached.

The DNS tab showed nothing.

[Deeter]

I ran Dr. Web 3 times. (actually I started it 5 times and ran the scan 3 times. The first two times I had windows in the way of the instructions so I had to close it and move them and then start it up again to scan).

The first time it found nothing, but I could not find the report button.

The second time it found something, which I think was just an alternate copy of one of the downloads you linked to (I must have downloaded it twice without realizing), and this time I realized there was no report button. An image of this is attached.

The third time it found nothing, and a there still was no report button.

[Maurice Naggar]

The Roguekiller: Notepad is not a malware. Let's treat that as a false positive. We are finished with roguekiller.

On the DrWeb Cure-It: one has to click on the link (on the 1st run) for the report. If you do not have a report, we will move on. We are done with DrWeb. Let's move on.

What I really need to know from you: is the system able to connect to internet ok?

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  explorer.exe

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

and I'd like for you to start your Kaspersky antivirus. Do an Update run to get all current.

Then do a scan of your system. Does the result show an infected item?

If so, what specifically?

Then also, How is the system now as it relates to your original issue. Detail is appreciated & desired.

Edited March 14, 2013 by Maurice Naggar
scans added

[Deeter]

SystemLook 30.07.11 by jpshortstuff

Log created at 12:47 on 14/03/2013 by n

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate

results.

========== filefind ==========

Searching for "explorer.exe"

C:\Windows\explorer.exe --a---- 2871808 bytes [03:15 11/11/2012] [06:19

25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\explorer.exe --a---- 2616320 bytes [03:15

11/11/2012] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\SysWOW64\explorer.exe --a---- 2616320 bytes [03:15

11/11/2012] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

--a---- 2872320 bytes [03:24 21/11/2010] [03:24 21/11/2010]

AC4C51EB24AA95B77F705AB159189E24

C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

--a---- 2871808 bytes [03:15 11/11/2012] [06:19 25/02/2011]

332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\amd64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

--a---- 2871808 bytes [03:15 11/11/2012] [06:14 26/02/2011]

3B69712041F3D63605529BD66DC00C48

C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

--a---- 2616320 bytes [03:24 21/11/2010] [03:24 21/11/2010]

40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

--a---- 2616320 bytes [03:15 11/11/2012] [05:30 25/02/2011]

8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\winsxs\wow64_microsoft-windows-

explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

--a---- 2616320 bytes [03:15 11/11/2012] [05:19 26/02/2011]

0FB9C74046656D1579A64660AD67B746

-= EOF =-

[Deeter]

I scanned with Kaspersky Pure 3.0 and found nothing.

The problems that I can recall are

1) The scans by Kaspersky Internet Security 2013 would not complete. They would get stuck several thousand files in. I could not abort these scans either. I would click the stop button and the scan would just keep running, stuck on whatever file it was stuck on. I upgraded to Kaspersky Pure 3.0 and it's scans do work and finish.

2) Ever since I went from Kaspersky Internet Security 2012 to the 2013 version (and now to Pure 3.0) Kaspersky has been slow to start up. The best time I can get is a 4 second start up time.

[Maurice Naggar]

I presume you purchased Kaspersky. So I would urge you to make use of Kaspersky's consumer support website and ask for help on that.

Next

Windows services

This will be a batch-fix .

• Press the Windows-key on keyboard.
  
• In the box, type notepad and press Enter.
  
• Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
  

  @Echo off
  sc stop wuauserv
  sc stop bits
  sc config dcomlaunch start= auto
  sc config nsi start= auto
  sc config dhcp start= auto
  sc config rpcss start= auto
  sc config winmgmt start= auto
  sc config wscsvc start= delayed-auto
  sc config bits start= delayed-auto
  sc config wuauserv start= delayed-auto
  sc config sdrsvc start= manual
  sc config vss start= auto
  sc config eventlog start= auto
  sc config bfe start= auto
  sc config eventsystem start= auto
  sc start sdrsvc
  sc start vss
  sc start rpcss
  sc start eventsystem
  sc start bfe
  sc start bits
  sc start wuauserv
  shutdown -r -t 1
  del %0

  
  

• Select File -> Save AS.
  
• Press the Desktop button on the left side of the save dialog.
  
• In the box, type in Fix.bat.
  
• Press .
  
• Close Notepad.
  
• Right click Fix.bat on your desktop, and choose .
  
• Press Yes if prompted by User Account Control.
  

This procedure will do its tasks and then it will Restart Windows.

Task 2

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your Kaspersky antivirus program

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Task 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

• Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Enable (check) the Remove found threats option, and run the scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

  Look at contents of this file using Notepad.

  The Frequently Asked Questions for ESET Online Scanner can be viewed here

  http://go.eset.com/us/online-scanner/faq

  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break
    

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Tell me, How is the system ? Are there any "malware" infection suspicions on your part? if so, Why ?

[Deeter]

I did task number one. What does it do?

And I did what you said with malwarebytes, and I did a full scan and flash scan (I did a flash and a memory scan before remembering to close some other programs(I will post their contents in the next post). Then I did all three scans with all other programs closed.

The third task I am not so comfortable with doing.

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

n :: N-PC [administrator]

Protection: Enabled

3/15/2013 1:58:23 PM

mbam-log-2013-03-15 (13-58-23).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 336051

Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

n :: N-PC [administrator]

Protection: Enabled

3/15/2013 1:57:51 PM

mbam-log-2013-03-15 (13-57-51).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: Registry | File System

Objects scanned: 200743

Time elapsed: 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

n :: N-PC [administrator]

Protection: Enabled

3/15/2013 1:56:46 PM

mbam-log-2013-03-15 (13-56-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 226580

Time elapsed: 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[Deeter]

Here are the first two scans I did before I remembered to close paint.

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

n :: N-PC [administrator]

Protection: Enabled

3/15/2013 1:53:42 PM

mbam-log-2013-03-15 (13-53-42).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 226582

Time elapsed: 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.15.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

n :: N-PC [administrator]

Protection: Enabled

3/15/2013 1:55:06 PM

mbam-log-2013-03-15 (13-55-06).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: Registry | File System

Objects scanned: 200745

Time elapsed: 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[Deeter]

And as for whether or not I think I have viruses, I have no idea. I noticed odd things with my system (listed in that thread I linked to at the beginning of this topic) and was told to come here.

[Maurice Naggar]

ref

I did task number one. What does it do?

It resets several windows services to normal settings, including windows update.

I am looking forward to getting from you the result of the ESET online scan. For my review.

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

After that, please do this:

Once FSS is on-screen, be sure the following items are checkmarked:

• Internet Services
  
• Windows Firewall
  
• System Restore
  
• Security Center/Action Center
  
• Windows Update
  
• Windows Defender
  
• Other services
  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

[Deeter]

What

ref

It resets several windows services to normal settings, including windows update.

I am looking forward to getting from you the result of the ESET online scan. For my review.

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

After that, please do this:

Once FSS is on-screen, be sure the following items are checkmarked:

• Internet Services
  
• Windows Firewall
  
• System Restore
  
• Security Center/Action Center
  
• Windows Update
  
• Windows Defender
  
• Other services
  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

What does this do?

And I can't bring myself to connect to the net with my AV off for that eset scan. That's just, not good.

[Maurice Naggar]

FSS generates a report on windows services. Please do that.

The ESET is an antivirus check, online scan. It is important that the antivirus of yours be off while the ESET runs.

After ESET finishes, you can turn back on your a-v.