Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Errors, 100% cpu, drive, dns issues, change home url - Infect Dunno by What


  • This topic is locked This topic is locked
8 replies to this topic

#1 _spamSauce

_spamSauce

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 23 August 2012 - 01:15 PM

Hi,

More explained in my post here (http://www.bleepingcomputer.com/forums/topic466190.html) but I was told to come here and explain

I have problems with laptop, everything is at 100% (cpu, memory at 8 gigs, hard drive writing all the time). Everything is slow. I took out the fan and cleaned it , cpu temperature went down but computer continue to blue screen once every few days and crash. I ran virus killers and they always find 30+ infections, clean them to no avail.

I formatted 3 times, but I have to keep important files on Drive D while I format C and somehow a month later the symptoms re-escalate enough to make formatting the only option. My log is full of DNS related errors and critical errors. Having 20 errors each hour is normal.

It all started when I downloaded an infected file. Now I have problems even doing school assignments since everything is in slow motion and freezes with intermittently working internet.

The home page to explorer changed sometimes, but after last batch of viruses were found it stopped doing that. But something is wrong, I don't know where all these viruses come from, its as if there is an oped back door and various teams just plant them here.

_______________________________________________________

Step 6 (where I was told to start) ... I ran Defogger. It did what its supposed to do. and didn't ask me to reboot.

I have a 64 bit system so no Gmer log, but here are two logs from dds

-----
Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 6.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



---

Thanks,

N

Attached Files


Edited by _spamSauce, 23 August 2012 - 01:22 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 27 August 2012 - 12:01 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 _spamSauce

_spamSauce
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 27 August 2012 - 02:26 AM

Hi Gringo,

Thank you for taking your time. I appreciate it. Three days ago I re-installed, but the problems returned within 1 day after I re-installed all my files from the D drive. I thought I could zip them and password protect them, and keep the crap off them.

I immediately installed EAT32 (or something like that) for a virus protector. And 1 day later all heck broke loose - network got to 100%, everything got to 100% and froze me. It was like it was possessed. and it went on for an hour or so. And then like magic it was gone, but then I see firewall is turned off and homepage of explorer bar is not google.com, what i always set it to.

I looked at process explorer and i had 120 instead of 36 processes, and on the network scanner there was activity without stop and and when it was over that virus thing picked up on 20 things and froze. So i reboot kill em since I have no idea, what that stuff is, its on Drive D (my storage drive).

So I ran your stuff today, and I turned off the EAT32 killer, and turned off the firewall, set em for 1 hour wait since your instructions don't help me find how to completely turn it off and it wont let me Ctrl Del Alt > kill the process. Well Combo fix on step 12, and the virus killer self activated and started killing viruses it said it kept finding.

But Combo Fix (which by the way decided to update itself, which i never seen), Combofix it don't seem to mind, just going up the steps. Then my power goes out, and I don't got a battery in my laptop. So it dies and I thinking that Combofix be angry fo sure.

Well I get the ole generator running, and turn the thing back on. And what u know, Combofix still there when Windows boots up, and still on same step, it waited for a bit then continues to do its thing. Well I said, shooo, that boy sure is strong. But what was strange, is that it took longer for it to print its report than it did to do its scan, 20 minutes I think. So first here is that other thing you wanted. And then it be the Combofix. Thank you.

========================
---------------------------------------------Security Check LOG BELOW
========================

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security 6.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 6
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
windows defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````

******** (MY note: This program never closed after giving me log in DOS, had to hit X after 1 hour or more.

========================
---------------------------------------------COMBOFIX LOG BELOW
========================


ComboFix 12-08-25.04 - master 08/27/2012 13:41:34.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6005.4303 [GMT 7:00]
Running from: c:\users\master\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-27 06:54 . 2012-08-27 06:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-27 05:34 . 2010-09-03 10:36 196608 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-08-27 05:34 . 2010-09-03 10:35 30208 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-08-27 05:34 . 2010-08-24 15:53 91648 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-08-27 05:34 . 2010-07-27 08:26 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-08-27 05:34 . 2010-07-27 08:26 54784 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-08-27 05:34 . 2010-05-04 09:50 22528 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-08-27 05:34 . 2009-07-14 07:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-08-27 05:34 . 2009-07-14 07:21 1721576 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2012-08-27 05:33 . 2010-05-10 07:22 999936 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-08-27 05:33 . 2010-03-20 05:06 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-08-27 05:33 . 2010-08-31 11:09 256000 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-08-27 05:33 . 2010-08-07 10:49 121600 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-08-27 05:33 . 2010-01-18 11:48 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-08-27 05:33 . 2010-07-27 02:52 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-08-27 05:33 . 2012-08-27 05:42 -------- d-----w- c:\program files (x86)\Metfone 3G
2012-08-27 05:33 . 2012-08-27 06:21 -------- d-----w- c:\programdata\DatacardService
2012-08-26 17:42 . 2012-08-26 17:42 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-26 17:12 . 2012-08-26 17:12 -------- d-----w- c:\program files (x86)\Conduit
2012-08-26 17:12 . 2012-08-26 17:12 -------- d-----w- c:\program files (x86)\BitTorrent
2012-08-25 14:25 . 2012-08-10 07:25 -------- d-----w- C:\Konzept WP
2012-08-25 13:56 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-08-25 13:56 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-25 13:56 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-08-25 13:56 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-08-25 13:56 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-08-25 13:56 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-08-25 13:56 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-08-25 13:56 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-08-25 13:56 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-08-25 13:56 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-08-25 13:56 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-08-25 13:56 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2012-08-25 12:30 . 2012-08-25 12:30 -------- d-----w- c:\program files\WinRAR
2012-08-25 05:05 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-08-25 05:05 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-08-25 05:05 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-08-25 05:05 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-08-25 05:05 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-08-25 05:05 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-08-25 05:05 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-08-25 00:47 . 2012-08-25 00:47 -------- d-----w- c:\program files (x86)\PuTTY
2012-08-24 21:44 . 2012-08-24 21:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-24 21:44 . 2012-08-24 21:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-24 21:44 . 2012-08-24 21:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 21:44 . 2012-08-24 21:44 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-24 21:44 . 2012-08-24 21:44 -------- d-----w- c:\program files (x86)\Java
2012-08-24 16:58 . 2012-08-24 16:58 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-08-24 14:34 . 2012-08-24 14:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-24 14:34 . 2012-08-24 14:34 -------- d-----r- c:\program files (x86)\Skype
2012-08-24 14:33 . 2012-08-24 14:34 -------- d-----w- c:\programdata\Skype
2012-08-24 13:22 . 2012-08-27 06:26 -------- d-----w- c:\program files (x86)\Everything
2012-08-24 12:18 . 2012-08-24 12:18 -------- d-----w- c:\windows\system32\Macromed
2012-08-24 12:18 . 2012-08-24 12:18 -------- d-----w- c:\programdata\ALM
2012-08-24 12:11 . 2012-08-24 12:17 -------- d-----w- c:\program files\Adobe
2012-08-24 12:09 . 2012-08-24 12:09 -------- d-----w- c:\windows\SysWow64\Macromed
2012-08-24 12:08 . 2012-08-24 12:18 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-24 12:02 . 2012-08-24 13:28 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-08-24 11:58 . 2012-08-24 11:58 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-08-24 11:42 . 2012-08-24 11:42 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-08-24 11:38 . 2012-08-23 20:55 -------- d-----w- c:\windows\Panther
2012-08-24 10:41 . 2012-08-24 10:41 0 ----a-w- c:\windows\ativpsrm.bin
2012-08-24 08:31 . 2012-08-24 08:31 -------- d-----w- c:\program files\Notepad2
2012-08-24 08:30 . 2008-12-21 16:22 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-24 08:30 . 2008-12-21 16:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-24 08:30 . 2008-12-21 16:22 1047552 ----a-w- c:\windows\SysWow64\mfc71u.dll
2012-08-24 08:30 . 2012-08-24 08:30 -------- d-----w- c:\program files (x86)\WinMerge
2012-08-24 08:25 . 2012-08-24 12:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-24 08:16 . 2012-08-24 08:16 -------- d-----w- c:\windows\SysWow64\Wat
2012-08-24 08:16 . 2012-08-24 08:16 -------- d-----w- c:\windows\system32\Wat
2012-08-24 08:15 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-08-24 08:15 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-08-24 08:15 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-08-24 07:26 . 2012-08-19 18:53 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CEA06AE-2CED-4A41-B162-6996827FD69F}\mpengine.dll
2012-08-24 06:57 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-24 06:57 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-24 06:57 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-24 06:57 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:57 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-24 06:57 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 06:57 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-24 06:50 . 2012-08-02 21:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 06:46 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2012-08-24 06:45 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-24 06:44 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-08-24 06:44 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-08-24 06:44 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-08-24 06:44 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-08-24 06:44 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-08-24 06:44 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-24 06:44 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-24 06:42 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-08-24 06:42 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-08-24 06:42 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-08-24 06:42 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-08-24 06:42 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-08-24 06:42 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-08-24 06:42 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-08-24 06:42 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-08-24 06:40 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2012-08-24 06:39 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-08-24 06:38 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-24 06:37 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-24 06:37 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-24 06:31 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-08-24 06:31 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-08-24 06:29 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-08-24 06:29 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-08-24 06:29 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-08-24 06:29 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-08-24 06:29 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-08-24 06:29 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-08-24 06:28 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-08-24 06:28 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-08-24 06:28 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-08-24 06:28 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-08-24 05:57 . 2012-08-24 05:57 -------- d-----w- c:\program files\Common Files\DESIGNER
2012-08-24 05:57 . 2012-08-26 18:10 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-08-24 05:57 . 2012-08-24 05:57 -------- d-----w- c:\windows\PCHEALTH
2012-08-24 05:54 . 2012-08-24 05:54 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-08-24 05:54 . 2012-08-24 05:54 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-08-24 05:54 . 2012-08-26 01:33 -------- d-----w- c:\programdata\Microsoft Help
2012-08-24 05:54 . 2012-08-24 05:57 -------- d-----w- c:\program files\Microsoft Office
2012-08-24 05:53 . 2012-08-24 05:53 -------- d-----r- C:\MSOCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 09:34 . 2012-06-14 09:34 62536 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2012-06-14 09:34 . 2012-06-14 09:34 38328 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2012-06-14 09:34 . 2012-06-14 09:34 188696 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-06-14 09:33 . 2012-06-14 09:33 149592 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-06-14 09:33 . 2012-06-14 09:33 211344 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-05-31 05:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}"= "c:\program files (x86)\BitTorrentControl_v12\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentControl_v12\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}"= "c:\program files (x86)\BitTorrentControl_v12\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\master\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\master\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\master\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_Metfone 3G"="c:\program files (x86)\Metfone 3G\UpdateDog\ouc.exe" [2009-07-27 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
c:\users\master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\master\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]
.
c:\users\master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
_uninst_77458061.lnk - c:\users\master\AppData\Local\Temp\_uninst_77458061.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 256000]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-17 7680512]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-24 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-06-14 62536]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-06-14 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-06-14 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-06-14 38328]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 Apache2.4;Apache2.4;d:\xampp\apache\bin\httpd.exe [2012-06-06 22016]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-09-29 249856]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-06-14 1288104]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 86016]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948275646-3643839054-1480880921-1000Core.job
- c:\users\master\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 04:59]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948275646-3643839054-1480880921-1000UA.job
- c:\users\master\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 04:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\master\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\master\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\master\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\master\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-13 10144288]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-06-14 5634800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3225826
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{546478B4-B022-4DF4-80F0-670C3C168957}: NameServer = 117.120.24.1 203.113.131.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\xampp\mysql\bin\mysqld.exe
c:\users\master\AppData\Roaming\Metfone 3G\ouc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-27 13:59:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-27 06:59
.
Pre-Run: 105,875,943,424 bytes free
Post-Run: 105,708,052,480 bytes free
.
- - End Of File - - 440B60FBFF18B5C8AD39614DC4299B41

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 27 August 2012 - 03:45 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 _spamSauce

_spamSauce
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 27 August 2012 - 09:39 AM

Hi,

Here are the things you wanted. I have to say that after running the last one, or maybe the one in previous writeup, even though it took 6 hours to finish, it isn't going as wild as before. It seems more relaxed for a lack of a better word. It sounded before like it was getting molested and now its not freezing as often.

Here are the logs:

16:15:57.0043 2148 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:15:57.0839 2148 ============================================================
16:15:57.0839 2148 Current date / time: 2012/08/27 16:15:57.0839
16:15:57.0839 2148 SystemInfo:
16:15:57.0839 2148
16:15:57.0839 2148 OS Version: 6.1.7601 ServicePack: 1.0
16:15:57.0839 2148 Product type: Workstation
16:15:57.0839 2148 ComputerName: MASTER-PC
16:15:57.0839 2148 UserName: master
16:15:57.0839 2148 Windows directory: C:\Windows
16:15:57.0839 2148 System windows directory: C:\Windows
16:15:57.0839 2148 Running under WOW64
16:15:57.0839 2148 Processor architecture: Intel x64
16:15:57.0839 2148 Number of processors: 4
16:15:57.0839 2148 Page size: 0x1000
16:15:57.0839 2148 Boot type: Normal boot
16:15:57.0839 2148 ============================================================
16:15:58.0182 2148 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:15:58.0182 2148 ============================================================
16:15:58.0182 2148 \Device\Harddisk0\DR0:
16:15:58.0182 2148 MBR partitions:
16:15:58.0182 2148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:15:58.0182 2148 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x12539800
16:15:58.0197 2148 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1256C70F, BlocksNum 0x321427B2
16:15:58.0197 2148 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x6, StartLBA 0x446AF000, BlocksNum 0x61A8800
16:15:58.0197 2148 ============================================================
16:15:58.0229 2148 C: <-> \Device\Harddisk0\DR0\Partition2
16:15:58.0260 2148 D: <-> \Device\Harddisk0\DR0\Partition3
16:15:58.0291 2148 ============================================================
16:15:58.0291 2148 Initialize success
16:15:58.0291 2148 ============================================================
16:16:10.0085 1824 ============================================================
16:16:10.0085 1824 Scan started
16:16:10.0085 1824 Mode: Manual; SigCheck; TDLFS;
16:16:10.0085 1824 ============================================================
16:16:10.0303 1824 ================ Scan system memory ========================
16:16:10.0303 1824 System memory - ok
16:16:10.0303 1824 ================ Scan services =============================
16:16:10.0475 1824 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:16:10.0568 1824 1394ohci - ok
16:16:10.0584 1824 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:16:10.0599 1824 ACPI - ok
16:16:10.0631 1824 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:16:10.0724 1824 AcpiPmi - ok
16:16:10.0771 1824 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:16:10.0802 1824 adp94xx - ok
16:16:10.0833 1824 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:16:10.0849 1824 adpahci - ok
16:16:10.0849 1824 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:16:10.0865 1824 adpu320 - ok
16:16:10.0896 1824 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:16:11.0099 1824 AeLookupSvc - ok
16:16:11.0161 1824 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:16:11.0177 1824 AERTFilters - ok
16:16:11.0239 1824 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:16:11.0301 1824 AFD - ok
16:16:11.0348 1824 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:16:11.0379 1824 agp440 - ok
16:16:11.0411 1824 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:16:11.0473 1824 ALG - ok
16:16:11.0504 1824 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:16:11.0535 1824 aliide - ok
16:16:11.0598 1824 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:16:11.0676 1824 AMD External Events Utility - ok
16:16:11.0707 1824 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:16:11.0723 1824 amdide - ok
16:16:11.0754 1824 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:16:11.0785 1824 AmdK8 - ok
16:16:12.0019 1824 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:16:12.0175 1824 amdkmdag - ok
16:16:12.0191 1824 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:16:12.0222 1824 amdkmdap - ok
16:16:12.0253 1824 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:16:12.0284 1824 AmdPPM - ok
16:16:12.0315 1824 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:16:12.0331 1824 amdsata - ok
16:16:12.0347 1824 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:16:12.0362 1824 amdsbs - ok
16:16:12.0378 1824 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:16:12.0393 1824 amdxata - ok
16:16:12.0518 1824 [ 44EE9285880603E2C7550541EA698D8D ] Apache2.4 d:\xampp\apache\bin\httpd.exe
16:16:12.0549 1824 Apache2.4 ( UnsignedFile.Multi.Generic ) - warning
16:16:12.0549 1824 Apache2.4 - detected UnsignedFile.Multi.Generic (1)
16:16:12.0581 1824 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:16:12.0737 1824 AppID - ok
16:16:12.0768 1824 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:16:12.0799 1824 AppIDSvc - ok
16:16:12.0815 1824 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:16:12.0908 1824 Appinfo - ok
16:16:12.0955 1824 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:16:13.0017 1824 AppMgmt - ok
16:16:13.0049 1824 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:16:13.0064 1824 arc - ok
16:16:13.0064 1824 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:16:13.0095 1824 arcsas - ok
16:16:13.0111 1824 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:16:13.0189 1824 AsyncMac - ok
16:16:13.0236 1824 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:16:13.0251 1824 atapi - ok
16:16:13.0485 1824 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:16:13.0610 1824 atikmdag - ok
16:16:13.0673 1824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:16:13.0751 1824 AudioEndpointBuilder - ok
16:16:13.0782 1824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:16:13.0829 1824 AudioSrv - ok
16:16:13.0844 1824 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:16:13.0891 1824 AxInstSV - ok
16:16:13.0938 1824 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:16:13.0969 1824 b06bdrv - ok
16:16:14.0016 1824 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:16:14.0078 1824 b57nd60a - ok
16:16:14.0109 1824 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:16:14.0187 1824 BDESVC - ok
16:16:14.0219 1824 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:16:14.0297 1824 Beep - ok
16:16:14.0343 1824 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:16:14.0421 1824 BFE - ok
16:16:14.0453 1824 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:16:14.0531 1824 BITS - ok
16:16:14.0562 1824 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:16:14.0593 1824 blbdrive - ok
16:16:14.0624 1824 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:16:14.0640 1824 bowser - ok
16:16:14.0671 1824 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:16:14.0702 1824 BrFiltLo - ok
16:16:14.0702 1824 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:16:14.0718 1824 BrFiltUp - ok
16:16:14.0733 1824 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:16:14.0765 1824 BridgeMP - ok
16:16:14.0811 1824 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:16:14.0858 1824 Browser - ok
16:16:14.0889 1824 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:16:14.0952 1824 Brserid - ok
16:16:14.0967 1824 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:16:15.0014 1824 BrSerWdm - ok
16:16:15.0014 1824 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:16:15.0045 1824 BrUsbMdm - ok
16:16:15.0061 1824 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:16:15.0108 1824 BrUsbSer - ok
16:16:15.0108 1824 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:16:15.0139 1824 BTHMODEM - ok
16:16:15.0186 1824 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:16:15.0264 1824 bthserv - ok
16:16:15.0295 1824 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:16:15.0326 1824 cdfs - ok
16:16:15.0357 1824 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:16:15.0373 1824 cdrom - ok
16:16:15.0420 1824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:16:15.0482 1824 CertPropSvc - ok
16:16:15.0498 1824 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:16:15.0513 1824 circlass - ok
16:16:15.0545 1824 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:16:15.0560 1824 CLFS - ok
16:16:15.0638 1824 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:16:15.0654 1824 clr_optimization_v2.0.50727_32 - ok
16:16:15.0685 1824 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:16:15.0701 1824 clr_optimization_v2.0.50727_64 - ok
16:16:15.0872 1824 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:16:15.0903 1824 clr_optimization_v4.0.30319_32 - ok
16:16:16.0059 1824 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:16:16.0091 1824 clr_optimization_v4.0.30319_64 - ok
16:16:16.0122 1824 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:16:16.0184 1824 CmBatt - ok
16:16:16.0184 1824 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:16:16.0215 1824 cmdide - ok
16:16:16.0262 1824 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:16:16.0356 1824 CNG - ok
16:16:16.0387 1824 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:16:16.0418 1824 Compbatt - ok
16:16:16.0418 1824 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:16:16.0449 1824 CompositeBus - ok
16:16:16.0449 1824 COMSysApp - ok
16:16:16.0465 1824 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:16:16.0481 1824 crcdisk - ok
16:16:16.0512 1824 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:16:16.0590 1824 CryptSvc - ok
16:16:16.0621 1824 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:16:16.0683 1824 CSC - ok
16:16:16.0699 1824 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:16:16.0761 1824 CscService - ok
16:16:16.0808 1824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:16:16.0886 1824 DcomLaunch - ok
16:16:16.0995 1824 [ 9AC09551F559A1EEAFC0B19F624C233E ] DCService.exe C:\ProgramData\DatacardService\DCService.exe
16:16:17.0011 1824 DCService.exe ( UnsignedFile.Multi.Generic ) - warning
16:16:17.0011 1824 DCService.exe - detected UnsignedFile.Multi.Generic (1)
16:16:17.0042 1824 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:16:17.0120 1824 defragsvc - ok
16:16:17.0151 1824 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:16:17.0245 1824 DfsC - ok
16:16:17.0276 1824 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:16:17.0323 1824 Dhcp - ok
16:16:17.0339 1824 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:16:17.0401 1824 discache - ok
16:16:17.0417 1824 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:16:17.0432 1824 Disk - ok
16:16:17.0448 1824 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:16:17.0495 1824 dmvsc - ok
16:16:17.0526 1824 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:16:17.0557 1824 Dnscache - ok
16:16:17.0604 1824 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:16:17.0651 1824 dot3svc - ok
16:16:17.0666 1824 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:16:17.0697 1824 DPS - ok
16:16:17.0729 1824 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:16:17.0775 1824 drmkaud - ok
16:16:17.0807 1824 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:16:17.0853 1824 DXGKrnl - ok
16:16:17.0900 1824 [ 45232471A169469EAFCC28D1206C09E2 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
16:16:17.0916 1824 eamonm - ok
16:16:17.0963 1824 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:16:18.0025 1824 EapHost - ok
16:16:18.0119 1824 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:16:18.0165 1824 ebdrv - ok
16:16:18.0197 1824 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:16:18.0243 1824 EFS - ok
16:16:18.0290 1824 [ 1CB8BE46590FB6D2806F50608CDE4957 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
16:16:18.0306 1824 ehdrv - ok
16:16:18.0446 1824 [ 52F63774A1866258BF64488A75CA1757 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
16:16:18.0493 1824 ekrn - ok
16:16:18.0540 1824 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:16:18.0555 1824 elxstor - ok
16:16:18.0618 1824 [ ED7E67634657DCBD024EE2A1A6FFBA2F ] epfw C:\Windows\system32\DRIVERS\epfw.sys
16:16:18.0633 1824 epfw - ok
16:16:18.0680 1824 [ ED9A79169F8B47FBFF1D7FE113D4780A ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
16:16:18.0711 1824 EpfwLWF - ok
16:16:18.0743 1824 [ 7E1460F280D31CE3497DE9E540C99264 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
16:16:18.0774 1824 epfwwfp - ok
16:16:18.0789 1824 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:16:18.0805 1824 ErrDev - ok
16:16:18.0852 1824 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:16:18.0914 1824 EventSystem - ok
16:16:19.0023 1824 [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:16:19.0086 1824 EvtEng - ok
16:16:19.0148 1824 [ D83EB7ADE99D99A4CD6568AC1261D35E ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
16:16:19.0195 1824 ewusbnet - ok
16:16:19.0242 1824 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:16:19.0304 1824 ew_hwusbdev - ok
16:16:19.0335 1824 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:16:19.0413 1824 exfat - ok
16:16:19.0429 1824 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:16:19.0460 1824 fastfat - ok
16:16:19.0491 1824 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:16:19.0507 1824 fdc - ok
16:16:19.0538 1824 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:16:19.0585 1824 fdPHost - ok
16:16:19.0601 1824 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:16:19.0647 1824 FDResPub - ok
16:16:19.0679 1824 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:16:19.0694 1824 FileInfo - ok
16:16:19.0694 1824 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:16:19.0741 1824 Filetrace - ok
16:16:19.0757 1824 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:16:19.0772 1824 flpydisk - ok
16:16:19.0772 1824 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:16:19.0788 1824 FltMgr - ok
16:16:19.0835 1824 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:16:19.0913 1824 FontCache - ok
16:16:19.0959 1824 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:16:19.0975 1824 FontCache3.0.0.0 - ok
16:16:19.0991 1824 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:16:20.0006 1824 FsDepends - ok
16:16:20.0053 1824 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:16:20.0069 1824 Fs_Rec - ok
16:16:20.0100 1824 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:16:20.0131 1824 fvevol - ok
16:16:20.0147 1824 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:16:20.0162 1824 gagp30kx - ok
16:16:20.0209 1824 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:16:20.0271 1824 gpsvc - ok
16:16:20.0287 1824 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:16:20.0349 1824 hcw85cir - ok
16:16:20.0381 1824 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:16:20.0427 1824 HdAudAddService - ok
16:16:20.0459 1824 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:16:20.0474 1824 HDAudBus - ok
16:16:20.0521 1824 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:16:20.0521 1824 HECIx64 - ok
16:16:20.0552 1824 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:16:20.0583 1824 HidBatt - ok
16:16:20.0599 1824 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:16:20.0630 1824 HidBth - ok
16:16:20.0646 1824 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:16:20.0677 1824 HidIr - ok
16:16:20.0693 1824 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:16:20.0755 1824 hidserv - ok
16:16:20.0802 1824 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:16:20.0817 1824 HidUsb - ok
16:16:20.0849 1824 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:16:20.0942 1824 hkmsvc - ok
16:16:20.0958 1824 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:16:21.0020 1824 HomeGroupListener - ok
16:16:21.0036 1824 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:16:21.0067 1824 HomeGroupProvider - ok
16:16:21.0114 1824 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:16:21.0129 1824 HpSAMD - ok
16:16:21.0145 1824 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:16:21.0223 1824 HTTP - ok
16:16:21.0254 1824 [ 09AF4D7563EFC283BEDDDAFE60FAF168 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:16:21.0301 1824 huawei_enumerator - ok
16:16:21.0363 1824 [ 6E05228393CD614B983568EC40C262C3 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:16:21.0410 1824 hwdatacard - ok
16:16:21.0441 1824 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:16:21.0473 1824 hwpolicy - ok
16:16:21.0519 1824 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:16:21.0535 1824 i8042prt - ok
16:16:21.0566 1824 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:16:21.0582 1824 iaStor - ok
16:16:21.0675 1824 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:16:21.0707 1824 IAStorDataMgrSvc - ok
16:16:21.0753 1824 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:16:21.0785 1824 iaStorV - ok
16:16:21.0847 1824 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:16:21.0878 1824 idsvc - ok
16:16:21.0894 1824 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:16:21.0909 1824 iirsp - ok
16:16:21.0941 1824 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:16:22.0019 1824 IKEEXT - ok
16:16:22.0112 1824 [ 6E4CCB3AFF07E2B9F2A937385C84B573 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:16:22.0159 1824 IntcAzAudAddService - ok
16:16:22.0190 1824 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:16:22.0221 1824 intelide - ok
16:16:22.0237 1824 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:16:22.0268 1824 intelppm - ok
16:16:22.0284 1824 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:16:22.0362 1824 IPBusEnum - ok
16:16:22.0409 1824 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:16:22.0455 1824 IpFilterDriver - ok
16:16:22.0471 1824 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:16:22.0533 1824 iphlpsvc - ok
16:16:22.0549 1824 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:16:22.0565 1824 IPMIDRV - ok
16:16:22.0565 1824 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:16:22.0643 1824 IPNAT - ok
16:16:22.0674 1824 [ 11FE7637A49B67D9B1F895B2AD4D982F ] iprip C:\Windows\System32\iprip.dll
16:16:22.0736 1824 iprip - ok
16:16:22.0767 1824 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:16:22.0814 1824 IRENUM - ok
16:16:22.0830 1824 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:16:22.0845 1824 isapnp - ok
16:16:22.0861 1824 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:16:22.0892 1824 iScsiPrt - ok
16:16:22.0908 1824 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:16:22.0923 1824 kbdclass - ok
16:16:22.0939 1824 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:16:22.0986 1824 kbdhid - ok
16:16:23.0017 1824 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:16:23.0033 1824 KeyIso - ok
16:16:23.0064 1824 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:16:23.0079 1824 KSecDD - ok
16:16:23.0095 1824 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:16:23.0111 1824 KSecPkg - ok
16:16:23.0126 1824 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:16:23.0173 1824 ksthunk - ok
16:16:23.0204 1824 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:16:23.0251 1824 KtmRm - ok
16:16:23.0282 1824 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:16:23.0329 1824 LanmanServer - ok
16:16:23.0360 1824 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:16:23.0407 1824 LanmanWorkstation - ok
16:16:23.0438 1824 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:16:23.0516 1824 lltdio - ok
16:16:23.0547 1824 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:16:23.0594 1824 lltdsvc - ok
16:16:23.0610 1824 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:16:23.0641 1824 lmhosts - ok
16:16:23.0688 1824 [ 23D990150D56B670A62B21B9ABDD45EE ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:16:23.0719 1824 LMS - ok
16:16:23.0766 1824 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:16:23.0781 1824 LSI_FC - ok
16:16:23.0797 1824 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:16:23.0813 1824 LSI_SAS - ok
16:16:23.0813 1824 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:16:23.0828 1824 LSI_SAS2 - ok
16:16:23.0828 1824 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:16:23.0844 1824 LSI_SCSI - ok
16:16:23.0844 1824 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:16:23.0906 1824 luafv - ok
16:16:23.0906 1824 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:16:23.0922 1824 megasas - ok
16:16:23.0922 1824 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:16:23.0937 1824 MegaSR - ok
16:16:23.0953 1824 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:16:24.0031 1824 MMCSS - ok
16:16:24.0031 1824 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:16:24.0078 1824 Modem - ok
16:16:24.0109 1824 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:16:24.0125 1824 monitor - ok
16:16:24.0156 1824 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:16:24.0171 1824 mouclass - ok
16:16:24.0203 1824 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:16:24.0234 1824 mouhid - ok
16:16:24.0249 1824 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:16:24.0249 1824 mountmgr - ok
16:16:24.0281 1824 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:16:24.0296 1824 mpio - ok
16:16:24.0296 1824 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:16:24.0343 1824 mpsdrv - ok
16:16:24.0374 1824 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:16:24.0421 1824 MpsSvc - ok
16:16:24.0437 1824 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:16:24.0468 1824 MRxDAV - ok
16:16:24.0499 1824 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:16:24.0530 1824 mrxsmb - ok
16:16:24.0546 1824 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:16:24.0561 1824 mrxsmb10 - ok
16:16:24.0577 1824 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:16:24.0593 1824 mrxsmb20 - ok
16:16:24.0608 1824 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:16:24.0624 1824 msahci - ok
16:16:24.0639 1824 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:16:24.0655 1824 msdsm - ok
16:16:24.0671 1824 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:16:24.0686 1824 MSDTC - ok
16:16:24.0686 1824 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:16:24.0733 1824 Msfs - ok
16:16:24.0749 1824 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:16:24.0795 1824 mshidkmdf - ok
16:16:24.0795 1824 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:16:24.0811 1824 msisadrv - ok
16:16:24.0827 1824 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:16:24.0889 1824 MSiSCSI - ok
16:16:24.0889 1824 msiserver - ok
16:16:24.0920 1824 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:16:24.0967 1824 MSKSSRV - ok
16:16:24.0998 1824 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:16:25.0045 1824 MSPCLOCK - ok
16:16:25.0061 1824 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:16:25.0107 1824 MSPQM - ok
16:16:25.0139 1824 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:16:25.0154 1824 MsRPC - ok
16:16:25.0154 1824 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:16:25.0170 1824 mssmbios - ok
16:16:25.0185 1824 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:16:25.0217 1824 MSTEE - ok
16:16:25.0232 1824 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:16:25.0248 1824 MTConfig - ok
16:16:25.0263 1824 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:16:25.0263 1824 Mup - ok
16:16:25.0341 1824 mysql - ok
16:16:25.0404 1824 [ A9BC2302FBDF52C8AF4E2FC966288D21 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:16:25.0435 1824 MyWiFiDHCPDNS - ok
16:16:25.0466 1824 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:16:25.0529 1824 napagent - ok
16:16:25.0575 1824 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:16:25.0638 1824 NativeWifiP - ok
16:16:25.0669 1824 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:16:25.0700 1824 NDIS - ok
16:16:25.0731 1824 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:16:25.0763 1824 NdisCap - ok
16:16:25.0778 1824 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:16:25.0825 1824 NdisTapi - ok
16:16:25.0825 1824 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:16:25.0872 1824 Ndisuio - ok
16:16:25.0903 1824 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:16:25.0981 1824 NdisWan - ok
16:16:25.0997 1824 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:16:26.0028 1824 NDProxy - ok
16:16:26.0043 1824 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:16:26.0106 1824 NetBIOS - ok
16:16:26.0106 1824 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:16:26.0153 1824 NetBT - ok
16:16:26.0168 1824 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:16:26.0168 1824 Netlogon - ok
16:16:26.0199 1824 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:16:26.0262 1824 Netman - ok
16:16:26.0277 1824 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:16:26.0324 1824 netprofm - ok
16:16:26.0340 1824 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:16:26.0340 1824 NetTcpPortSharing - ok
16:16:26.0511 1824 [ 24F64343F14A119308456E1CA7507B26 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
16:16:26.0667 1824 NETw5s64 - ok
16:16:26.0699 1824 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:16:26.0714 1824 nfrd960 - ok
16:16:26.0761 1824 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:16:26.0808 1824 NlaSvc - ok
16:16:26.0823 1824 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:16:26.0855 1824 Npfs - ok
16:16:26.0870 1824 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:16:26.0933 1824 nsi - ok
16:16:26.0948 1824 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:16:26.0979 1824 nsiproxy - ok
16:16:27.0026 1824 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:16:27.0073 1824 Ntfs - ok
16:16:27.0089 1824 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:16:27.0120 1824 Null - ok
16:16:27.0151 1824 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:16:27.0182 1824 nvraid - ok
16:16:27.0213 1824 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:16:27.0229 1824 nvstor - ok
16:16:27.0245 1824 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:16:27.0260 1824 nv_agp - ok
16:16:27.0276 1824 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:16:27.0291 1824 ohci1394 - ok
16:16:27.0323 1824 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:16:27.0354 1824 ose64 - ok
16:16:27.0494 1824 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:16:27.0588 1824 osppsvc - ok
16:16:27.0619 1824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:16:27.0681 1824 p2pimsvc - ok
16:16:27.0713 1824 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:16:27.0728 1824 p2psvc - ok
16:16:27.0759 1824 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:16:27.0775 1824 Parport - ok
16:16:27.0806 1824 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:16:27.0806 1824 partmgr - ok
16:16:27.0837 1824 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:16:27.0869 1824 PcaSvc - ok
16:16:27.0884 1824 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:16:27.0900 1824 pci - ok
16:16:27.0915 1824 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:16:27.0915 1824 pciide - ok
16:16:27.0947 1824 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:16:27.0947 1824 pcmcia - ok
16:16:27.0962 1824 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:16:27.0962 1824 pcw - ok
16:16:27.0978 1824 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:16:28.0025 1824 PEAUTH - ok
16:16:28.0087 1824 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:16:28.0149 1824 PeerDistSvc - ok
16:16:28.0243 1824 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:16:28.0274 1824 PerfHost - ok
16:16:28.0337 1824 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:16:28.0415 1824 pla - ok
16:16:28.0461 1824 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:16:28.0524 1824 PlugPlay - ok
16:16:28.0539 1824 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:16:28.0571 1824 PNRPAutoReg - ok
16:16:28.0586 1824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:16:28.0602 1824 PNRPsvc - ok
16:16:28.0649 1824 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:16:28.0711 1824 PolicyAgent - ok
16:16:28.0727 1824 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:16:28.0773 1824 Power - ok
16:16:28.0820 1824 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:16:28.0898 1824 PptpMiniport - ok
16:16:28.0914 1824 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:16:28.0945 1824 Processor - ok
16:16:28.0961 1824 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:16:29.0023 1824 ProfSvc - ok
16:16:29.0039 1824 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:16:29.0054 1824 ProtectedStorage - ok
16:16:29.0085 1824 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:16:29.0148 1824 Psched - ok
16:16:29.0195 1824 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:16:29.0226 1824 ql2300 - ok
16:16:29.0241 1824 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:16:29.0257 1824 ql40xx - ok
16:16:29.0288 1824 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:16:29.0304 1824 QWAVE - ok
16:16:29.0319 1824 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:16:29.0366 1824 QWAVEdrv - ok
16:16:29.0366 1824 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:16:29.0429 1824 RasAcd - ok
16:16:29.0475 1824 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:16:29.0538 1824 RasAgileVpn - ok
16:16:29.0553 1824 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:16:29.0600 1824 RasAuto - ok
16:16:29.0631 1824 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:16:29.0678 1824 Rasl2tp - ok
16:16:29.0709 1824 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:16:29.0756 1824 RasMan - ok
16:16:29.0787 1824 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:16:29.0865 1824 RasPppoe - ok
16:16:29.0881 1824 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:16:29.0928 1824 RasSstp - ok
16:16:29.0943 1824 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:16:29.0990 1824 rdbss - ok
16:16:30.0006 1824 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:16:30.0037 1824 rdpbus - ok
16:16:30.0068 1824 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:16:30.0115 1824 RDPCDD - ok
16:16:30.0146 1824 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:16:30.0193 1824 RDPDR - ok
16:16:30.0209 1824 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:16:30.0255 1824 RDPENCDD - ok
16:16:30.0271 1824 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:16:30.0318 1824 RDPREFMP - ok
16:16:30.0349 1824 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:16:30.0396 1824 RDPWD - ok
16:16:30.0411 1824 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:16:30.0427 1824 rdyboost - ok
16:16:30.0505 1824 [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:16:30.0552 1824 RegSrvc - ok
16:16:30.0583 1824 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:16:30.0630 1824 RemoteAccess - ok
16:16:30.0661 1824 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:16:30.0692 1824 RemoteRegistry - ok
16:16:30.0708 1824 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:16:30.0770 1824 RpcEptMapper - ok
16:16:30.0801 1824 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:16:30.0801 1824 RpcLocator - ok
16:16:30.0833 1824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:16:30.0879 1824 RpcSs - ok
16:16:30.0911 1824 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:16:30.0942 1824 rspndr - ok
16:16:31.0004 1824 [ 22D6B47D004A6568C500680BE2972854 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
16:16:31.0035 1824 RSUSBSTOR - ok
16:16:31.0051 1824 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:16:31.0067 1824 s3cap - ok
16:16:31.0082 1824 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:16:31.0098 1824 SamSs - ok
16:16:31.0113 1824 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:16:31.0129 1824 sbp2port - ok
16:16:31.0160 1824 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:16:31.0191 1824 SCardSvr - ok
16:16:31.0207 1824 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:16:31.0254 1824 scfilter - ok
16:16:31.0285 1824 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:16:31.0347 1824 Schedule - ok
16:16:31.0379 1824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:16:31.0441 1824 SCPolicySvc - ok
16:16:31.0488 1824 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:16:31.0535 1824 SDRSVC - ok
16:16:31.0581 1824 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:16:31.0644 1824 secdrv - ok
16:16:31.0659 1824 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:16:31.0691 1824 seclogon - ok
16:16:31.0722 1824 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:16:31.0769 1824 SENS - ok
16:16:31.0784 1824 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:16:31.0847 1824 SensrSvc - ok
16:16:31.0878 1824 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:16:31.0909 1824 Serenum - ok
16:16:31.0940 1824 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:16:31.0971 1824 Serial - ok
16:16:32.0003 1824 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:16:32.0034 1824 sermouse - ok
16:16:32.0049 1824 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:16:32.0096 1824 SessionEnv - ok
16:16:32.0112 1824 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:16:32.0127 1824 sffdisk - ok
16:16:32.0143 1824 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:16:32.0159 1824 sffp_mmc - ok
16:16:32.0159 1824 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:16:32.0205 1824 sffp_sd - ok
16:16:32.0221 1824 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:16:32.0237 1824 sfloppy - ok
16:16:32.0268 1824 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:16:32.0315 1824 SharedAccess - ok
16:16:32.0346 1824 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:16:32.0408 1824 ShellHWDetection - ok
16:16:32.0455 1824 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:16:32.0471 1824 SiSRaid2 - ok
16:16:32.0486 1824 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:16:32.0486 1824 SiSRaid4 - ok
16:16:32.0517 1824 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:16:32.0549 1824 SkypeUpdate - ok
16:16:32.0564 1824 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:16:32.0642 1824 Smb - ok
16:16:32.0674 1824 [ CA62AE004E98374BF7F082CD765EEA02 ] SNMP C:\Windows\System32\snmp.exe
16:16:32.0720 1824 SNMP - ok
16:16:32.0752 1824 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:16:32.0783 1824 SNMPTRAP - ok
16:16:32.0798 1824 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:16:32.0814 1824 spldr - ok
16:16:32.0845 1824 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:16:32.0876 1824 Spooler - ok
16:16:32.0986 1824 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:16:33.0064 1824 sppsvc - ok
16:16:33.0079 1824 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:16:33.0126 1824 sppuinotify - ok
16:16:33.0157 1824 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:16:33.0204 1824 srv - ok
16:16:33.0220 1824 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:16:33.0251 1824 srv2 - ok
16:16:33.0266 1824 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:16:33.0282 1824 srvnet - ok
16:16:33.0313 1824 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:16:33.0376 1824 SSDPSRV - ok
16:16:33.0391 1824 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:16:33.0438 1824 SstpSvc - ok
16:16:33.0454 1824 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:16:33.0469 1824 stexstor - ok
16:16:33.0500 1824 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:16:33.0516 1824 stisvc - ok
16:16:33.0547 1824 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:16:33.0563 1824 storflt - ok
16:16:33.0578 1824 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:16:33.0625 1824 StorSvc - ok
16:16:33.0656 1824 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:16:33.0672 1824 storvsc - ok
16:16:33.0703 1824 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:16:33.0719 1824 swenum - ok
16:16:33.0828 1824 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:16:33.0859 1824 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
16:16:33.0859 1824 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
16:16:33.0890 1824 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:16:33.0953 1824 swprv - ok
16:16:33.0984 1824 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:16:34.0046 1824 SysMain - ok
16:16:34.0062 1824 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:16:34.0078 1824 TabletInputService - ok
16:16:34.0093 1824 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:16:34.0140 1824 TapiSrv - ok
16:16:34.0156 1824 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:16:34.0202 1824 TBS - ok
16:16:34.0249 1824 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:16:34.0312 1824 Tcpip - ok
16:16:34.0374 1824 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:16:34.0421 1824 TCPIP6 - ok
16:16:34.0452 1824 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:16:34.0499 1824 tcpipreg - ok
16:16:34.0514 1824 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:16:34.0546 1824 TDPIPE - ok
16:16:34.0577 1824 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:16:34.0592 1824 TDTCP - ok
16:16:34.0624 1824 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:16:34.0670 1824 tdx - ok
16:16:34.0670 1824 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:16:34.0686 1824 TermDD - ok
16:16:34.0717 1824 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:16:34.0780 1824 TermService - ok
16:16:34.0795 1824 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:16:34.0811 1824 Themes - ok
16:16:34.0811 1824 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:16:34.0858 1824 THREADORDER - ok
16:16:34.0873 1824 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:16:34.0951 1824 TrkWks - ok
16:16:34.0998 1824 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:16:35.0076 1824 TrustedInstaller - ok
16:16:35.0092 1824 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:16:35.0154 1824 tssecsrv - ok
16:16:35.0154 1824 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:16:35.0201 1824 TsUsbFlt - ok
16:16:35.0201 1824 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:16:35.0232 1824 TsUsbGD - ok
16:16:35.0248 1824 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:16:35.0294 1824 tunnel - ok
16:16:35.0310 1824 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:16:35.0310 1824 uagp35 - ok
16:16:35.0357 1824 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:16:35.0435 1824 udfs - ok
16:16:35.0450 1824 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:16:35.0482 1824 UI0Detect - ok
16:16:35.0497 1824 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:16:35.0513 1824 uliagpkx - ok
16:16:35.0544 1824 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:16:35.0575 1824 umbus - ok
16:16:35.0591 1824 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:16:35.0606 1824 UmPass - ok
16:16:35.0638 1824 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:16:35.0669 1824 UmRdpService - ok
16:16:35.0747 1824 [ CBDEE152D73200EE49031A26310B9D3E ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:16:35.0794 1824 UNS - ok
16:16:35.0840 1824 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:16:35.0903 1824 upnphost - ok
16:16:35.0950 1824 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:16:35.0981 1824 usbccgp - ok
16:16:36.0028 1824 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:16:36.0059 1824 usbcir - ok
16:16:36.0074 1824 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:16:36.0152 1824 usbehci - ok
16:16:36.0199 1824 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:16:36.0246 1824 usbhub - ok
16:16:36.0262 1824 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:16:36.0277 1824 usbohci - ok
16:16:36.0308 1824 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:16:36.0340 1824 usbprint - ok
16:16:36.0355 1824 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:16:36.0386 1824 USBSTOR - ok
16:16:36.0418 1824 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:16:36.0449 1824 usbuhci - ok
16:16:36.0496 1824 [ D0FE8CB5F84303E73FF0754437FAD3D1 ] usb_rndis C:\Windows\system32\DRIVERS\usb8023.sys
16:16:36.0542 1824 usb_rndis - ok
16:16:36.0574 1824 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:16:36.0636 1824 UxSms - ok
16:16:36.0652 1824 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:16:36.0667 1824 VaultSvc - ok
16:16:36.0698 1824 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:16:36.0714 1824 vdrvroot - ok
16:16:36.0745 1824 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:16:36.0792 1824 vds - ok
16:16:36.0808 1824 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:16:36.0823 1824 vga - ok
16:16:36.0839 1824 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:16:36.0886 1824 VgaSave - ok
16:16:36.0886 1824 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:16:36.0901 1824 vhdmp - ok
16:16:36.0901 1824 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:16:36.0917 1824 viaide - ok
16:16:36.0932 1824 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:16:36.0948 1824 vmbus - ok
16:16:36.0964 1824 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:16:36.0995 1824 VMBusHID - ok
16:16:37.0010 1824 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:16:37.0026 1824 volmgr - ok
16:16:37.0026 1824 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:16:37.0042 1824 volmgrx - ok
16:16:37.0057 1824 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:16:37.0073 1824 volsnap - ok
16:16:37.0073 1824 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:16:37.0088 1824 vsmraid - ok
16:16:37.0135 1824 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:16:37.0198 1824 VSS - ok
16:16:37.0213 1824 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:16:37.0244 1824 vwifibus - ok
16:16:37.0244 1824 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:16:37.0276 1824 vwififlt - ok
16:16:37.0276 1824 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:16:37.0291 1824 vwifimp - ok
16:16:37.0322 1824 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:16:37.0369 1824 W32Time - ok
16:16:37.0369 1824 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:16:37.0400 1824 WacomPen - ok
16:16:37.0432 1824 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:16:37.0494 1824 WANARP - ok
16:16:37.0494 1824 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:16:37.0525 1824 Wanarpv6 - ok
16:16:37.0588 1824 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:16:37.0634 1824 WatAdminSvc - ok
16:16:37.0681 1824 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:16:37.0728 1824 wbengine - ok
16:16:37.0744 1824 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:16:37.0759 1824 WbioSrvc - ok
16:16:37.0775 1824 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:16:37.0806 1824 wcncsvc - ok
16:16:37.0822 1824 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:16:37.0853 1824 WcsPlugInService - ok
16:16:37.0884 1824 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:16:37.0900 1824 Wd - ok
16:16:37.0900 1824 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:16:37.0931 1824 Wdf01000 - ok
16:16:37.0946 1824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:16:38.0056 1824 WdiServiceHost - ok
16:16:38.0056 1824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:16:38.0087 1824 WdiSystemHost - ok
16:16:38.0102 1824 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:16:38.0134 1824 WebClient - ok
16:16:38.0149 1824 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:16:38.0212 1824 Wecsvc - ok
16:16:38.0227 1824 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:16:38.0274 1824 wercplsupport - ok
16:16:38.0290 1824 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:16:38.0336 1824 WerSvc - ok
16:16:38.0368 1824 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:16:38.0430 1824 WfpLwf - ok
16:16:38.0446 1824 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:16:38.0446 1824 WIMMount - ok
16:16:38.0461 1824 WinDefend - ok
16:16:38.0461 1824 WinHttpAutoProxySvc - ok
16:16:38.0524 1824 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:16:38.0586 1824 Winmgmt - ok
16:16:38.0633 1824 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:16:38.0680 1824 WinRM - ok
16:16:38.0726 1824 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:16:38.0758 1824 Wlansvc - ok
16:16:38.0789 1824 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:16:38.0820 1824 WmiAcpi - ok
16:16:38.0867 1824 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:16:38.0882 1824 wmiApSrv - ok
16:16:38.0929 1824 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:16:38.0976 1824 WPCSvc - ok
16:16:38.0992 1824 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:16:39.0023 1824 WPDBusEnum - ok
16:16:39.0054 1824 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:16:39.0085 1824 ws2ifsl - ok
16:16:39.0101 1824 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:16:39.0132 1824 wscsvc - ok
16:16:39.0226 1824 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:16:39.0288 1824 wuauserv - ok
16:16:39.0304 1824 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:16:39.0350 1824 WudfPf - ok
16:16:39.0382 1824 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:16:39.0444 1824 WUDFRd - ok
16:16:39.0460 1824 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:16:39.0506 1824 wudfsvc - ok
16:16:39.0522 1824 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:16:39.0553 1824 WwanSvc - ok
16:16:39.0569 1824 ================ Scan global ===============================
16:16:39.0584 1824 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:16:39.0616 1824 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:16:39.0647 1824 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:16:39.0678 1824 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:16:39.0694 1824 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:16:39.0694 1824 [Global] - ok
16:16:39.0694 1824 ================ Scan MBR ==================================
16:16:39.0709 1824 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:16:40.0130 1824 \Device\Harddisk0\DR0 - ok
16:16:40.0130 1824 ================ Scan VBR ==================================
16:16:40.0130 1824 [ CE5F8C79733A74EF45E8EB62EDBF8055 ] \Device\Harddisk0\DR0\Partition1
16:16:40.0146 1824 \Device\Harddisk0\DR0\Partition1 - ok
16:16:40.0177 1824 [ 405C431FCD7B8AAC3D55143C34945F10 ] \Device\Harddisk0\DR0\Partition2
16:16:40.0193 1824 \Device\Harddisk0\DR0\Partition2 - ok
16:16:40.0193 1824 [ C4A4CF05C7B5FA908A9CC9A43B9AC396 ] \Device\Harddisk0\DR0\Partition3
16:16:40.0193 1824 \Device\Harddisk0\DR0\Partition3 - ok
16:16:40.0224 1824 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4
16:16:40.0224 1824 \Device\Harddisk0\DR0\Partition4 - ok
16:16:40.0224 1824 ============================================================
16:16:40.0224 1824 Scan finished
16:16:40.0224 1824 ============================================================
16:16:40.0240 4956 Detected object count: 3
16:16:40.0240 4956 Actual detected object count: 3
16:18:26.0864 4956 Apache2.4 ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:26.0864 4956 Apache2.4 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:26.0864 4956 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:26.0864 4956 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:26.0864 4956 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:26.0864 4956 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:21:28.0417 5188 Deinitialize success



(my events full of weird network errors , and virus killers being turned off. apache i installed from the server website, though maybe they broke into it through router when i felt that invasion a day ago. Thank you.


==========
...........................................ASWmbr.exe below
==========






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 16:21:31
-----------------------------
16:21:31.093 OS Version: Windows x64 6.1.7601 Service Pack 1
16:21:31.093 Number of processors: 4 586 0x2505
16:21:31.093 ComputerName: MASTER-PC UserName: master
16:21:31.888 Initialize success
16:55:25.306 AVAST engine defs: 12082700
19:20:13.151 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:20:13.157 Disk 0 Vendor: ST964032 0001 Size: 610480MB BusType: 3
19:20:13.168 Disk 0 MBR read successfully
19:20:13.173 Disk 0 MBR scan
19:20:13.181 Disk 0 Windows 7 default MBR code
19:20:13.196 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:20:13.210 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150131 MB offset 206848
19:20:13.219 Disk 0 Partition - 00 0F Extended LBA 410244 MB offset 307676880
19:20:13.255 Disk 0 Partition 3 00 06 FAT16 50001 MB offset 1147858944
19:20:13.299 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 410244 MB offset 307676943
19:20:13.360 Disk 0 scanning C:\Windows\system32\drivers
19:20:25.151 Service scanning
19:20:53.435 Modules scanning
19:20:53.788 Disk 0 trace - called modules:
19:20:53.807 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:20:53.816 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800651e060]
19:20:53.825 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80061e9050]
19:20:55.229 AVAST engine scan C:\Windows
19:21:10.799 AVAST engine scan C:\Windows\system32
19:22:59.235 AVAST engine scan C:\Windows\system32\drivers
19:23:10.775 AVAST engine scan C:\Users\master
19:29:37.838 AVAST engine scan C:\ProgramData
19:30:29.116 Scan finished successfully
21:31:22.357 Disk 0 MBR has been saved successfully to "C:\Users\master\Desktop\MBR.dat"
21:31:22.364 The log file has been saved successfully to "C:\Users\master\Deskt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 27 August 2012 - 02:02 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 29 August 2012 - 11:16 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 01 September 2012 - 11:25 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 04 September 2012 - 11:09 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users