Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Receiving frequent trojan attacks, payment sites redirecting


  • This topic is locked This topic is locked
15 replies to this topic

#1 F338LE1

F338LE1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 09 April 2012 - 03:50 AM

Hi,

I'm having some trouble with a trojan downloader (or perhaps several):

Operating memory firefox.exe(3520) - probably a variant of Win32/TrojanDownloader.Mebload.AR trojan - unable to clean


Every now and then ESET reports that it blocked and quarantined a trojan or Java/trojanDownloader.agent.

I noticed the problems after I'd run some updates on the system and drivers. I restored the system to the recovery point, but the problems remained.

Any help would be greatly appreciated.

-----------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Greattech.se at 10:07:51 on 2012-04-09
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1053.18.6143.3732 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Connect Manager\Bin\mcserver.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Users\Greattech.se\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ekort\ekort.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\OBroker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Connect Manager\Bin\dbus-daemon.exe
C:\Program Files (x86)\Connect Manager\Bin\db_daemon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - C:\Program Files (x86)\ekort\EKortHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - C:\Program Files (x86)\ekort\EKortToolbar.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
StartupFolder: C:\Users\GREATT~1.SE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Greattech.se\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCtlSvc.lnk - C:\Program Files (x86)\Connect Manager\Bin\mcserver.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.188.0.1
TCP: Interfaces\{005C7747-6439-4DB0-8652-E17C331E9119} : DhcpNameServer = 80.251.201.177
TCP: Interfaces\{F01BF181-A5D4-4551-A846-D5BDBEE1A6E8} : DhcpNameServer = 192.188.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9065E913-4F23-4B47-9B5D-B055D32DB1F3}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF}
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Standard)]
mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Greattech.se\AppData\Roaming\Mozilla\Firefox\Profiles\fnmx35cm.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 UCManSvc;UCManSvc;C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [2010-3-12 241808]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rzudd;Razer Mouse Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
R3 XENfiltv;XENfiltv;C:\Windows\system32\drivers\XENfiltv.sys --> C:\Windows\system32\drivers\XENfiltv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-1-2 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-1-2 79360]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Aktiveringsteknologier for Windows-tjanst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\system32\DRIVERS\ZTEusbnet.sys --> C:\Windows\system32\DRIVERS\ZTEusbnet.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-09 08:03:54 -------- d-----w- C:\Users\Greattech.se\AppData\Local\{90714D71-3101-416E-8A22-4AF03BC39FD6}
2012-04-05 10:02:37 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6731976-EC83-496B-948A-A37B344F8A0C}\mpengine.dll
2012-03-26 19:59:51 -------- d-----w- C:\Users\Greattech.se\AppData\Roaming\Nitroplus
2012-03-26 19:41:36 -------- d-----w- C:\Windows\ucharge
2012-03-26 19:41:36 -------- d-----w- C:\ProgramData\paltiosoft
2012-03-26 19:41:36 -------- d-----w- C:\Program Files (x86)\SoftDenchi
2012-03-26 19:35:22 -------- d-----w- C:\Program Files (x86)\Nitroplus
2012-03-26 19:35:01 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-20 16:25:56 -------- d-----w- C:\Users\Greattech.se\AppData\Local\{3F8E92A2-39EB-4E37-9A1D-47E05C294AE8}
2012-03-20 16:25:28 -------- d-----w- C:\Users\Greattech.se\AppData\Local\{811384DE-3FF3-4225-B847-B62ECCF4D278}
2012-03-20 06:47:11 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 05:29:36 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-03-20 05:29:34 -------- d-----w- C:\Program Files\AMD
2012-03-20 05:29:34 -------- d-----w- C:\Program Files (x86)\AMD
2012-03-20 05:21:20 -------- d-----w- C:\Users\Greattech.se\AppData\Local\{06D6EB99-0C8D-48FA-B79F-7410F107A771}
2012-03-20 05:20:48 -------- d-----w- C:\Users\Greattech.se\AppData\Local\{DAC82F29-7BDB-4E83-8766-2A304FEE1974}
2012-03-18 16:29:30 -------- d-----w- C:\ProgramData\Windows
.
==================== Find3M ====================
.
2012-02-23 07:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-22 16:49:57 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-30 10:29:36 136704 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2012-01-30 10:29:34 278528 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2012-01-30 10:29:34 164864 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-12 15:34:24 74240 ----a-w- C:\Windows\System32\drivers\rzudd.sys
.
============= FINISH: 10:08:58,30 ===============

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:34 AM

Posted 09 April 2012 - 07:47 AM

We are in the process of researching and investigating your log. Please be patient as we do this and a Helper will respond shortly.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:34 PM

Posted 09 April 2012 - 01:32 PM

Hi F338LE1 and welcome to BP, my name is Mark and I will be helping you.

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.



Please follow the instructions below and post the logs.

STEP 1
Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


STEP 2
Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
Be sure to print out and follow the instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

    Posted Image

  • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

    Posted Image

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

    Posted Image

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".

#4 F338LE1

F338LE1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 09 April 2012 - 03:32 PM

Thank you for your time, Mark.

Here are the logs:

--------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Greattech.se :: GREATTECH [administrator]

Protection: Enabled

2012-04-09 22:09:51
mbam-log-2012-04-09 (22-09-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196684
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} (Heuristics.Shuriken) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\Windows\msseedir.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.

(end)

-----------------------------------------------
22:19:06.0489 1488 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
22:19:07.0318 1488 ============================================================
22:19:07.0318 1488 Current date / time: 2012/04/09 22:19:07.0318
22:19:07.0318 1488 SystemInfo:
22:19:07.0318 1488
22:19:07.0318 1488 OS Version: 6.1.7601 ServicePack: 1.0
22:19:07.0318 1488 Product type: Workstation
22:19:07.0318 1488 ComputerName: GREATTECH
22:19:07.0318 1488 UserName: Greattech.se
22:19:07.0318 1488 Windows directory: C:\Windows
22:19:07.0318 1488 System windows directory: C:\Windows
22:19:07.0318 1488 Running under WOW64
22:19:07.0318 1488 Processor architecture: Intel x64
22:19:07.0318 1488 Number of processors: 4
22:19:07.0318 1488 Page size: 0x1000
22:19:07.0318 1488 Boot type: Normal boot
22:19:07.0318 1488 ============================================================
22:19:10.0305 1488 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:19:10.0368 1488 Drive \Device\Harddisk1\DR1 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:19:10.0368 1488 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:19:10.0368 1488 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:19:10.0399 1488 \Device\Harddisk0\DR0:
22:19:10.0415 1488 MBR used
22:19:10.0415 1488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:19:10.0415 1488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
22:19:10.0415 1488 \Device\Harddisk2\DR2:
22:19:10.0415 1488 MBR used
22:19:10.0415 1488 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
22:19:10.0415 1488 \Device\Harddisk3\DR3:
22:19:10.0430 1488 MBR used
22:19:10.0430 1488 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
22:19:10.0884 1488 Initialize success
22:19:10.0884 1488 ============================================================
22:19:37.0049 4324 ============================================================
22:19:37.0049 4324 Scan started
22:19:37.0049 4324 Mode: Manual; SigCheck; TDLFS;
22:19:37.0049 4324 ============================================================
22:19:38.0848 4324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:19:39.0004 4324 1394ohci - ok
22:19:39.0051 4324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:19:39.0067 4324 ACPI - ok
22:19:39.0083 4324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:19:39.0177 4324 AcpiPmi - ok
22:19:39.0208 4324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:19:39.0271 4324 adp94xx - ok
22:19:39.0287 4324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:19:39.0333 4324 adpahci - ok
22:19:39.0349 4324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:19:39.0365 4324 adpu320 - ok
22:19:39.0380 4324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:19:39.0521 4324 AeLookupSvc - ok
22:19:39.0724 4324 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:19:39.0787 4324 AFD - ok
22:19:39.0802 4324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:19:39.0833 4324 agp440 - ok
22:19:39.0833 4324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:19:39.0880 4324 ALG - ok
22:19:39.0896 4324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:19:39.0912 4324 aliide - ok
22:19:39.0958 4324 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
22:19:40.0068 4324 AMD External Events Utility - ok
22:19:40.0130 4324 AMD FUEL Service - ok
22:19:40.0194 4324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:19:40.0225 4324 amdide - ok
22:19:40.0256 4324 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
22:19:40.0288 4324 amdiox64 - ok
22:19:40.0319 4324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:19:40.0381 4324 AmdK8 - ok
22:19:40.0725 4324 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
22:19:40.0881 4324 amdkmdag - ok
22:19:40.0913 4324 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
22:19:40.0959 4324 amdkmdap - ok
22:19:40.0991 4324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:19:41.0053 4324 AmdPPM - ok
22:19:41.0116 4324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:19:41.0179 4324 amdsata - ok
22:19:41.0210 4324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:19:41.0242 4324 amdsbs - ok
22:19:41.0257 4324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:19:41.0273 4324 amdxata - ok
22:19:41.0382 4324 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
22:19:41.0414 4324 AODDriver4.01 - ok
22:19:41.0492 4324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:19:41.0679 4324 AppID - ok
22:19:41.0695 4324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:19:41.0773 4324 AppIDSvc - ok
22:19:41.0804 4324 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:19:41.0867 4324 Appinfo - ok
22:19:42.0101 4324 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:19:42.0132 4324 Apple Mobile Device - ok
22:19:42.0148 4324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:19:42.0179 4324 arc - ok
22:19:42.0211 4324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:19:42.0243 4324 arcsas - ok
22:19:42.0352 4324 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:19:42.0415 4324 aspnet_state - ok
22:19:42.0477 4324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:19:42.0571 4324 AsyncMac - ok
22:19:42.0649 4324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:19:42.0711 4324 atapi - ok
22:19:42.0821 4324 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
22:19:42.0836 4324 AtiHDAudioService - ok
22:19:42.0899 4324 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
22:19:42.0961 4324 atksgt - ok
22:19:43.0040 4324 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:19:43.0102 4324 AudioEndpointBuilder - ok
22:19:43.0102 4324 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:19:43.0133 4324 AudioSrv - ok
22:19:43.0196 4324 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:19:43.0306 4324 AxInstSV - ok
22:19:43.0337 4324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:19:43.0384 4324 b06bdrv - ok
22:19:43.0416 4324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:19:43.0462 4324 b57nd60a - ok
22:19:43.0509 4324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:19:43.0572 4324 BDESVC - ok
22:19:43.0587 4324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:19:43.0666 4324 Beep - ok
22:19:43.0744 4324 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:19:43.0806 4324 BFE - ok
22:19:43.0837 4324 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:19:43.0884 4324 BITS - ok
22:19:43.0916 4324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:19:43.0947 4324 blbdrive - ok
22:19:44.0041 4324 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:19:44.0072 4324 Bonjour Service - ok
22:19:44.0119 4324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:19:44.0245 4324 bowser - ok
22:19:44.0276 4324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:19:44.0307 4324 BrFiltLo - ok
22:19:44.0323 4324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:19:44.0338 4324 BrFiltUp - ok
22:19:44.0385 4324 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:19:44.0463 4324 Browser - ok
22:19:44.0495 4324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:19:44.0573 4324 Brserid - ok
22:19:44.0588 4324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:19:44.0635 4324 BrSerWdm - ok
22:19:44.0651 4324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:19:44.0698 4324 BrUsbMdm - ok
22:19:44.0698 4324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:19:44.0713 4324 BrUsbSer - ok
22:19:44.0760 4324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:19:44.0838 4324 BTHMODEM - ok
22:19:44.0854 4324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:19:44.0932 4324 bthserv - ok
22:19:44.0948 4324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:19:45.0010 4324 cdfs - ok
22:19:45.0073 4324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:19:45.0135 4324 cdrom - ok
22:19:45.0166 4324 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:19:45.0261 4324 CertPropSvc - ok
22:19:45.0277 4324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:19:45.0292 4324 circlass - ok
22:19:45.0339 4324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:19:45.0417 4324 CLFS - ok
22:19:45.0449 4324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:19:45.0480 4324 clr_optimization_v2.0.50727_32 - ok
22:19:45.0527 4324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:19:45.0558 4324 clr_optimization_v2.0.50727_64 - ok
22:19:45.0621 4324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:19:45.0886 4324 clr_optimization_v4.0.30319_32 - ok
22:19:46.0230 4324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:19:46.0278 4324 clr_optimization_v4.0.30319_64 - ok
22:19:46.0340 4324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:19:46.0387 4324 CmBatt - ok
22:19:46.0403 4324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:19:46.0465 4324 cmdide - ok
22:19:46.0575 4324 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:19:46.0653 4324 CNG - ok
22:19:46.0778 4324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:19:46.0825 4324 Compbatt - ok
22:19:46.0965 4324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:19:47.0043 4324 CompositeBus - ok
22:19:47.0090 4324 COMSysApp - ok
22:19:47.0153 4324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:19:47.0184 4324 crcdisk - ok
22:19:47.0294 4324 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
22:19:47.0326 4324 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:19:47.0326 4324 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:19:47.0404 4324 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
22:19:47.0435 4324 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:19:47.0435 4324 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:19:47.0529 4324 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:19:47.0591 4324 CryptSvc - ok
22:19:47.0638 4324 CTAudSvcService (1b8194450eb013cb6e79ce5503d1b0b5) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
22:19:47.0669 4324 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
22:19:47.0669 4324 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
22:19:47.0732 4324 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:19:47.0826 4324 DcomLaunch - ok
22:19:47.0873 4324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:19:47.0951 4324 defragsvc - ok
22:19:47.0982 4324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:19:48.0060 4324 DfsC - ok
22:19:48.0091 4324 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:19:48.0154 4324 Dhcp - ok
22:19:48.0169 4324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:19:48.0216 4324 discache - ok
22:19:48.0248 4324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:19:48.0263 4324 Disk - ok
22:19:48.0342 4324 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:19:48.0405 4324 Dnscache - ok
22:19:48.0467 4324 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:19:48.0577 4324 dot3svc - ok
22:19:48.0608 4324 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:19:48.0655 4324 DPS - ok
22:19:48.0686 4324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:19:48.0702 4324 drmkaud - ok
22:19:48.0749 4324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:19:48.0795 4324 DXGKrnl - ok
22:19:48.0827 4324 eamon (082dab566f704d258d35ba89f21239ca) C:\Windows\system32\DRIVERS\eamon.sys
22:19:48.0858 4324 eamon - ok
22:19:48.0874 4324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:19:48.0952 4324 EapHost - ok
22:19:49.0030 4324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:19:49.0108 4324 ebdrv - ok
22:19:49.0124 4324 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:19:49.0202 4324 EFS - ok
22:19:49.0217 4324 ehdrv (4ff6f92f170550e226b4595766c4d6a6) C:\Windows\system32\DRIVERS\ehdrv.sys
22:19:49.0264 4324 ehdrv - ok
22:19:49.0343 4324 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:19:49.0437 4324 ehRecvr - ok
22:19:49.0453 4324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:19:49.0500 4324 ehSched - ok
22:19:49.0546 4324 EhttpSrv (98b82b6afa03f8f0dd058c3dfcea472a) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
22:19:49.0562 4324 EhttpSrv - ok
22:19:49.0593 4324 ekrn (9737fc97b5c941f083c4e46cbcce2d4a) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
22:19:49.0625 4324 ekrn - ok
22:19:49.0671 4324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:19:49.0687 4324 elxstor - ok
22:19:49.0703 4324 epfwwfpr (71c8cbde6b18f90f19e9c7cb884f87c8) C:\Windows\system32\DRIVERS\epfwwfpr.sys
22:19:49.0734 4324 epfwwfpr - ok
22:19:49.0781 4324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:19:49.0828 4324 ErrDev - ok
22:19:49.0859 4324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:19:49.0906 4324 EventSystem - ok
22:19:49.0937 4324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:19:50.0000 4324 exfat - ok
22:19:50.0015 4324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:19:50.0078 4324 fastfat - ok
22:19:50.0140 4324 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:19:50.0203 4324 Fax - ok
22:19:50.0218 4324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:19:50.0296 4324 fdc - ok
22:19:50.0344 4324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:19:50.0422 4324 fdPHost - ok
22:19:50.0454 4324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:19:50.0500 4324 FDResPub - ok
22:19:50.0532 4324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:19:50.0563 4324 FileInfo - ok
22:19:50.0594 4324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:19:50.0657 4324 Filetrace - ok
22:19:50.0672 4324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:19:50.0688 4324 flpydisk - ok
22:19:50.0719 4324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:19:50.0750 4324 FltMgr - ok
22:19:50.0782 4324 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:19:50.0829 4324 FontCache - ok
22:19:50.0922 4324 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:19:50.0938 4324 FontCache3.0.0.0 - ok
22:19:50.0969 4324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:19:51.0016 4324 FsDepends - ok
22:19:51.0032 4324 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:19:51.0047 4324 Fs_Rec - ok
22:19:51.0094 4324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:19:51.0157 4324 fvevol - ok
22:19:51.0172 4324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:19:51.0204 4324 gagp30kx - ok
22:19:51.0219 4324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:19:51.0235 4324 GEARAspiWDM - ok
22:19:51.0313 4324 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:19:51.0423 4324 gpsvc - ok
22:19:51.0501 4324 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:19:51.0517 4324 gusvc - ok
22:19:51.0533 4324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:19:51.0595 4324 hcw85cir - ok
22:19:51.0736 4324 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:19:51.0798 4324 HdAudAddService - ok
22:19:51.0845 4324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:19:51.0892 4324 HDAudBus - ok
22:19:51.0892 4324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:19:51.0939 4324 HidBatt - ok
22:19:51.0955 4324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:19:51.0970 4324 HidBth - ok
22:19:52.0001 4324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:19:52.0048 4324 HidIr - ok
22:19:52.0080 4324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:19:52.0142 4324 hidserv - ok
22:19:52.0189 4324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:19:52.0236 4324 HidUsb - ok
22:19:52.0298 4324 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:19:52.0393 4324 hkmsvc - ok
22:19:52.0424 4324 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:19:52.0487 4324 HomeGroupListener - ok
22:19:52.0518 4324 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:19:52.0565 4324 HomeGroupProvider - ok
22:19:52.0627 4324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:19:52.0643 4324 HpSAMD - ok
22:19:52.0752 4324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:19:52.0846 4324 HTTP - ok
22:19:52.0893 4324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:19:52.0956 4324 hwpolicy - ok
22:19:53.0002 4324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:19:53.0049 4324 i8042prt - ok
22:19:53.0081 4324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:19:53.0127 4324 iaStorV - ok
22:19:53.0315 4324 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:19:53.0346 4324 idsvc - ok
22:19:53.0378 4324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:19:53.0394 4324 iirsp - ok
22:19:53.0425 4324 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:19:53.0472 4324 IKEEXT - ok
22:19:53.0503 4324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:19:53.0519 4324 intelide - ok
22:19:53.0535 4324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:19:53.0566 4324 intelppm - ok
22:19:53.0597 4324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:19:53.0660 4324 IPBusEnum - ok
22:19:53.0738 4324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:19:53.0832 4324 IpFilterDriver - ok
22:19:53.0878 4324 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:19:53.0941 4324 iphlpsvc - ok
22:19:53.0972 4324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:19:53.0972 4324 IPMIDRV - ok
22:19:54.0019 4324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:19:54.0066 4324 IPNAT - ok
22:19:54.0191 4324 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
22:19:54.0222 4324 iPod Service - ok
22:19:54.0253 4324 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
22:19:54.0300 4324 irda - ok
22:19:54.0332 4324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:19:54.0378 4324 IRENUM - ok
22:19:54.0411 4324 Irmon (3848384ab383f0a8f506c4370635c1f9) C:\Windows\System32\irmon.dll
22:19:54.0489 4324 Irmon - ok
22:19:54.0520 4324 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
22:19:54.0583 4324 irsir - ok
22:19:54.0629 4324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:19:54.0661 4324 isapnp - ok
22:19:54.0708 4324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:19:54.0739 4324 iScsiPrt - ok
22:19:54.0801 4324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:19:54.0833 4324 kbdclass - ok
22:19:54.0848 4324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:19:54.0879 4324 kbdhid - ok
22:19:54.0911 4324 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:19:54.0926 4324 KeyIso - ok
22:19:54.0926 4324 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:19:54.0942 4324 KSecDD - ok
22:19:54.0958 4324 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:19:54.0973 4324 KSecPkg - ok
22:19:55.0004 4324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:19:55.0067 4324 ksthunk - ok
22:19:55.0098 4324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:19:55.0176 4324 KtmRm - ok
22:19:55.0208 4324 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:19:55.0254 4324 LanmanServer - ok
22:19:55.0301 4324 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:19:55.0364 4324 LanmanWorkstation - ok
22:19:55.0395 4324 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
22:19:55.0427 4324 lirsgt - ok
22:19:55.0443 4324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:19:55.0490 4324 lltdio - ok
22:19:55.0537 4324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:19:55.0583 4324 lltdsvc - ok
22:19:55.0599 4324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:19:55.0615 4324 lmhosts - ok
22:19:55.0630 4324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:19:55.0646 4324 LSI_FC - ok
22:19:55.0662 4324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:19:55.0677 4324 LSI_SAS - ok
22:19:55.0708 4324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:19:55.0724 4324 LSI_SAS2 - ok
22:19:55.0740 4324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:19:55.0755 4324 LSI_SCSI - ok
22:19:55.0771 4324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:19:55.0802 4324 luafv - ok
22:19:55.0865 4324 massfilter (035c83cd72e06c47000793d32b1a642d) C:\Windows\system32\drivers\massfilter.sys
22:19:55.0943 4324 massfilter - ok
22:19:56.0005 4324 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:19:56.0037 4324 MBAMProtector - ok
22:19:56.0130 4324 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:19:56.0146 4324 MBAMService - ok
22:19:56.0208 4324 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:19:56.0255 4324 Mcx2Svc - ok
22:19:56.0287 4324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:19:56.0333 4324 megasas - ok
22:19:56.0349 4324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:19:56.0380 4324 MegaSR - ok
22:19:56.0396 4324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:19:56.0491 4324 MMCSS - ok
22:19:56.0569 4324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:19:56.0631 4324 Modem - ok
22:19:56.0647 4324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:19:56.0709 4324 monitor - ok
22:19:56.0756 4324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:19:56.0788 4324 mouclass - ok
22:19:56.0819 4324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:19:56.0866 4324 mouhid - ok
22:19:56.0897 4324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:19:56.0959 4324 mountmgr - ok
22:19:56.0991 4324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:19:57.0022 4324 mpio - ok
22:19:57.0053 4324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:19:57.0131 4324 mpsdrv - ok
22:19:57.0194 4324 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:19:57.0272 4324 MpsSvc - ok
22:19:57.0303 4324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:19:57.0366 4324 MRxDAV - ok
22:19:57.0381 4324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:19:57.0460 4324 mrxsmb - ok
22:19:57.0507 4324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:19:57.0570 4324 mrxsmb10 - ok
22:19:57.0601 4324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:19:57.0617 4324 mrxsmb20 - ok
22:19:57.0664 4324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:19:57.0695 4324 msahci - ok
22:19:57.0726 4324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:19:57.0742 4324 msdsm - ok
22:19:57.0773 4324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:19:57.0789 4324 MSDTC - ok
22:19:57.0820 4324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:19:57.0867 4324 Msfs - ok
22:19:57.0882 4324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:19:57.0929 4324 mshidkmdf - ok
22:19:57.0945 4324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:19:57.0960 4324 msisadrv - ok
22:19:57.0992 4324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:19:58.0039 4324 MSiSCSI - ok
22:19:58.0039 4324 msiserver - ok
22:19:58.0070 4324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:19:58.0132 4324 MSKSSRV - ok
22:19:58.0132 4324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:19:58.0164 4324 MSPCLOCK - ok
22:19:58.0164 4324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:19:58.0210 4324 MSPQM - ok
22:19:58.0242 4324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:19:58.0257 4324 MsRPC - ok
22:19:58.0289 4324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:19:58.0304 4324 mssmbios - ok
22:19:58.0320 4324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:19:58.0351 4324 MSTEE - ok
22:19:58.0367 4324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:19:58.0398 4324 MTConfig - ok
22:19:58.0429 4324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:19:58.0477 4324 Mup - ok
22:19:58.0540 4324 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:19:58.0586 4324 napagent - ok
22:19:58.0649 4324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:19:58.0743 4324 NativeWifiP - ok
22:19:58.0790 4324 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:19:58.0836 4324 NDIS - ok
22:19:58.0868 4324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:19:58.0899 4324 NdisCap - ok
22:19:58.0915 4324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:19:58.0977 4324 NdisTapi - ok
22:19:59.0008 4324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:19:59.0040 4324 Ndisuio - ok
22:19:59.0086 4324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:19:59.0149 4324 NdisWan - ok
22:19:59.0180 4324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:19:59.0227 4324 NDProxy - ok
22:19:59.0243 4324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:19:59.0290 4324 NetBIOS - ok
22:19:59.0321 4324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:19:59.0415 4324 NetBT - ok
22:19:59.0446 4324 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:19:59.0446 4324 Netlogon - ok
22:19:59.0494 4324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:19:59.0556 4324 Netman - ok
22:19:59.0634 4324 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:59.0681 4324 NetMsmqActivator - ok
22:19:59.0681 4324 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:59.0712 4324 NetPipeActivator - ok
22:19:59.0728 4324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:19:59.0775 4324 netprofm - ok
22:19:59.0775 4324 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:59.0791 4324 NetTcpActivator - ok
22:19:59.0791 4324 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:59.0791 4324 NetTcpPortSharing - ok
22:19:59.0806 4324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:19:59.0837 4324 nfrd960 - ok
22:19:59.0884 4324 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:19:59.0931 4324 NlaSvc - ok
22:19:59.0947 4324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:19:59.0978 4324 Npfs - ok
22:19:59.0994 4324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:20:00.0072 4324 nsi - ok
22:20:00.0072 4324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:20:00.0103 4324 nsiproxy - ok
22:20:00.0197 4324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:20:00.0259 4324 Ntfs - ok
22:20:00.0275 4324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:20:00.0322 4324 Null - ok
22:20:00.0353 4324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:20:00.0416 4324 nvraid - ok
22:20:00.0431 4324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:20:00.0478 4324 nvstor - ok
22:20:00.0526 4324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:20:00.0541 4324 nv_agp - ok
22:20:00.0557 4324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:20:00.0573 4324 ohci1394 - ok
22:20:00.0588 4324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:20:00.0651 4324 p2pimsvc - ok
22:20:00.0666 4324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:20:00.0698 4324 p2psvc - ok
22:20:00.0713 4324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:20:00.0729 4324 Parport - ok
22:20:00.0745 4324 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:20:00.0760 4324 partmgr - ok
22:20:00.0776 4324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:20:00.0807 4324 PcaSvc - ok
22:20:00.0823 4324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:20:00.0838 4324 pci - ok
22:20:00.0854 4324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:20:00.0870 4324 pciide - ok
22:20:00.0885 4324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:20:00.0901 4324 pcmcia - ok
22:20:00.0916 4324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:20:00.0932 4324 pcw - ok
22:20:00.0963 4324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:20:01.0010 4324 PEAUTH - ok
22:20:01.0073 4324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:20:01.0088 4324 PerfHost - ok
22:20:01.0151 4324 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:20:01.0229 4324 pla - ok
22:20:01.0276 4324 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:20:01.0323 4324 PlugPlay - ok
22:20:01.0338 4324 PnkBstrA - ok
22:20:01.0354 4324 PnkBstrB - ok
22:20:01.0370 4324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:20:01.0401 4324 PNRPAutoReg - ok
22:20:01.0401 4324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:20:01.0416 4324 PNRPsvc - ok
22:20:01.0448 4324 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:20:01.0495 4324 PolicyAgent - ok
22:20:01.0527 4324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:20:01.0605 4324 Power - ok
22:20:01.0652 4324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:20:01.0746 4324 PptpMiniport - ok
22:20:01.0777 4324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:20:01.0839 4324 Processor - ok
22:20:01.0871 4324 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:20:01.0902 4324 ProfSvc - ok
22:20:01.0949 4324 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:20:01.0980 4324 ProtectedStorage - ok
22:20:02.0011 4324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:20:02.0089 4324 Psched - ok
22:20:02.0121 4324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:20:02.0152 4324 ql2300 - ok
22:20:02.0167 4324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:20:02.0167 4324 ql40xx - ok
22:20:02.0199 4324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:20:02.0214 4324 QWAVE - ok
22:20:02.0230 4324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:20:02.0308 4324 QWAVEdrv - ok
22:20:02.0371 4324 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
22:20:02.0402 4324 RapiMgr - ok
22:20:02.0417 4324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:20:02.0464 4324 RasAcd - ok
22:20:02.0480 4324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:20:02.0511 4324 RasAgileVpn - ok
22:20:02.0528 4324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:20:02.0559 4324 RasAuto - ok
22:20:02.0559 4324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:20:02.0622 4324 Rasl2tp - ok
22:20:02.0653 4324 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:20:02.0684 4324 RasMan - ok
22:20:02.0700 4324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:20:02.0731 4324 RasPppoe - ok
22:20:02.0762 4324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:20:02.0793 4324 RasSstp - ok
22:20:02.0840 4324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:20:02.0950 4324 rdbss - ok
22:20:02.0965 4324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:20:03.0012 4324 rdpbus - ok
22:20:03.0059 4324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:20:03.0075 4324 RDPCDD - ok
22:20:03.0090 4324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:20:03.0168 4324 RDPENCDD - ok
22:20:03.0200 4324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:20:03.0215 4324 RDPREFMP - ok
22:20:03.0262 4324 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:20:03.0293 4324 RDPWD - ok
22:20:03.0325 4324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:20:03.0340 4324 rdyboost - ok
22:20:03.0372 4324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:20:03.0434 4324 RemoteAccess - ok
22:20:03.0465 4324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:20:03.0528 4324 RemoteRegistry - ok
22:20:03.0544 4324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:20:03.0623 4324 RpcEptMapper - ok
22:20:03.0638 4324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:20:03.0685 4324 RpcLocator - ok
22:20:03.0732 4324 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:20:03.0794 4324 RpcSs - ok
22:20:03.0810 4324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:20:03.0857 4324 rspndr - ok
22:20:03.0888 4324 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:20:03.0998 4324 RTL8167 - ok
22:20:04.0044 4324 rzudd (1542f66d82be5a0afb366cc115a8e8e5) C:\Windows\system32\DRIVERS\rzudd.sys
22:20:04.0107 4324 rzudd - ok
22:20:04.0138 4324 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:20:04.0154 4324 SamSs - ok
22:20:04.0185 4324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:20:04.0232 4324 sbp2port - ok
22:20:04.0263 4324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:20:04.0294 4324 SCardSvr - ok
22:20:04.0326 4324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:20:04.0373 4324 scfilter - ok
22:20:04.0435 4324 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:20:04.0498 4324 Schedule - ok
22:20:04.0529 4324 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:20:04.0544 4324 SCPolicySvc - ok
22:20:04.0592 4324 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:20:04.0702 4324 SDRSVC - ok
22:20:04.0733 4324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:20:04.0795 4324 secdrv - ok
22:20:04.0827 4324 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:20:04.0858 4324 seclogon - ok
22:20:04.0874 4324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:20:04.0905 4324 SENS - ok
22:20:04.0920 4324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:20:04.0983 4324 SensrSvc - ok
22:20:04.0999 4324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:20:05.0045 4324 Serenum - ok
22:20:05.0061 4324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:20:05.0170 4324 Serial - ok
22:20:05.0202 4324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:20:05.0249 4324 sermouse - ok
22:20:05.0295 4324 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:20:05.0358 4324 SessionEnv - ok
22:20:05.0374 4324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:20:05.0452 4324 sffdisk - ok
22:20:05.0467 4324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:20:05.0530 4324 sffp_mmc - ok
22:20:05.0561 4324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:20:05.0609 4324 sffp_sd - ok
22:20:05.0625 4324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:20:05.0656 4324 sfloppy - ok
22:20:05.0718 4324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:20:05.0812 4324 SharedAccess - ok
22:20:05.0843 4324 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:20:05.0890 4324 ShellHWDetection - ok
22:20:05.0906 4324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:20:05.0937 4324 SiSRaid2 - ok
22:20:05.0953 4324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:20:05.0968 4324 SiSRaid4 - ok
22:20:05.0984 4324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:20:06.0015 4324 Smb - ok
22:20:06.0031 4324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:20:06.0078 4324 SNMPTRAP - ok
22:20:06.0093 4324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:20:06.0125 4324 spldr - ok
22:20:06.0140 4324 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:20:06.0187 4324 Spooler - ok
22:20:06.0296 4324 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:20:06.0375 4324 sppsvc - ok
22:20:06.0390 4324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:20:06.0453 4324 sppuinotify - ok
22:20:06.0515 4324 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
22:20:06.0562 4324 sptd - ok
22:20:06.0625 4324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:20:06.0704 4324 srv - ok
22:20:06.0735 4324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:20:06.0797 4324 srv2 - ok
22:20:06.0829 4324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:20:06.0860 4324 srvnet - ok
22:20:06.0938 4324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:20:07.0032 4324 SSDPSRV - ok
22:20:07.0047 4324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:20:07.0079 4324 SstpSvc - ok
22:20:07.0141 4324 Steam Client Service - ok
22:20:07.0172 4324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:20:07.0188 4324 stexstor - ok
22:20:07.0250 4324 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:20:07.0313 4324 stisvc - ok
22:20:07.0344 4324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:20:07.0375 4324 swenum - ok
22:20:07.0391 4324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:20:07.0422 4324 swprv - ok
22:20:07.0500 4324 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:20:07.0579 4324 SysMain - ok
22:20:07.0611 4324 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:20:07.0673 4324 TabletInputService - ok
22:20:07.0705 4324 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:20:07.0751 4324 TapiSrv - ok
22:20:07.0783 4324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:20:07.0798 4324 TBS - ok
22:20:07.0876 4324 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:20:07.0923 4324 Tcpip - ok
22:20:07.0955 4324 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:20:07.0986 4324 TCPIP6 - ok
22:20:08.0017 4324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:20:08.0033 4324 tcpipreg - ok
22:20:08.0048 4324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:20:08.0080 4324 TDPIPE - ok
22:20:08.0111 4324 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:20:08.0205 4324 TDTCP - ok
22:20:08.0251 4324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:20:08.0330 4324 tdx - ok
22:20:08.0361 4324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:20:08.0408 4324 TermDD - ok
22:20:08.0439 4324 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:20:08.0501 4324 TermService - ok
22:20:08.0517 4324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:20:08.0564 4324 Themes - ok
22:20:08.0595 4324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:20:08.0627 4324 THREADORDER - ok
22:20:08.0643 4324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:20:08.0721 4324 TrkWks - ok
22:20:08.0752 4324 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:20:08.0799 4324 TrustedInstaller - ok
22:20:08.0846 4324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:20:08.0893 4324 tssecsrv - ok
22:20:08.0924 4324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:20:08.0987 4324 TsUsbFlt - ok
22:20:09.0049 4324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:20:09.0143 4324 tunnel - ok
22:20:09.0159 4324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:20:09.0174 4324 uagp35 - ok
22:20:09.0252 4324 UCManSvc (f7df6654663ad07dab615a7af513d90c) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
22:20:09.0284 4324 UCManSvc ( UnsignedFile.Multi.Generic ) - warning
22:20:09.0284 4324 UCManSvc - detected UnsignedFile.Multi.Generic (1)
22:20:09.0362 4324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:20:09.0440 4324 udfs - ok
22:20:09.0471 4324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:20:09.0502 4324 UI0Detect - ok
22:20:09.0565 4324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:20:09.0627 4324 uliagpkx - ok
22:20:09.0660 4324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:20:09.0707 4324 umbus - ok
22:20:09.0738 4324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:20:09.0785 4324 UmPass - ok
22:20:09.0800 4324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:20:09.0847 4324 upnphost - ok
22:20:09.0910 4324 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:20:10.0003 4324 USBAAPL64 - ok
22:20:10.0050 4324 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:20:10.0113 4324 usbaudio - ok
22:20:10.0144 4324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:20:10.0175 4324 usbccgp - ok
22:20:10.0207 4324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:20:10.0222 4324 usbcir - ok
22:20:10.0238 4324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:20:10.0300 4324 usbehci - ok
22:20:10.0332 4324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:20:10.0425 4324 usbhub - ok
22:20:10.0472 4324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:20:10.0519 4324 usbohci - ok
22:20:10.0550 4324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:20:10.0582 4324 usbprint - ok
22:20:10.0613 4324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:20:10.0676 4324 USBSTOR - ok
22:20:10.0692 4324 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:20:10.0708 4324 usbuhci - ok
22:20:10.0754 4324 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
22:20:10.0770 4324 usb_rndisx - ok
22:20:10.0786 4324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:20:10.0801 4324 UxSms - ok
22:20:10.0833 4324 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:20:10.0848 4324 VaultSvc - ok
22:20:10.0864 4324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:20:10.0879 4324 vdrvroot - ok
22:20:10.0895 4324 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:20:10.0926 4324 vds - ok
22:20:10.0958 4324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:20:10.0958 4324 vga - ok
22:20:10.0973 4324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:20:11.0020 4324 VgaSave - ok
22:20:11.0036 4324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:20:11.0067 4324 vhdmp - ok
22:20:11.0067 4324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:20:11.0098 4324 viaide - ok
22:20:11.0114 4324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:20:11.0129 4324 volmgr - ok
22:20:11.0176 4324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:20:11.0192 4324 volmgrx - ok
22:20:11.0223 4324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:20:11.0301 4324 volsnap - ok
22:20:11.0317 4324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:20:11.0348 4324 vsmraid - ok
22:20:11.0411 4324 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:20:11.0489 4324 VSS - ok
22:20:11.0504 4324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:20:11.0536 4324 vwifibus - ok
22:20:11.0567 4324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:20:11.0629 4324 W32Time - ok
22:20:11.0645 4324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:20:11.0661 4324 WacomPen - ok
22:20:11.0708 4324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:20:11.0802 4324 WANARP - ok
22:20:11.0802 4324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:20:11.0833 4324 Wanarpv6 - ok
22:20:11.0896 4324 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:20:11.0927 4324 WatAdminSvc - ok
22:20:12.0005 4324 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:20:12.0068 4324 wbengine - ok
22:20:12.0083 4324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:20:12.0115 4324 WbioSrvc - ok
22:20:12.0193 4324 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
22:20:12.0240 4324 WcesComm - ok
22:20:12.0271 4324 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:20:12.0349 4324 wcncsvc - ok
22:20:12.0380 4324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:20:12.0412 4324 WcsPlugInService - ok
22:20:12.0443 4324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:20:12.0458 4324 Wd - ok
22:20:12.0490 4324 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
22:20:12.0521 4324 WDC_SAM - ok
22:20:12.0568 4324 WDDMService (334e5ed94d3faff3c44f4d36b1fe1c90) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
22:20:12.0599 4324 WDDMService ( UnsignedFile.Multi.Generic ) - warning
22:20:12.0599 4324 WDDMService - detected UnsignedFile.Multi.Generic (1)
22:20:12.0630 4324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:20:12.0662 4324 Wdf01000 - ok
22:20:12.0677 4324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:20:12.0756 4324 WdiServiceHost - ok
22:20:12.0756 4324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:20:12.0772 4324 WdiSystemHost - ok
22:20:12.0834 4324 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
22:20:12.0850 4324 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
22:20:12.0850 4324 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
22:20:12.0881 4324 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:20:12.0928 4324 WebClient - ok
22:20:12.0944 4324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:20:13.0006 4324 Wecsvc - ok
22:20:13.0022 4324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:20:13.0053 4324 wercplsupport - ok
22:20:13.0100 4324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:20:13.0163 4324 WerSvc - ok
22:20:13.0194 4324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:20:13.0225 4324 WfpLwf - ok
22:20:13.0241 4324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:20:13.0256 4324 WIMMount - ok
22:20:13.0272 4324 WinDefend - ok
22:20:13.0272 4324 WinHttpAutoProxySvc - ok
22:20:13.0319 4324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:20:13.0397 4324 Winmgmt - ok
22:20:13.0475 4324 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:20:13.0538 4324 WinRM - ok
22:20:13.0600 4324 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.SYS
22:20:13.0663 4324 WinUsb - ok
22:20:13.0726 4324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:20:13.0773 4324 Wlansvc - ok
22:20:13.0835 4324 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:20:13.0867 4324 wlcrasvc - ok
22:20:13.0992 4324 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:20:14.0039 4324 wlidsvc - ok
22:20:14.0054 4324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:20:14.0070 4324 WmiAcpi - ok
22:20:14.0085 4324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:20:14.0117 4324 wmiApSrv - ok
22:20:14.0117 4324 WMPNetworkSvc - ok
22:20:14.0148 4324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:20:14.0148 4324 WPCSvc - ok
22:20:14.0210 4324 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:20:14.0242 4324 WPDBusEnum - ok
22:20:14.0257 4324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:20:14.0335 4324 ws2ifsl - ok
22:20:14.0335 4324 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:20:14.0367 4324 wscsvc - ok
22:20:14.0367 4324 WSearch - ok
22:20:14.0460 4324 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:20:14.0539 4324 wuauserv - ok
22:20:14.0570 4324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:20:14.0664 4324 WudfPf - ok
22:20:14.0710 4324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:20:14.0790 4324 WUDFRd - ok
22:20:14.0821 4324 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:20:14.0852 4324 wudfsvc - ok
22:20:14.0852 4324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:20:14.0883 4324 WwanSvc - ok
22:20:14.0915 4324 XENfiltv (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\XENfiltv.sys
22:20:14.0993 4324 XENfiltv - ok
22:20:15.0055 4324 ZTEusbmdm6k (3762b4c538b9d710f85042849c20319f) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
22:20:15.0102 4324 ZTEusbmdm6k - ok
22:20:15.0118 4324 ZTEusbnet (ef5ffa9c46e386f94a684d58b4f14c05) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
22:20:15.0196 4324 ZTEusbnet - ok
22:20:15.0227 4324 ZTEusbnmea (3762b4c538b9d710f85042849c20319f) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
22:20:15.0243 4324 ZTEusbnmea - ok
22:20:15.0274 4324 ZTEusbser6k (3762b4c538b9d710f85042849c20319f) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
22:20:15.0290 4324 ZTEusbser6k - ok
22:20:15.0305 4324 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:20:15.0415 4324 \Device\Harddisk0\DR0 - ok
22:20:15.0415 4324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
22:20:15.0962 4324 \Device\Harddisk2\DR2 - ok
22:20:16.0416 4324 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk3\DR3
22:20:16.0603 4324 \Device\Harddisk3\DR3 - ok
22:20:16.0603 4324 Boot (0x1200) (3682b2a03eff6815f482409972673b46) \Device\Harddisk0\DR0\Partition0
22:20:16.0603 4324 \Device\Harddisk0\DR0\Partition0 - ok
22:20:16.0634 4324 Boot (0x1200) (e4138a2eb1dea682486b3703a5947379) \Device\Harddisk0\DR0\Partition1
22:20:16.0634 4324 \Device\Harddisk0\DR0\Partition1 - ok
22:20:16.0634 4324 Boot (0x1200) (3a7609de7ad4868a8a1ac7d85f55d4ec) \Device\Harddisk2\DR2\Partition0
22:20:16.0650 4324 \Device\Harddisk2\DR2\Partition0 - ok
22:20:16.0650 4324 Boot (0x1200) (66f1d1816e28e1386bfe07728b301868) \Device\Harddisk3\DR3\Partition0
22:20:16.0666 4324 \Device\Harddisk3\DR3\Partition0 - ok
22:20:16.0666 4324 ============================================================
22:20:16.0666 4324 Scan finished
22:20:16.0666 4324 ============================================================
22:20:16.0666 4660 Detected object count: 6
22:20:16.0666 4660 Actual detected object count: 6
22:20:50.0088 4660 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:50.0088 4660 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:20:50.0088 4660 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:50.0088 4660 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:20:50.0088 4660 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:50.0088 4660 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:20:50.0088 4660 UCManSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:50.0088 4660 UCManSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:20:50.0104 4660 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:50.0104 4660 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:20:50.0104 4660 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:50.0104 4660 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:21:42.0060 4420 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:21:42.0107 4420 Browser - ok
22:21:42.0123 4420 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:21:42.0123 4420 Brserid - ok
22:21:42.0154 4420 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:21:42.0170 4420 BrSerWdm - ok
22:21:42.0170 4420 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:21:42.0202 4420 BrUsbMdm - ok
22:21:42.0217 4420 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:21:42.0233 4420 BrUsbSer - ok
22:21:42.0233 4420 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:21:42.0249 4420 BTHMODEM - ok
22:21:42.0280 4420 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:21:42.0327 4420 bthserv - ok
22:21:42.0342 4420 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:21:42.0374 4420 cdfs - ok
22:21:42.0389 4420 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:21:42.0389 4420 cdrom - ok
22:21:42.0436 4420 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:21:42.0452 4420 CertPropSvc - ok
22:21:42.0452 4420 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:21:42.0467 4420 circlass - ok
22:21:42.0483 4420 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:21:42.0499 4420 CLFS - ok
22:21:42.0514 4420 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:42.0530 4420 clr_optimization_v2.0.50727_32 - ok
22:21:42.0561 4420 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:21:42.0577 4420 clr_optimization_v2.0.50727_64 - ok
22:21:42.0608 4420 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:42.0624 4420 clr_optimization_v4.0.30319_32 - ok
22:21:42.0967 4420 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:21:42.0983 4420 clr_optimization_v4.0.30319_64 - ok
22:21:42.0983 4420 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:21:43.0014 4420 CmBatt - ok
22:21:43.0061 4420 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:21:43.0092 4420 cmdide - ok
22:21:43.0155 4420 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:21:43.0187 4420 CNG - ok
22:21:43.0218 4420 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:21:43.0218 4420 Compbatt - ok
22:21:43.0250 4420 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:21:43.0281 4420 CompositeBus - ok
22:21:43.0281 4420 COMSysApp - ok
22:21:43.0312 4420 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:21:43.0312 4420 crcdisk - ok
22:21:43.0375 4420 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
22:21:43.0390 4420 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:21:43.0390 4420 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:21:43.0421 4420 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
22:21:43.0437 4420 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:21:43.0437 4420 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:21:43.0484 4420 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:21:43.0562 4420 CryptSvc - ok
22:21:43.0578 4420 CTAudSvcService (1b8194450eb013cb6e79ce5503d1b0b5) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
22:21:43.0593 4420 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
22:21:43.0593 4420 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
22:21:43.0640 4420 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:21:43.0687 4420 DcomLaunch - ok
22:21:43.0703 4420 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:21:43.0750 4420 defragsvc - ok
22:21:43.0781 4420 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:21:43.0843 4420 DfsC - ok
22:21:43.0859 4420 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:21:43.0875 4420 Dhcp - ok
22:21:43.0890 4420 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:21:43.0906 4420 discache - ok
22:21:43.0921 4420 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:21:43.0921 4420 Disk - ok
22:21:43.0968 4420 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:21:43.0984 4420 Dnscache - ok
22:21:44.0031 4420 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:21:44.0093 4420 dot3svc - ok
22:21:44.0171 4420 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:21:44.0204 4420 DPS - ok
22:21:44.0266 4420 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:21:44.0297 4420 drmkaud - ok
22:21:44.0375 4420 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:21:44.0391 4420 DXGKrnl - ok
22:21:44.0485 4420 eamon (082dab566f704d258d35ba89f21239ca) C:\Windows\system32\DRIVERS\eamon.sys
22:21:44.0516 4420 eamon - ok
22:21:44.0547 4420 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:21:44.0579 4420 EapHost - ok
22:21:44.0844 4420 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:21:44.0875 4420 ebdrv - ok
22:21:44.0922 4420 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:21:44.0922 4420 EFS - ok
22:21:44.0938 4420 ehdrv (4ff6f92f170550e226b4595766c4d6a6) C:\Windows\system32\DRIVERS\ehdrv.sys
22:21:44.0954 4420 ehdrv - ok
22:21:45.0016 4420 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:21:45.0063 4420 ehRecvr - ok
22:21:45.0094 4420 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:21:45.0110 4420 ehSched - ok
22:21:45.0141 4420 EhttpSrv (98b82b6afa03f8f0dd058c3dfcea472a) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
22:21:45.0157 4420 EhttpSrv - ok
22:21:45.0172 4420 ekrn (9737fc97b5c941f083c4e46cbcce2d4a) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
22:21:45.0188 4420 ekrn - ok
22:21:45.0220 4420 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:21:45.0236 4420 elxstor - ok
22:21:45.0267 4420 epfwwfpr (71c8cbde6b18f90f19e9c7cb884f87c8) C:\Windows\system32\DRIVERS\epfwwfpr.sys
22:21:45.0283 4420 epfwwfpr - ok
22:21:45.0314 4420 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:21:45.0330 4420 ErrDev - ok
22:21:45.0392 4420 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:21:45.0470 4420 EventSystem - ok
22:21:45.0486 4420 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:21:45.0548 4420 exfat - ok
22:21:45.0564 4420 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:21:45.0580 4420 fastfat - ok
22:21:45.0642 4420 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:21:45.0658 4420 Fax - ok
22:21:45.0673 4420 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:21:45.0720 4420 fdc - ok
22:21:45.0830 4420 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:21:45.0892 4420 fdPHost - ok
22:21:45.0939 4420 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:21:46.0017 4420 FDResPub - ok
22:21:46.0064 4420 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:21:46.0080 4420 FileInfo - ok
22:21:46.0111 4420 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:21:46.0158 4420 Filetrace - ok
22:21:46.0205 4420 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:21:46.0237 4420 flpydisk - ok
22:21:46.0284 4420 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:21:46.0299 4420 FltMgr - ok
22:21:46.0424 4420 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:21:46.0471 4420 FontCache - ok
22:21:46.0534 4420 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:21:46.0565 4420 FontCache3.0.0.0 - ok
22:21:46.0581 4420 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:21:46.0627 4420 FsDepends - ok
22:21:46.0643 4420 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:21:46.0643 4420 Fs_Rec - ok
22:21:46.0690 4420 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:21:46.0706 4420 fvevol - ok
22:21:46.0721 4420 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:21:46.0721 4420 gagp30kx - ok
22:21:46.0768 4420 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:21:46.0768 4420 GEARAspiWDM - ok
22:21:46.0831 4420 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:21:46.0862 4420 gpsvc - ok
22:21:46.0909 4420 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:21:46.0940 4420 gusvc - ok
22:21:46.0956 4420 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:21:46.0971 4420 hcw85cir - ok
22:21:47.0018 4420 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:21:47.0034 4420 HdAudAddService - ok
22:21:47.0065 4420 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:21:47.0081 4420 HDAudBus - ok
22:21:47.0081 4420 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:21:47.0112 4420 HidBatt - ok
22:21:47.0159 4420 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:21:47.0190 4420 HidBth - ok
22:21:47.0221 4420 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:21:47.0269 4420 HidIr - ok
22:21:47.0316 4420 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:21:47.0347 4420 hidserv - ok
22:21:47.0363 4420 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:21:47.0378 4420 HidUsb - ok
22:21:47.0488 4420 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:21:47.0550 4420 hkmsvc - ok
22:21:47.0613 4420 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:21:47.0644 4420 HomeGroupListener - ok
22:21:47.0738 4420 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:21:47.0753 4420 HomeGroupProvider - ok
22:21:47.0816 4420 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:21:47.0847 4420 HpSAMD - ok
22:21:47.0910 4420 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:21:47.0957 4420 HTTP - ok
22:21:48.0003 4420 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:21:48.0035 4420 hwpolicy - ok
22:21:48.0082 4420 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:21:48.0113 4420 i8042prt - ok
22:21:48.0144 4420 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:21:48.0160 4420 iaStorV - ok
22:21:48.0238 4420 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:21:48.0270 4420 idsvc - ok
22:21:48.0301 4420 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:21:48.0301 4420 iirsp - ok
22:21:48.0333 4420 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:21:48.0364 4420 IKEEXT - ok
22:21:48.0395 4420 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:21:48.0395 4420 intelide - ok
22:21:48.0411 4420 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:21:48.0426 4420 intelppm - ok
22:21:48.0458 4420 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:21:48.0473 4420 IPBusEnum - ok
22:21:48.0520 4420 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:48.0536 4420 IpFilterDriver - ok
22:21:48.0645 4420 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:21:48.0708 4420 iphlpsvc - ok
22:21:48.0739 4420 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:21:48.0754 4420 IPMIDRV - ok
22:21:48.0801 4420 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:21:48.0864 4420 IPNAT - ok
22:21:49.0067 4420 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
22:21:49.0098 4420 iPod Service - ok
22:21:49.0114 4420 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
22:21:49.0145 4420 irda - ok
22:21:49.0176 4420 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:21:49.0192 4420 IRENUM - ok
22:21:49.0192 4420 Irmon (3848384ab383f0a8f506c4370635c1f9) C:\Windows\System32\irmon.dll
22:21:49.0208 4420 Irmon - ok
22:21:49.0223 4420 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
22:21:49.0223 4420 irsir - ok
22:21:49.0239 4420 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:21:49.0254 4420 isapnp - ok
22:21:49.0287 4420 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:21:49.0302 4420 iScsiPrt - ok
22:21:49.0349 4420 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:21:49.0380 4420 kbdclass - ok
22:21:49.0380 4420 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:21:49.0396 4420 kbdhid - ok
22:21:49.0474 4420 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:49.0505 4420 KeyIso - ok
22:21:49.0537 4420 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:21:49.0552 4420 KSecDD - ok
22:21:49.0583 4420 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:21:49.0599 4420 KSecPkg - ok
22:21:49.0599 4420 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:21:49.0630 4420 ksthunk - ok
22:21:49.0662 4420 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:21:49.0724 4420 KtmRm - ok
22:21:49.0755 4420 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:21:49.0787 4420 LanmanServer - ok
22:21:49.0880 4420 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:21:49.0943 4420 LanmanWorkstation - ok
22:21:49.0990 4420 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
22:21:49.0990 4420 lirsgt - ok
22:21:50.0005 4420 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:21:50.0037 4420 lltdio - ok
22:21:50.0068 4420 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:21:50.0083 4420 lltdsvc - ok
22:21:50.0115 4420 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:21:50.0130 4420 lmhosts - ok
22:21:50.0146 4420 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:21:50.0146 4420 LSI_FC - ok
22:21:50.0162 4420 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:21:50.0162 4420 LSI_SAS - ok
22:21:50.0177 4420 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:21:50.0193 4420 LSI_SAS2 - ok
22:21:50.0208 4420 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:21:50.0208 4420 LSI_SCSI - ok
22:21:50.0224 4420 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:21:50.0255 4420 luafv - ok
22:21:50.0288 4420 massfilter (035c83cd72e06c47000793d32b1a642d) C:\Windows\system32\drivers\massfilter.sys
22:21:50.0303 4420 massfilter - ok
22:21:50.0350 4420 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:21:50.0381 4420 MBAMProtector - ok
22:21:50.0459 4420 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:21:50.0491 4420 MBAMService - ok
22:21:50.0538 4420 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:21:50.0553 4420 Mcx2Svc - ok
22:21:50.0569 4420 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:21:50.0569 4420 megasas - ok
22:21:50.0584 4420 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:21:50.0616 4420 MegaSR - ok
22:21:50.0647 4420 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:21:50.0678 4420 MMCSS - ok
22:21:50.0678 4420 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:21:50.0709 4420 Modem - ok
22:21:50.0741 4420 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:21:50.0741 4420 monitor - ok
22:21:50.0756 4420 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:21:50.0772 4420 mouclass - ok
22:21:50.0788 4420 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:21:50.0803 4420 mouhid - ok
22:21:50.0881 4420 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:21:50.0928 4420 mountmgr - ok
22:21:50.0975 4420 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:21:51.0006 4420 mpio - ok
22:21:51.0038 4420 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:21:51.0069 4420 mpsdrv - ok
22:21:51.0131 4420 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:21:51.0194 4420 MpsSvc - ok
22:21:51.0241 4420 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:21:51.0272 4420 MRxDAV - ok
22:21:51.0320 4420 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:51.0335 4420 mrxsmb - ok
22:21:51.0382 4420 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:51.0382 4420 mrxsmb10 - ok
22:21:51.0398 4420 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:51.0429 4420 mrxsmb20 - ok
22:21:51.0460 4420 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:21:51.0492 4420 msahci - ok
22:21:51.0507 4420 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:21:51.0523 4420 msdsm - ok
22:21:51.0554 4420 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:21:51.0570 4420 MSDTC - ok
22:21:51.0585 4420 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:21:51.0617 4420 Msfs - ok
22:21:51.0632 4420 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:21:51.0648 4420 mshidkmdf - ok
22:21:51.0664 4420 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:21:51.0664 4420 msisadrv - ok
22:21:51.0695 4420 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:21:51.0710 4420 MSiSCSI - ok
22:21:51.0726 4420 msiserver - ok
22:21:51.0742 4420 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:21:51.0757 4420 MSKSSRV - ok
22:21:51.0773 4420 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:51.0789 4420 MSPCLOCK - ok
22:21:51.0820 4420 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:21:51.0851 4420 MSPQM - ok
22:21:51.0929 4420 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:21:51.0945 4420 MsRPC - ok
22:21:52.0007 4420 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:21:52.0039 4420 mssmbios - ok
22:21:52.0054 4420 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:21:52.0085 4420 MSTEE - ok
22:21:52.0148 4420 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:21:52.0179 4420 MTConfig - ok
22:21:52.0195 4420 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:21:52.0226 4420 Mup - ok
22:21:52.0273 4420 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:21:52.0336 4420 napagent - ok
22:21:52.0368 4420 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:21:52.0383 4420 NativeWifiP - ok
22:21:52.0399 4420 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:21:52.0415 4420 NDIS - ok
22:21:52.0430 4420 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:21:52.0461 4420 NdisCap - ok
22:21:52.0477 4420 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:52.0508 4420 NdisTapi - ok
22:21:52.0540 4420 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:52.0555 4420 Ndisuio - ok
22:21:52.0602 4420 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:52.0618 4420 NdisWan - ok
22:21:52.0665 4420 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:21:52.0680 4420 NDProxy - ok
22:21:52.0696 4420 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:21:52.0711 4420 NetBIOS - ok
22:21:52.0743 4420 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:21:52.0774 4420 NetBT - ok
22:21:52.0805 4420 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:52.0836 4420 Netlogon - ok
22:21:52.0852 4420 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:21:52.0883 4420 Netman - ok
22:21:53.0008 4420 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:53.0040 4420 NetMsmqActivator - ok
22:21:53.0040 4420 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:53.0040 4420 NetPipeActivator - ok
22:21:53.0086 4420 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:21:53.0118 4420 netprofm - ok
22:21:53.0133 4420 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:53.0133 4420 NetTcpActivator - ok
22:21:53.0149 4420 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:21:53.0149 4420 NetTcpPortSharing - ok
22:21:53.0165 4420 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:21:53.0180 4420 nfrd960 - ok
22:21:53.0211 4420 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:21:53.0258 4420 NlaSvc - ok
22:21:53.0274 4420 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:21:53.0305 4420 Npfs - ok
22:21:53.0321 4420 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:21:53.0353 4420 nsi - ok
22:21:53.0369 4420 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:21:53.0384 4420 nsiproxy - ok
22:21:53.0447 4420 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:21:53.0478 4420 Ntfs - ok
22:21:53.0494 4420 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:21:53.0525 4420 Null - ok
22:21:53.0541 4420 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:21:53.0541 4420 nvraid - ok
22:21:53.0556 4420 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:21:53.0556 4420 nvstor - ok
22:21:53.0587 4420 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:21:53.0603 4420 nv_agp - ok
22:21:53.0634 4420 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:21:53.0666 4420 ohci1394 - ok
22:21:53.0681 4420 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:21:53.0697 4420 p2pimsvc - ok
22:21:53.0744 4420 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:21:53.0759 4420 p2psvc - ok
22:21:53.0775 4420 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:21:53.0791 4420 Parport - ok
22:21:53.0806 4420 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:21:53.0806 4420 partmgr - ok
22:21:53.0822 4420 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:21:53.0837 4420 PcaSvc - ok
22:21:53.0900 4420 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:21:53.0916 4420 pci - ok
22:21:53.0931 4420 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:21:53.0947 4420 pciide - ok
22:21:54.0009 4420 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:21:54.0009 4420 pcmcia - ok
22:21:54.0072 4420 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:21:54.0087 4420 pcw - ok
22:21:54.0150 4420 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:21:54.0197 4420 PEAUTH - ok
22:21:54.0275 4420 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:21:54.0306 4420 PerfHost - ok
22:21:54.0510 4420 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:21:54.0573 4420 pla - ok
22:21:54.0620 4420 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:21:54.0635 4420 PlugPlay - ok
22:21:54.0635 4420 PnkBstrA - ok
22:21:54.0651 4420 PnkBstrB - ok
22:21:54.0666 4420 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:21:54.0682 4420 PNRPAutoReg - ok
22:21:54.0698 4420 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:21:54.0713 4420 PNRPsvc - ok
22:21:54.0760 4420 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:21:54.0776 4420 PolicyAgent - ok
22:21:54.0807 4420 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:21:54.0823 4420 Power - ok
22:21:54.0885 4420 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:21:54.0963 4420 PptpMiniport - ok
22:21:54.0979 4420 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:21:54.0995 4420 Processor - ok
22:21:54.0995 4420 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:21:55.0041 4420 ProfSvc - ok
22:21:55.0073 4420 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:55.0088 4420 ProtectedStorage - ok
22:21:55.0135 4420 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:21:55.0198 4420 Psched - ok
22:21:55.0338 4420 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:21:55.0386 4420 ql2300 - ok
22:21:55.0433 4420 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:21:55.0449 4420 ql40xx - ok
22:21:55.0480 4420 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:21:55.0527 4420 QWAVE - ok
22:21:55.0574 4420 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:21:55.0589 4420 QWAVEdrv - ok
22:21:55.0683 4420 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
22:21:55.0714 4420 RapiMgr - ok
22:21:55.0714 4420 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:21:55.0777 4420 RasAcd - ok
22:21:55.0777 4420 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:21:55.0808 4420 RasAgileVpn - ok
22:21:55.0824 4420 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:21:55.0839 4420 RasAuto - ok
22:21:55.0902 4420 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:21:55.0980 4420 Rasl2tp - ok
22:21:56.0011 4420 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:21:56.0042 4420 RasMan - ok
22:21:56.0058 4420 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:21:56.0074 4420 RasPppoe - ok
22:21:56.0089 4420 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:21:56.0121 4420 RasSstp - ok
22:21:56.0167 4420 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:21:56.0199 4420 rdbss - ok
22:21:56.0230 4420 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:21:56.0246 4420 rdpbus - ok
22:21:56.0246 4420 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:21:56.0277 4420 RDPCDD - ok
22:21:56.0292 4420 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:21:56.0308 4420 RDPENCDD - ok
22:21:56.0324 4420 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:21:56.0339 4420 RDPREFMP - ok
22:21:56.0403 4420 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:21:56.0450 4420 RDPWD - ok
22:21:56.0528 4420 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:21:56.0559 4420 rdyboost - ok
22:21:56.0590 4420 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:21:56.0622 4420 RemoteAccess - ok
22:21:56.0653 4420 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:21:56.0668 4420 RemoteRegistry - ok
22:21:56.0684 4420 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:21:56.0700 4420 RpcEptMapper - ok
22:21:56.0715 4420 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:21:56.0731 4420 RpcLocator - ok
22:21:56.0778 4420 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:21:56.0793 4420 RpcSs - ok
22:21:56.0825 4420 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:21:56.0840 4420 rspndr - ok
22:21:56.0872 4420 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:21:56.0887 4420 RTL8167 - ok
22:21:56.0903 4420 rzudd (1542f66d82be5a0afb366cc115a8e8e5) C:\Windows\system32\DRIVERS\rzudd.sys
22:21:56.0903 4420 rzudd - ok
22:21:56.0934 4420 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:56.0950 4420 SamSs - ok
22:21:56.0981 4420 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:21:56.0981 4420 sbp2port - ok
22:21:57.0012 4420 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:21:57.0028 4420 SCardSvr - ok
22:21:57.0090 4420 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:21:57.0137 4420 scfilter - ok
22:21:57.0168 4420 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:21:57.0231 4420 Schedule - ok
22:21:57.0278 4420 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:21:57.0340 4420 SCPolicySvc - ok
22:21:57.0372 4420 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:21:57.0387 4420 SDRSVC - ok
22:21:57.0407 4420 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:21:57.0454 4420 secdrv - ok
22:21:57.0485 4420 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:21:57.0516 4420 seclogon - ok
22:21:57.0532 4420 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:21:57.0547 4420 SENS - ok
22:21:57.0547 4420 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:21:57.0563 4420 SensrSvc - ok
22:21:57.0579 4420 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:21:57.0594 4420 Serenum - ok
22:21:57.0594 4420 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:21:57.0641 4420 Serial - ok
22:21:57.0657 4420 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:21:57.0657 4420 sermouse - ok
22:21:57.0672 4420 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:21:57.0704 4420 SessionEnv - ok
22:21:57.0719 4420 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:21:57.0719 4420 sffdisk - ok
22:21:57.0735 4420 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:21:57.0750 4420 sffp_mmc - ok
22:21:57.0797 4420 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:21:57.0813 4420 sffp_sd - ok
22:21:57.0891 4420 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:21:57.0922 4420 sfloppy - ok
22:21:57.0985 4420 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:21:58.0032 4420 SharedAccess - ok
22:21:58.0079 4420 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:21:58.0125 4420 ShellHWDetection - ok
22:21:58.0141 4420 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:21:58.0157 4420 SiSRaid2 - ok
22:21:58.0172 4420 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:21:58.0188 4420 SiSRaid4 - ok
22:21:58.0204 4420 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:21:58.0219 4420 Smb - ok
22:21:58.0235 4420 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:21:58.0250 4420 SNMPTRAP - ok
22:21:58.0266 4420 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:21:58.0266 4420 spldr - ok
22:21:58.0282 4420 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:21:58.0313 4420 Spooler - ok
22:21:58.0423 4420 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:21:58.0486 4420 sppsvc - ok
22:21:58.0501 4420 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:21:58.0533 4420 sppuinotify - ok
22:21:58.0580 4420 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
22:21:58.0595 4420 sptd - ok
22:21:58.0642 4420 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:21:58.0673 4420 srv - ok
22:21:58.0689 4420 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:21:58.0705 4420 srv2 - ok
22:21:58.0720 4420 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:21:58.0736 4420 srvnet - ok
22:21:58.0767 4420 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:21:58.0814 4420 SSDPSRV - ok
22:21:58.0861 4420 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:21:58.0908 4420 SstpSvc - ok
22:21:59.0017 4420 Steam Client Service - ok
22:21:59.0064 4420 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:21:59.0064 4420 stexstor - ok
22:21:59.0158 4420 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:21:59.0189 4420 stisvc - ok
22:21:59.0236 4420 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:21:59.0236 4420 swenum - ok
22:21:59.0251 4420 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:21:59.0283 4420 swprv - ok
22:21:59.0361 4420 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:21:59.0392 4420 SysMain - ok
22:21:59.0440 4420 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:21:59.0487 4420 TabletInputService - ok
22:21:59.0502 4420 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:21:59.0534 4420 TapiSrv - ok
22:21:59.0549 4420 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:21:59.0581 4420 TBS - ok
22:21:59.0643 4420 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:21:59.0690 4420 Tcpip - ok
22:21:59.0721 4420 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:21:59.0737 4420 TCPIP6 - ok
22:21:59.0784 4420 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:21:59.0846 4420 tcpipreg - ok
22:21:59.0862 4420 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:21:59.0893 4420 TDPIPE - ok
22:21:59.0956 4420 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:22:00.0018 4420 TDTCP - ok
22:22:00.0049 4420 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:22:00.0081 4420 tdx - ok
22:22:00.0096 4420 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:22:00.0112 4420 TermDD - ok
22:22:00.0159 4420 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:22:00.0237 4420 TermService - ok
22:22:00.0252 4420 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:22:00.0268 4420 Themes - ok
22:22:00.0299 4420 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:22:00.0331 4420 THREADORDER - ok
22:22:00.0346 4420 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:22:00.0377 4420 TrkWks - ok
22:22:00.0393 4420 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:22:00.0424 4420 TrustedInstaller - ok
22:22:00.0472 4420 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:22:00.0488 4420 tssecsrv - ok
22:22:00.0503 4420 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:22:00.0535 4420 TsUsbFlt - ok
22:22:00.0566 4420 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:22:00.0582 4420 tunnel - ok
22:22:00.0613 4420 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:22:00.0613 4420 uagp35 - ok
22:22:00.0691 4420 UCManSvc (f7df6654663ad07dab615a7af513d90c) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
22:22:00.0722 4420 UCManSvc ( UnsignedFile.Multi.Generic ) - warning
22:22:00.0722 4420 UCManSvc - detected UnsignedFile.Multi.Generic (1)
22:22:00.0769 4420 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:22:00.0847 4420 udfs - ok
22:22:00.0941 4420 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:22:00.0972 4420 UI0Detect - ok
22:22:01.0019 4420 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:22:01.0050 4420 uliagpkx - ok
22:22:01.0082 4420 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:22:01.0082 4420 umbus - ok
22:22:01.0113 4420 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:22:01.0144 4420 UmPass - ok
22:22:01.0160 4420 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:22:01.0191 4420 upnphost - ok
22:22:01.0238 4420 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:22:01.0253 4420 USBAAPL64 - ok
22:22:01.0285 4420 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:22:01.0300 4420 usbaudio - ok
22:22:01.0347 4420 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:22:01.0363 4420 usbccgp - ok
22:22:01.0394 4420 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:22:01.0410 4420 usbcir - ok
22:22:01.0425 4420 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:22:01.0425 4420 usbehci - ok
22:22:01.0457 4420 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:22:01.0504 4420 usbhub - ok
22:22:01.0520 4420 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:22:01.0536 4420 usbohci - ok
22:22:01.0551 4420 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:22:01.0583 4420 usbprint - ok
22:22:01.0614 4420 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:22:01.0645 4420 USBSTOR - ok
22:22:01.0661 4420 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:22:01.0692 4420 usbuhci - ok
22:22:01.0723 4420 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
22:22:01.0754 4420 usb_rndisx - ok
22:22:01.0770 4420 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:22:01.0801 4420 UxSms - ok
22:22:01.0864 4420 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:22:01.0895 4420 VaultSvc - ok
22:22:01.0911 4420 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:22:01.0926 4420 vdrvroot - ok
22:22:01.0989 4420 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:22:02.0067 4420 vds - ok
22:22:02.0114 4420 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:22:02.0129 4420 vga - ok
22:22:02.0145 4420 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:22:02.0176 4420 VgaSave - ok
22:22:02.0208 4420 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:22:02.0208 4420 vhdmp - ok
22:22:02.0223 4420 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:22:02.0239 4420 viaide - ok
22:22:02.0254 4420 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:22:02.0254 4420 volmgr - ok
22:22:02.0301 4420 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:22:02.0317 4420 volmgrx - ok
22:22:02.0333 4420 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:22:02.0348 4420 volsnap - ok
22:22:02.0379 4420 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:22:02.0411 4420 vsmraid - ok
22:22:02.0490 4420 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:22:02.0552 4420 VSS - ok
22:22:02.0552 4420 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:22:02.0568 4420 vwifibus - ok
22:22:02.0599 4420 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:22:02.0615 4420 W32Time - ok
22:22:02.0630 4420 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:22:02.0630 4420 WacomPen - ok
22:22:02.0646 4420 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:22:02.0662 4420 WANARP - ok
22:22:02.0662 4420 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:22:02.0693 4420 Wanarpv6 - ok
22:22:02.0755 4420 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:22:02.0818 4420 WatAdminSvc - ok
22:22:02.0896 4420 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:22:02.0912 4420 wbengine - ok
22:22:02.0943 4420 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:22:02.0958 4420 WbioSrvc - ok
22:22:03.0037 4420 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
22:22:03.0068 4420 WcesComm - ok
22:22:03.0130 4420 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:22:03.0177 4420 wcncsvc - ok
22:22:03.0193 4420 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:22:03.0208 4420 WcsPlugInService - ok
22:22:03.0240 4420 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:22:03.0240 4420 Wd - ok
22:22:03.0271 4420 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
22:22:03.0271 4420 WDC_SAM - ok
22:22:03.0302 4420 WDDMService (334e5ed94d3faff3c44f4d36b1fe1c90) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
22:22:03.0318 4420 WDDMService ( UnsignedFile.Multi.Generic ) - warning
22:22:03.0318 4420 WDDMService - detected UnsignedFile.Multi.Generic (1)
22:22:03.0333 4420 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:22:03.0349 4420 Wdf01000 - ok
22:22:03.0365 4420 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:22:03.0380 4420 WdiServiceHost - ok
22:22:03.0380 4420 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:22:03.0396 4420 WdiSystemHost - ok
22:22:03.0443 4420 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
22:22:03.0458 4420 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
22:22:03.0458 4420 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
22:22:03.0522 4420 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:22:03.0569 4420 WebClient - ok
22:22:03.0584 4420 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:22:03.0631 4420 Wecsvc - ok
22:22:03.0647 4420 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:22:03.0663 4420 wercplsupport - ok
22:22:03.0678 4420 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:22:03.0694 4420 WerSvc - ok
22:22:03.0709 4420 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:22:03.0741 4420 WfpLwf - ok
22:22:03.0756 4420 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:22:03.0756 4420 WIMMount - ok
22:22:03.0772 4420 WinDefend - ok
22:22:03.0772 4420 WinHttpAutoProxySvc - ok
22:22:03.0819 4420 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:22:03.0881 4420 Winmgmt - ok
22:22:03.0959 4420 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:22:04.0006 4420 WinRM - ok
22:22:04.0038 4420 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.SYS
22:22:04.0038 4420 WinUsb - ok
22:22:04.0084 4420 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:22:04.0131 4420 Wlansvc - ok
22:22:04.0163 4420 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:22:04.0178 4420 wlcrasvc - ok
22:22:04.0319 4420 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:22:04.0350 4420 wlidsvc - ok
22:22:04.0366 4420 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:22:04.0366 4420 WmiAcpi - ok
22:22:04.0397 4420 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:22:04.0397 4420 wmiApSrv - ok
22:22:04.0413 4420 WMPNetworkSvc - ok
22:22:04.0428 4420 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:22:04.0428 4420 WPCSvc - ok
22:22:04.0475 4420 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:22:04.0506 4420 WPDBusEnum - ok
22:22:04.0557 4420 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:22:04.0588 4420 ws2ifsl - ok
22:22:04.0604 4420 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:22:04.0620 4420 wscsvc - ok
22:22:04.0635 4420 WSearch - ok
22:22:04.0698 4420 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:22:04.0760 4420 wuauserv - ok
22:22:04.0807 4420 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:22:04.0870 4420 WudfPf - ok
22:22:04.0885 4420 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:22:04.0916 4420 WUDFRd - ok
22:22:04.0948 4420 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:22:04.0995 4420 wudfsvc - ok
22:22:05.0010 4420 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:22:05.0026 4420 WwanSvc - ok
22:22:05.0057 4420 XENfiltv (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\XENfiltv.sys
22:22:05.0073 4420 XENfiltv - ok
22:22:05.0120 4420 ZTEusbmdm6k (3762b4c538b9d710f85042849c20319f) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
22:22:05.0135 4420 ZTEusbmdm6k - ok
22:22:05.0166 4420 ZTEusbnet (ef5ffa9c46e386f94a684d58b4f14c05) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
22:22:05.0182 4420 ZTEusbnet - ok
22:22:05.0198 4420 ZTEusbnmea (3762b4c538b9d710f85042849c20319f) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
22:22:05.0213 4420 ZTEusbnmea - ok
22:22:05.0229 4420 ZTEusbser6k (3762b4c538b9d710f85042849c20319f) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
22:22:05.0229 4420 ZTEusbser6k - ok
22:22:05.0245 4420 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:22:05.0338 4420 \Device\Harddisk0\DR0 - ok
22:22:05.0354 4420 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
22:22:05.0495 4420 \Device\Harddisk2\DR2 - ok
22:22:05.0510 4420 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk3\DR3
22:22:05.0714 4420 \Device\Harddisk3\DR3 - ok
22:22:05.0730 4420 Boot (0x1200) (3682b2a03eff6815f482409972673b46) \Device\Harddisk0\DR0\Partition0
22:22:05.0730 4420 \Device\Harddisk0\DR0\Partition0 - ok
22:22:05.0746 4420 Boot (0x1200) (e4138a2eb1dea682486b3703a5947379) \Device\Harddisk0\DR0\Partition1
22:22:05.0746 4420 \Device\Harddisk0\DR0\Partition1 - ok
22:22:05.0746 4420 Boot (0x1200) (3a7609de7ad4868a8a1ac7d85f55d4ec) \Device\Harddisk2\DR2\Partition0
22:22:05.0746 4420 \Device\Harddisk2\DR2\Partition0 - ok
22:22:05.0761 4420 Boot (0x1200) (66f1d1816e28e1386bfe07728b301868) \Device\Harddisk3\DR3\Partition0
22:22:05.0777 4420 \Device\Harddisk3\DR3\Partition0 - ok
22:22:05.0777 4420 ============================================================
22:22:05.0777 4420 Scan finished
22:22:05.0777 4420 ============================================================
22:22:05.0777 1548 Detected object count: 6
22:22:05.0777 1548 Actual detected object count: 6
22:22:19.0508 1548 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:22:19.0508 1548 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:22:19.0524 1548 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:22:19.0524 1548 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:22:19.0524 1548 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
22:22:19.0524 1548 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:22:19.0524 1548 UCManSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:22:19.0524 1548 UCManSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:22:19.0524 1548 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
22:22:19.0524 1548 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:22:19.0524 1548 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
22:22:19.0524 1548 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip

#5 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:34 PM

Posted 09 April 2012 - 05:30 PM

Good job, now we need to dig a little deeper.

STEP 1
NOTE: If you have already used Combofix please delete the icon from your desktop.
  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
STEP 2
Please download ComboFix Posted Image from one of the locations below and save it to your Desktop. <-Important!!!
Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.
-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.



#6 F338LE1

F338LE1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 10 April 2012 - 12:32 AM

Hi,

Looking at the log I seem to not have properly disabled Windows Defender. Should I run it again?

---------------------------------------------------------
ComboFix 12-04-08.02 - Greattech.se 2012-04-10 7:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1053.18.6143.4154 [GMT 2:00]
Running from: c:\users\Greattech.se\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Windows
c:\programdata\windows\ccdxmmde.dat
c:\programdata\windows\drss.dat
c:\programdata\windows\xessmsxe.dat
F:\Autorun.inf
F:\setup.exe
H:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 05:21 . 2012-04-10 05:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-10 05:15 . 2012-04-10 05:15 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6731976-EC83-496B-948A-A37B344F8A0C}\offreg.dll
2012-04-09 20:04 . 2012-04-09 20:04 -------- d-----w- c:\users\Greattech.se\AppData\Roaming\Malwarebytes
2012-04-09 20:04 . 2012-04-09 20:04 -------- d-----w- c:\programdata\Malwarebytes
2012-04-09 20:04 . 2012-04-09 20:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-09 20:04 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-09 19:52 . 2012-04-09 19:52 -------- d-----w- c:\windows\Microsoft Antimalware
2012-04-05 10:02 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6731976-EC83-496B-948A-A37B344F8A0C}\mpengine.dll
2012-03-26 19:59 . 2012-03-26 19:59 -------- d-----w- c:\users\Greattech.se\AppData\Roaming\Nitroplus
2012-03-26 19:41 . 2012-03-27 04:39 -------- d-----w- c:\programdata\paltiosoft
2012-03-26 19:41 . 2012-03-26 19:41 -------- d-----w- c:\windows\ucharge
2012-03-26 19:41 . 2012-03-26 19:41 -------- d-----w- c:\program files (x86)\SoftDenchi
2012-03-26 19:35 . 2012-03-26 19:35 -------- d-----w- c:\program files (x86)\Nitroplus
2012-03-26 19:35 . 2004-10-22 00:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-20 06:47 . 2012-03-20 06:47 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-20 05:35 . 2012-03-20 05:35 -------- d-----w- c:\programdata\ATI
2012-03-20 05:29 . 2012-03-20 05:29 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-20 05:29 . 2012-03-20 05:29 -------- d-----w- c:\program files\AMD
2012-03-20 05:29 . 2012-03-20 05:29 -------- d-----w- c:\program files (x86)\AMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 07:18 . 2010-09-03 17:42 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 16:49 . 2011-05-26 04:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-30 10:29 . 2012-01-30 10:29 136704 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2012-01-30 10:29 . 2012-01-30 10:29 278528 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2012-01-30 10:29 . 2012-01-30 10:29 164864 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
2012-01-14 04:06 . 2012-02-22 16:23 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-12 15:34 . 2012-01-12 15:34 74240 ----a-w- c:\windows\system32\drivers\rzudd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Greattech.se\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Greattech.se\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Greattech.se\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"e-kort"="c:\progra~2\ekort\ekort.exe" [2008-12-11 377856]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-01-30 315272]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Greattech.se\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Greattech.se\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MCtlSvc.lnk - c:\program files (x86)\Connect Manager\Bin\mcserver.exe [2011-7-12 63248]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-01-02 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-02 79360]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Aktiveringsteknologier for Windows-tjanst;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 UCManSvc;UCManSvc;c:\program files (x86)\SoftDenchi\UCManSvc.exe [2010-03-12 241808]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Greattech.se\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Greattech.se\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Greattech.se\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Greattech.se\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2716216]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.188.0.1
FF - ProfilePath - c:\users\Greattech.se\AppData\Roaming\Mozilla\Firefox\Profiles\fnmx35cm.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1733685737-1290681194-4289269325-1000\Software\KISS\ォ0ケ0ソ0・・、0ノ03*D*]
"InstallPath"="c:\\KISS\\CustomMaid3D\\カスタムメイド3D"
.
[HKEY_USERS\S-1-5-21-1733685737-1290681194-4289269325-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1733685737-1290681194-4289269325-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-1733685737-1290681194-4289269325-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-1733685737-1290681194-4289269325-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ォ0ケ0ソ0・・、0ノ03*D*]
"DisplayName"="カスタムメイド3D"
"UninstallString"="c:\\KISS\\CustomMaid3D\\カスタムメイド3D\\Installer.exe /luninst1"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-10 07:22:53
ComboFix-quarantined-files.txt 2012-04-10 05:22
.
Pre-Run: 208?154?935?296 byte ledigt
Post-Run: 209?833?840?640 byte ledigt
.
- - End Of File - - 6BB0950D9B9FAB8C981F2817932BF5A7

#7 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:34 PM

Posted 10 April 2012 - 09:14 AM

There is nothing of significance showing up in your logs. Your Anti Virus reported the infection as : Java/trojanDownloader.agent : so we need to clean out the Java cache. Follow the instructions to run TFC which will clean out the cache and remove all temporary files from the system.

Follow this with the instructions to run an on-line scan with F-secure and post the results.

After this is complete, please run the PC for a while and let me know if the symptoms are still present.

Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
When the window opens click on Start. It will close all running programs and clear the desktop icons.
When complete you will be asked to reboot, accept the request and your PC will reboot automatically.


Please perform this online scan: http://www.f-secure.com/en_EMEA/security/security-lab/tools-and-services/online-scanner/'>F-Secure Online Scanner
On the opening page click on the big icon next to Online Virus Scanner
On the next page you will see a box with Run F-Secure Online Scanner now: at the top. Leave the language box on English, check the box to accept the licence terms and then click on the Run Check box.
You may receive an alert on the address bar at this point to install the ActiveX control.
Click on that alert and then click "Install ActiveX component".
Read the license agreement and click "Accept".
Click "Full System Scan" to download the scanning components. The download progress will be displayed and may take a long time depending on the speed of your internet connection. When the download completes the scan will start automatically.
When the scan completes, click the "I want to decide file by file" button and untick the box Send malware sample to F-Secure.
Click on the Next> button.
Just below the boxes in the Clean column click on None to clear the check marks from all items and then click on Next. On the next page click on Full report, after a short delay a web page will open. Highlight and copy the entire report (you need not include the Options section or anything below it) and Paste it into your next post.

#8 F338LE1

F338LE1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 10 April 2012 - 10:49 AM

I will run it for a while and see how it handles. So far I haven't had the browser redirect or open new windows.


-------------------------------------------------
Scanning Report
Tuesday, April 10, 2012 16:58:06 - 17:33:16

Computer name: GREATTECH
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ F:\ H:\
4 malware found
Gen:Variant.Kazy.7163 (spyware)

System (Not cleaned)

TrackingCookie.2o7 (spyware)

System (Not cleaned)

Suspicious:W32/Malware!Gemini (spyware)

System (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

C:\GAMES\SKYRIM\SKYRIM4GB.EXE (Not cleaned)

Statistics
Scanned:

Files: 88549
System: 7026
Not scanned: 187

Actions:

Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 4
Submitted: 0

Files not scanned:

C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\BE9BA1C0B5EEBFC264D7A4924A56531C45489EA8.HOMEGROUPCLASSIFIER\D073B24F181AB2CE8473A9018DD2AB4E\GROUPING\DB.MDB
C:\WINDOWS\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-0.BIN
C:\USERS\GREATTECH.SE\APPDATA\LOCAL\TEMP\HSPERFDATA_GREATTECH.SE\2952
C:\USERS\GREATTECH.SE\APPDATA\LOCAL\TEMP\HSPERFDATA_GREATTECH.SE\5304
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{5312AAF7-82CA-11E1-B0F6-00252244C91A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{DFC38A48-72A8-11E1-B347-00252244C91A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{DFC38A50-72A8-11E1-B347-00252244C91A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{DFC38A54-72A8-11E1-B347-00252244C91A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{DFC38A59-72A8-11E1-B347-00252244C91A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{DFC38C3B-72A8-11E1-B347-00252244C91A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\QOOBOX\BACKENV\SETPATH.BAT
C:\QOOBOX\BACKENV\VIKPEV00
C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\HISTORY\CACHEMANAGER\MPSFC.BIN
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00CE9774EB18DFF40B9B4BB396867D5B_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03883ADE15B98A166FC3B382095457C5_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\068F8FE981AAE3A571605ABF4AF21B16_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\069DEB418DBB0748BA3C3EC380915566_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\072A393C258811E6F0BAF058DAA7FEC6_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\086CB1E597FA868B3A0547E384B6B8D2_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08474CB55007086FEEBBD12620B9899A_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08F60AAD65589A5CA7411D5706865654_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\09F2172DB8586A3CE6C990326D2B8D71_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C9D072160957C119C666B49DFAE03B8_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D741C4863AE80704D89AFBBA87BC60D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DF77289F4CA8B29E8D4BC31F7085784_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DF9E5E77A28FA3D8BF7BC83887DE7EC_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E1AFED9D60F4C1FCE801D4630CB4846_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F24FB6E257952D25BF8C04816ECC0C8_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1046C724E028135AECD2358F3BE46BD8_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11DBD435CFE2E41FDD7C48EC8FF40035_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13359D23DDD423381DD50579EAC1DEBF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\16FB038E7973BC068E26F3BF49983B10_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\17EA1F6BB270C39976B6EAAA13E9424E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\182D2FC312805479AE576D83F3E9AE40_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A7E4698899D55E86CCA551AD1674917_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AC4F85A0B52CE1073423422F2A944D8_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B926DE08793D692E3D9FAF152D91614_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C0D5C15C38CB2B84250B25E6A08B9AB_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D0F98DE255C3DCC0E756D664EC6A206_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D47D28AE636988F92D39A9D270DCD3F_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F5FCD0E73438FE57266FA477F1B0FED_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FBDA793C38E76C8CC2E5DF1358ED0AC_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21845DB94B6BFFFD96F2C86A8AE5FED6_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24F10AB741693059D79370A0FAC8C48E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\275693393FB2905608C30B1BB1FC5ED9_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\286850BD9A09445B7CFD00C967170DC2_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\294FE032B8F6B27F16212C6A6095C986_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A85B1C1175D32F9E49926EEB52ED017_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C8F5A803AD92F438713A925AD9DEB2D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E9D3EAEE29507D1EC6A6F42C3FF9CB1_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\307A46498889565450EDB46E742A8B23_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\321261662B88A928509E735A71838D71_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32E374C990BA86C9FCC1DCEDE1FF8BFA_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\343CFC1E57A75A6AA8E5EA7729F9D6DB_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\349FB718F3BE2D277FA21F761F87AD46_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3797AB2A80A7F55B782256F7196A9780_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3810D8D3253E41C524B0C4E08F6F521E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38F62D8E706DF65B20EDF194CAD94492_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\434133BCC55932C72D2E47CF9B84D86B_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\452097C0640D98EA9DE395BD4C607435_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\45BCA00E6FF8F77F3EB10FB05B350BC4_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B251380F3B89D27A1827B3E789D67D8_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4CEBB6F25E764CD0306D5C444428F0B0_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4EF52DAB75FA982D94C64ED48986B205_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F114795D897EF3FC15BC67BEEF13D5C_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51CCEF18A42F685E3260F152C088420F_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5475B12C3ED7358D5413DE27A044A47B_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55E80FEDBD06285F13B6234E69C22F34_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5777DFA2F9EE9661E3463FA5A434C58C_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59285F37116B0E7ADB5FDDC74CF5D83D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\595D584C7A7AB3A0B52165F557A7DB18_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A78E78D53AFA068563A4C6A7184E1E5_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5AA7638E86B204582C7E3EBD928264CF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B178A308025F71F7132657E28F5EC31_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D2982B37480CCEAF2146113ABCB34FF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E584E9B46DE340A5FA007E445170CBF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EF57BB73EE28393770891CBB5BD8120_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5FA1384F36D6BD98E48B7B78334E1ADF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6020A82CA1114B780E34A82AB4BDE05F_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60C21ADA2B49DE38387BD69A569E4292_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6300F3AA09253A09FFA267D6B0C7C194_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64194DD35B7E2C50B032FF67B66A2290_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\65FAA508B6691AB05AB599FA17138E24_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6648B3DD7978A8F4023444ABDE2C2D30_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6660A859376EE5EBD57F0208F1EC0E27_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68E68809AB8CDB2A0A756BC245E0F5A5_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6A9E8A160638183E1CBE44C7833B5A45_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6ABCB75D45B504C765C67BB9C5B4EDD5_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B089E2C4A52AD2E44DA09538525A42A_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6DA683D40EA98B17E2545D9047A607B2_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6EC91FEB320E442381C98C572ADBDCAB_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F94A8C1467001DB2394B699E3390B64_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FA5B780BF990AD677CD758CC67DB345_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FEE48E1DCAF9651B7E637A1606E5251_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FEF30DC9BFE71B5385B04E3FE405194_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\707A6004AA542C6365FE7C182AC2B8B5_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\708F0DF1FDCE63A55C13564152CFC68A_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77E307376E022357024E3CDA0533723D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78DF33CECB8B6CA8F7D0CDFBA612AF5F_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A92922E9CF6C67384938A593863704E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7AF36D02F82D18DCA13EA6381FF45395_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7BD11EE73342E5D728C89E92BD281062_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CC8BCC78EC8E4D5A070C9BE93D39CCA_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F3F44F21B3B9B5A01A3E3A16F1CE207_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8271ABAE825F33E69D2C17CFC83AEC2B_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8178D6B49B9A611E9C5F614EB15B843F_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\836EECEB988BADCAD6838FF57D6FB3FB_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83F421430E21AFEE21D53C2139153ED9_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84AACFE7906D11047AC8254D24397994_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84F1436935F92C82C8D6C1BC3768E2C6_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87B5CBA7BA4EF114EADEB84641D4E943_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\892CC221005F11223E2879D0FC74915F_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89C563C6F7485E352330639391A0ED63_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D70728DA19208032A78FD3F4D01FA04_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F6B2F004F8DBF0A0F311987876F1F1E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91D75CB28FE02902142F4F1E309B889B_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92C5217D95A15F39BE23CC873B33BACD_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9431F293664D9A24086C33C02D86B3CF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96163262DFE0311E6F011C65AFD96D3C_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98FC685F0AD340658B214A10547117AD_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9AA8AC7AED340570C6E67B7369DFBF88_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A15E3C73622922D6CD44A3101B06D812_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A276B51A557234CC451820EA38450D2E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A350EF671524257264EAA6DBA5E2B19D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A494F4CB9579A94DA0CEDE3B5CC200E2_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5C6738B96F8557EDEC9E0D4A4963E7E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A73ED67024F0C84EECE7AE79101A6880_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7548A5CBBA1BC6756D33BCD3B545468_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9FBC9DFFC3E9415E45B41F209AFC451_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA23A79E54AC292264D37F14E854C734_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB33790EADDFE4CEE05B0E5EBE108FDD_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC35671D5D20DFAD315CA83DEF2CCFAD_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACFD5E78E301F890152825138ECC5D53_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4768DD2172695EB7E0E43134EAA60BD_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BEB6FE73CC3C49E1D4E4ED996B700A10_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BEFA549B9D34A942B040E95F2A0EA9F6_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFEA8A1449EF6ECD821295A4BA5C1CCF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFF6F3C82FC1169CD563A1E59D8A1E0D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C074129B20587D3393F798581E1073CE_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C10A656CD2E4D05DF7EE9E18CADB8C26_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDADE02C50520FCCEE04875BC9EB6FBF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF018B76A24280C3B138F3B0CA03478E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1379F9DE7FDFA90D2715011369C0D65_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D30330C5834CAE102BCB18476DCAA410_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D38BF7E3199D8D0FDC394DF6EEC4C761_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D7B94E0E34ECE37EFF71CE1F6448106C_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA55782C3B2791C467D0412E1B45D32D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DAF568416DD7C6CD4F3938655B87C409_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBC3B62EE0A62E6E2C2B055F662E00DC_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE131BF3019C93F9C2B07380C60C0EFE_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE5000510CC495C75B1F4A438BAD99F3_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE519BAFCC3A71198DADE934F4CBE4B9_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E076539A4701613529A8EA64DB1A8C96_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2FA45AAECC7297597C7E63E207E2806_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3ACB3647EBC9B4F3C7479AB479F2D6D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E4AB9A37DF3DC31B6C498946E2190092_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E577CC464451DEE84499C7E771979319_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E669233AC36A6A0A28A59419262CE06A_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8E7E1D9CFA69D40D2C346A8485A3689_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E99AB000157F76DAF5D41035BE347A83_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED59A2A41640CFAF95964820A2D4A461_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE07426400272F32B5EEABFEF047EA06_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF70F009D9E2921FFB46AED36DC9DDCF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0803C4DF9DD2BA536AF93151D728416_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0DE0385635C3FD23B2F97F55C3F3AD7_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F235FE6DE866D0D6401593FA113190E5_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F289EE1D5C250A5EEB53D38648FDF29B_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F463A7718D345F0D6D0E92641E03B4BC_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4D77E82A71B4768EE24DCF27C81A1C3_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F803724E741B94DBCA7FFA7DD22AF641_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FACC4737FF18495045BF3890DF6E7715_C4408620-F014-44E6-B8E5-3E0134F0C534

#9 F338LE1

F338LE1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 11 April 2012 - 03:01 AM

I haven't had any problems arise since my last post, everything seems to be running smoothly.

I'm considering buying Malwarebytes to plug any holes left by ESET, as there are apparently at least a few.

Thanks for all the help, Mark! Keep up the good work!

#10 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:34 PM

Posted 11 April 2012 - 08:46 AM

You're welcome and you have made a good choice to run Malwarebytes alongside your current Anti Virus, that is in fact what Malwarebytes is designed to do as it will compliment any Anti Virus software.

Glad to hear everything is running smoothly but we must be sure there are no infections left behind. There will also be some cleaning up to do before we finish.

F-secure reported four infections but did not give the location for three of them. If you were watching the scan, did you notice where F-secure made the detections or was it displayed somewhere else in the log. The instructions I gave you to run F-secure were written late last year but there is a possibility something has been changed/updated that I am not aware of.

As we do have the location of one of the infections please follow this:

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

C:\GAMES\SKYRIM\SKYRIM4GB.EXE <---this file

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

#11 F338LE1

F338LE1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 11 April 2012 - 02:14 PM

Jotti detected nothing bad about that program. I'm running another scan with F-Secure to see if there's anything else.

#12 F338LE1

F338LE1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 11 April 2012 - 02:58 PM

Appears to be one less this time. No idea where two of them were found. Should I scan again and use the option to clean them?

-------------------------------
Scanning Report
Wednesday, April 11, 2012 21:10:45 - 21:53:58

Computer name: GREATTECH
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ F:\ H:\
3 malware found
TrackingCookie.2o7 (spyware)

System (Not cleaned)

Suspicious:W32/Malware!Gemini (spyware)

System (Not cleaned)

Suspicious:W32/Malware!Gemini (virus)

C:\GAMES\SKYRIM\SKYRIM4GB.EXE (Not cleaned)

Statistics
Scanned:

Files: 92206
System: 8686
Not scanned: 189

Actions:

Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 3
Submitted: 0

Files not scanned:

C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\TMP0000043DDF70CA5C6AE4C218
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\BE9BA1C0B5EEBFC264D7A4924A56531C45489EA8.HOMEGROUPCLASSIFIER\D073B24F181AB2CE8473A9018DD2AB4E\GROUPING\DB.MDB
C:\WINDOWS\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-0.BIN
C:\USERS\GREATTECH.SE\APPDATA\LOCAL\TEMP\HSPERFDATA_GREATTECH.SE\3152
C:\USERS\GREATTECH.SE\APPDATA\LOCAL\TEMP\HSPERFDATA_GREATTECH.SE\340
C:\USERS\GREATTECH.SE\APPDATA\LOCAL\SPOTIFY\BROWSER\DATA_1
C:\USERS\GREATTECH.SE\APPDATA\LOCAL\SPOTIFY\BROWSER\DATA_0
C:\USERS\GREATTECH.SE\APPDATA\LOCAL\SPOTIFY\BROWSER\DATA_2
C:\USERS\GREATTECH.SE\APPDATA\LOCAL\SPOTIFY\BROWSER\DATA_3
C:\USERS\GREATTECH.SE\APPDATA\LOCAL\SPOTIFY\BROWSER\INDEX
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{D846676A-8327-11E1-B705-00252244C91A}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\QOOBOX\BACKENV\SETPATH.BAT
C:\QOOBOX\BACKENV\VIKPEV00
C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\HISTORY\CACHEMANAGER\MPSFC.BIN
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00CE9774EB18DFF40B9B4BB396867D5B_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\03883ADE15B98A166FC3B382095457C5_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\068F8FE981AAE3A571605ABF4AF21B16_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\069DEB418DBB0748BA3C3EC380915566_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\072A393C258811E6F0BAF058DAA7FEC6_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08474CB55007086FEEBBD12620B9899A_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\086CB1E597FA868B3A0547E384B6B8D2_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08F60AAD65589A5CA7411D5706865654_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\09F2172DB8586A3CE6C990326D2B8D71_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C9D072160957C119C666B49DFAE03B8_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D741C4863AE80704D89AFBBA87BC60D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DF77289F4CA8B29E8D4BC31F7085784_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DF9E5E77A28FA3D8BF7BC83887DE7EC_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E1AFED9D60F4C1FCE801D4630CB4846_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0F24FB6E257952D25BF8C04816ECC0C8_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1046C724E028135AECD2358F3BE46BD8_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\11DBD435CFE2E41FDD7C48EC8FF40035_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\13359D23DDD423381DD50579EAC1DEBF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\16FB038E7973BC068E26F3BF49983B10_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\17EA1F6BB270C39976B6EAAA13E9424E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\182D2FC312805479AE576D83F3E9AE40_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A7E4698899D55E86CCA551AD1674917_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1AC4F85A0B52CE1073423422F2A944D8_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B926DE08793D692E3D9FAF152D91614_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C0D5C15C38CB2B84250B25E6A08B9AB_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D0F98DE255C3DCC0E756D664EC6A206_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D47D28AE636988F92D39A9D270DCD3F_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F5FCD0E73438FE57266FA477F1B0FED_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FBDA793C38E76C8CC2E5DF1358ED0AC_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21845DB94B6BFFFD96F2C86A8AE5FED6_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\24F10AB741693059D79370A0FAC8C48E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\275693393FB2905608C30B1BB1FC5ED9_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\286850BD9A09445B7CFD00C967170DC2_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\294FE032B8F6B27F16212C6A6095C986_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A85B1C1175D32F9E49926EEB52ED017_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2C8F5A803AD92F438713A925AD9DEB2D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E9D3EAEE29507D1EC6A6F42C3FF9CB1_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\307A46498889565450EDB46E742A8B23_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\321261662B88A928509E735A71838D71_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32E374C990BA86C9FCC1DCEDE1FF8BFA_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\343CFC1E57A75A6AA8E5EA7729F9D6DB_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\349FB718F3BE2D277FA21F761F87AD46_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3797AB2A80A7F55B782256F7196A9780_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3810D8D3253E41C524B0C4E08F6F521E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\38F62D8E706DF65B20EDF194CAD94492_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\434133BCC55932C72D2E47CF9B84D86B_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\452097C0640D98EA9DE395BD4C607435_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\45BCA00E6FF8F77F3EB10FB05B350BC4_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B251380F3B89D27A1827B3E789D67D8_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4CEBB6F25E764CD0306D5C444428F0B0_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4EF52DAB75FA982D94C64ED48986B205_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4F114795D897EF3FC15BC67BEEF13D5C_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\51CCEF18A42F685E3260F152C088420F_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5475B12C3ED7358D5413DE27A044A47B_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55E80FEDBD06285F13B6234E69C22F34_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5777DFA2F9EE9661E3463FA5A434C58C_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\59285F37116B0E7ADB5FDDC74CF5D83D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\595D584C7A7AB3A0B52165F557A7DB18_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5A78E78D53AFA068563A4C6A7184E1E5_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5AA7638E86B204582C7E3EBD928264CF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B178A308025F71F7132657E28F5EC31_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D2982B37480CCEAF2146113ABCB34FF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E584E9B46DE340A5FA007E445170CBF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5EF57BB73EE28393770891CBB5BD8120_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5FA1384F36D6BD98E48B7B78334E1ADF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\60C21ADA2B49DE38387BD69A569E4292_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6020A82CA1114B780E34A82AB4BDE05F_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6300F3AA09253A09FFA267D6B0C7C194_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\64194DD35B7E2C50B032FF67B66A2290_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\65FAA508B6691AB05AB599FA17138E24_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6648B3DD7978A8F4023444ABDE2C2D30_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6660A859376EE5EBD57F0208F1EC0E27_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68E68809AB8CDB2A0A756BC245E0F5A5_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6A9E8A160638183E1CBE44C7833B5A45_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B089E2C4A52AD2E44DA09538525A42A_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6ABCB75D45B504C765C67BB9C5B4EDD5_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6DA683D40EA98B17E2545D9047A607B2_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6EA8CF65FFEE3592D6218FC6149EBBA1_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6EC91FEB320E442381C98C572ADBDCAB_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F94A8C1467001DB2394B699E3390B64_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FA5B780BF990AD677CD758CC67DB345_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FEE48E1DCAF9651B7E637A1606E5251_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FEF30DC9BFE71B5385B04E3FE405194_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\707A6004AA542C6365FE7C182AC2B8B5_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\708F0DF1FDCE63A55C13564152CFC68A_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77E307376E022357024E3CDA0533723D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78DF33CECB8B6CA8F7D0CDFBA612AF5F_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A92922E9CF6C67384938A593863704E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7AF36D02F82D18DCA13EA6381FF45395_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7BD11EE73342E5D728C89E92BD281062_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7CC8BCC78EC8E4D5A070C9BE93D39CCA_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7F3F44F21B3B9B5A01A3E3A16F1CE207_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8271ABAE825F33E69D2C17CFC83AEC2B_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8178D6B49B9A611E9C5F614EB15B843F_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\836EECEB988BADCAD6838FF57D6FB3FB_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83F421430E21AFEE21D53C2139153ED9_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84F1436935F92C82C8D6C1BC3768E2C6_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84AACFE7906D11047AC8254D24397994_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87B5CBA7BA4EF114EADEB84641D4E943_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\892CC221005F11223E2879D0FC74915F_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89C563C6F7485E352330639391A0ED63_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D70728DA19208032A78FD3F4D01FA04_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F6B2F004F8DBF0A0F311987876F1F1E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\91D75CB28FE02902142F4F1E309B889B_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92C5217D95A15F39BE23CC873B33BACD_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9431F293664D9A24086C33C02D86B3CF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96163262DFE0311E6F011C65AFD96D3C_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98FC685F0AD340658B214A10547117AD_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9AA8AC7AED340570C6E67B7369DFBF88_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A15E3C73622922D6CD44A3101B06D812_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A276B51A557234CC451820EA38450D2E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A350EF671524257264EAA6DBA5E2B19D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A494F4CB9579A94DA0CEDE3B5CC200E2_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5C6738B96F8557EDEC9E0D4A4963E7E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A73ED67024F0C84EECE7AE79101A6880_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7548A5CBBA1BC6756D33BCD3B545468_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9FBC9DFFC3E9415E45B41F209AFC451_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA23A79E54AC292264D37F14E854C734_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB33790EADDFE4CEE05B0E5EBE108FDD_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC35671D5D20DFAD315CA83DEF2CCFAD_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACFD5E78E301F890152825138ECC5D53_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4768DD2172695EB7E0E43134EAA60BD_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BEB6FE73CC3C49E1D4E4ED996B700A10_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BEFA549B9D34A942B040E95F2A0EA9F6_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFEA8A1449EF6ECD821295A4BA5C1CCF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFF6F3C82FC1169CD563A1E59D8A1E0D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C074129B20587D3393F798581E1073CE_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C10A656CD2E4D05DF7EE9E18CADB8C26_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDADE02C50520FCCEE04875BC9EB6FBF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF018B76A24280C3B138F3B0CA03478E_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1379F9DE7FDFA90D2715011369C0D65_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D30330C5834CAE102BCB18476DCAA410_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D38BF7E3199D8D0FDC394DF6EEC4C761_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D7B94E0E34ECE37EFF71CE1F6448106C_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA55782C3B2791C467D0412E1B45D32D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DAF568416DD7C6CD4F3938655B87C409_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE131BF3019C93F9C2B07380C60C0EFE_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBC3B62EE0A62E6E2C2B055F662E00DC_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE519BAFCC3A71198DADE934F4CBE4B9_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE5000510CC495C75B1F4A438BAD99F3_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E076539A4701613529A8EA64DB1A8C96_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2FA45AAECC7297597C7E63E207E2806_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3ACB3647EBC9B4F3C7479AB479F2D6D_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E4AB9A37DF3DC31B6C498946E2190092_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E577CC464451DEE84499C7E771979319_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E669233AC36A6A0A28A59419262CE06A_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8E360781FD62F04D72B4A68F618D260_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8E7E1D9CFA69D40D2C346A8485A3689_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E99AB000157F76DAF5D41035BE347A83_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED59A2A41640CFAF95964820A2D4A461_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE07426400272F32B5EEABFEF047EA06_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF70F009D9E2921FFB46AED36DC9DDCF_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0803C4DF9DD2BA536AF93151D728416_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F0DE0385635C3FD23B2F97F55C3F3AD7_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F235FE6DE866D0D6401593FA113190E5_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F289EE1D5C250A5EEB53D38648FDF29B_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F463A7718D345F0D6D0E92641E03B4BC_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4D77E82A71B4768EE24DCF27C81A1C3_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F803724E741B94DBCA7FFA7DD22AF641_C4408620-F014-44E6-B8E5-3E0134F0C534
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FACC4737FF18495045BF3890DF6E7715_C4408620-F014-44E6-B8E5-3E0134F0C534

#13 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:34 PM

Posted 12 April 2012 - 03:33 AM

The fact that your machine is running fine and other scans did not show anything of concern is a good sign.

I recommended the F-Secure online scan as a second opinion. Since its log results were not specific enough for me to identify the detections I did some testing and discovered it was difficult to ascertain exactly what was detected on my own computer based on the log output I received. As such, you may want to ask about those F-Secure detections at the F-Secure Community forum where they may be able to provide further information.

Now we just have some cleaning up to do:

To re-enable your CD Emulation drivers if you disabled them, double click DeFogger.exe to run the tool again.

  • The application window will appear.
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK.
  • DeFogger will now ask to reboot the machine...click OK.
To uninstall ComboFix, press the WINKEY + R keys on your keyboard or click Posted Image > Run... and in the Open dialog box, type: ComboFix /Uninstall

Posted Image

  • Press OK.
    -- Vista/Windows 7 users refer to these instructions.
  • If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to Uninstall.exe, then double-click on it to remove.
  • This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
  • When it has finished you will see a dialog box stating that "ComboFix has been uninstalled".
  • After that, you can delete the ComboFix.exe program from your computer (Desktop).

    Next
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program.
    If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
-- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).


Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.


Let me know if you have had any problems uninstalling Combofix.

#14 F338LE1

F338LE1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 12 April 2012 - 07:25 AM

No problems uninstalling. Seems I have a few updates to run. Also, Windows Defender doesn't start for some reason:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox 10.0.2 Firefox out of Date!
Mozilla Thunderbird 3.1.7 Thunderbird out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

#15 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:03:34 PM

Posted 12 April 2012 - 01:32 PM

As you have noted, there are some updates required for Java and Adobe, all instruction below.

Windows Defender should not be enabled when you have an Active Anti Virus program on your system, so it needs to remain disabled.

You will also need to go to these links to update Firefox and Thunderbird.
How to Update Firefox
How to Update Thunderbird

Once this is all done we are finished.

Adobe
Please use Add/Remove programs to uninstall any/all versions of Adobe on your system.
Then go to this link here and select the latest version to download and install. You will normally only need the downloads from either of the four "Readers and Players" in the top right hand corner of the page. Older versions of Adobe are vulnerable to infection so should always be uninstalled before installing the most up to date version available.

Java
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
----------------------------------------------------------

Some additional security measures.
If your present security software does not include a third party Firewall or AntiSpyware.

Go Here for a selection of third party Firewalls.

Go Here or Here for Anti Spyware.

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of Malwarebytes with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites.

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. WinPatrol takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your start up programs.

A warning about using Registry Cleaners
The registry contains all the operating system's knowledge of a computer's configuration, hardware devices, installed software and location of the device drivers.
Under normal conditions, we do not recommend people use Registry Cleaners. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix. Windows is a closed source system, developers of registry cleaners are not working on definitive information, but rather empirical knowledge. Automatic cleaners will usually have to do some guesswork.

If you do have a problem that is rooted in the registry, it would be far better to edit only the specific key/s and/or value/s that are causing the problem. For this you need help from someone with good knowledge and an understanding of the Windows Registry rather than leaving it in the hands of automated software. But, first you need to be sure there is a registry problem and discover what may have caused it.

Edited by mark1956, 12 April 2012 - 01:34 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users