Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Google Redirect bug


  • This topic is locked This topic is locked
18 replies to this topic

#1 airdelivery

airdelivery

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 May 2012 - 10:45 AM

First of all, I'm a computer idiot (no savant included)so I will ask questions my six year old can probably answer.

I am following the instructions from the post "Need help removing Google redirect malware" since I have the same bug. I downloaded the MiniToolBox and ran as instructed. I recieved several pop-up messages (3 times) stating:

"Original 1108 could not be located in the dynamic link library WSOCK 32.dll."

I proceeded through and received my results as is the following:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Liz's Computer (administrator) on 09-05-2012 at 11:29:40
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

So do I wait for a response from someone or do I just need to go to the next step adn download TDSKiller.zip?

Thanks.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 PM

Posted 09 May 2012 - 11:00 AM

Hello and welcome.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?



Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

WIN7.. Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.



Run Mini again

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.




Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 May 2012 - 02:46 PM

I am using a netgear wireless router. My laptop, that I am using now, is connected, and no, there's no redirect.

When I go to the CMD dos window and type netsh winsock reset, the prompt says: the following helper DLL cannot be loaded: Wshelper.DLL.
This is followed in the next line by: The following command was not found: winsock reset.

What do you think?

#4 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 May 2012 - 02:49 PM

Oh, and I am not using firfox, IE.

#5 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 May 2012 - 03:09 PM

And I forgot to say thank you for taking your time with this. I am so impressed with this website and the people that run it.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 PM

Posted 09 May 2012 - 03:21 PM

Ok lets start at Minitoolbox then
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 May 2012 - 03:32 PM

Ok. Here are the results from MiniToolBox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Liz's Computer (administrator) on 09-05-2012 at 16:28:21
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost


As in my original post, when I did this, I received this popup 3 times:

"Original 1108 could not be located in the dynamic link library WSOCK 32.dll."

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 PM

Posted 09 May 2012 - 03:33 PM

Let me look into that run the 2 scanners please.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 May 2012 - 05:48 PM

Here's the TDSSKiller report:

16:33:06.0095 6640 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:33:06.0477 6640 ============================================================
16:33:06.0477 6640 Current date / time: 2012/05/09 16:33:06.0477
16:33:06.0478 6640 SystemInfo:
16:33:06.0478 6640
16:33:06.0478 6640 OS Version: 6.1.7601 ServicePack: 1.0
16:33:06.0478 6640 Product type: Workstation
16:33:06.0478 6640 ComputerName: LIZSCOMPUTER-HP
16:33:06.0478 6640 UserName: Liz's Computer
16:33:06.0478 6640 Windows directory: C:\Windows
16:33:06.0478 6640 System windows directory: C:\Windows
16:33:06.0478 6640 Running under WOW64
16:33:06.0478 6640 Processor architecture: Intel x64
16:33:06.0479 6640 Number of processors: 2
16:33:06.0479 6640 Page size: 0x1000
16:33:06.0479 6640 Boot type: Normal boot
16:33:06.0479 6640 ============================================================
16:33:07.0035 6640 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:33:07.0138 6640 ============================================================
16:33:07.0138 6640 \Device\Harddisk0\DR0:
16:33:07.0138 6640 MBR partitions:
16:33:07.0138 6640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:33:07.0138 6640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72F45000
16:33:07.0138 6640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72F77800, BlocksNum 0x178E800
16:33:07.0138 6640 ============================================================
16:33:07.0158 6640 C: <-> \Device\Harddisk0\DR0\Partition1
16:33:07.0205 6640 D: <-> \Device\Harddisk0\DR0\Partition2
16:33:07.0205 6640 ============================================================
16:33:07.0205 6640 Initialize success
16:33:07.0205 6640 ============================================================
16:33:18.0630 7044 ============================================================
16:33:18.0630 7044 Scan started
16:33:18.0630 7044 Mode: Manual; TDLFS;
16:33:18.0630 7044 ============================================================
16:33:19.0979 7044 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:33:19.0982 7044 1394ohci - ok
16:33:20.0024 7044 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:33:20.0028 7044 ACPI - ok
16:33:20.0054 7044 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:33:20.0055 7044 AcpiPmi - ok
16:33:20.0177 7044 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:33:20.0183 7044 AdobeFlashPlayerUpdateSvc - ok
16:33:20.0225 7044 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:33:20.0233 7044 adp94xx - ok
16:33:20.0271 7044 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:33:20.0276 7044 adpahci - ok
16:33:20.0304 7044 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:33:20.0307 7044 adpu320 - ok
16:33:20.0375 7044 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:33:20.0377 7044 AeLookupSvc - ok
16:33:20.0430 7044 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
16:33:20.0432 7044 AERTFilters - ok
16:33:20.0481 7044 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:33:20.0486 7044 AFD - ok
16:33:20.0512 7044 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:33:20.0514 7044 agp440 - ok
16:33:20.0533 7044 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:33:20.0535 7044 ALG - ok
16:33:20.0556 7044 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:33:20.0557 7044 aliide - ok
16:33:20.0603 7044 AMD External Events Utility (23bc2ea87ab7d48756e6198a4e5d3ac0) C:\Windows\system32\atiesrxx.exe
16:33:20.0606 7044 AMD External Events Utility - ok
16:33:20.0624 7044 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:33:20.0625 7044 amdide - ok
16:33:20.0645 7044 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:33:20.0647 7044 AmdK8 - ok
16:33:21.0035 7044 amdkmdag (4837aa524c1aeb34201ba425237fb45b) C:\Windows\system32\DRIVERS\atikmdag.sys
16:33:21.0155 7044 amdkmdag - ok
16:33:21.0231 7044 amdkmdap (d7cc3eb2ae5bb29858f254c9aa356601) C:\Windows\system32\DRIVERS\atikmpag.sys
16:33:21.0235 7044 amdkmdap - ok
16:33:21.0253 7044 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:33:21.0254 7044 AmdPPM - ok
16:33:21.0288 7044 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:33:21.0291 7044 amdsata - ok
16:33:21.0310 7044 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:33:21.0315 7044 amdsbs - ok
16:33:21.0335 7044 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:33:21.0336 7044 amdxata - ok
16:33:21.0366 7044 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\drivers\amd_sata.sys
16:33:21.0368 7044 amd_sata - ok
16:33:21.0395 7044 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\drivers\amd_xata.sys
16:33:21.0396 7044 amd_xata - ok
16:33:21.0434 7044 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:33:21.0436 7044 AppID - ok
16:33:21.0463 7044 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:33:21.0465 7044 AppIDSvc - ok
16:33:21.0490 7044 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:33:21.0491 7044 Appinfo - ok
16:33:21.0618 7044 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:33:21.0621 7044 Apple Mobile Device - ok
16:33:21.0638 7044 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:33:21.0641 7044 arc - ok
16:33:21.0662 7044 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:33:21.0665 7044 arcsas - ok
16:33:21.0751 7044 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:33:21.0753 7044 aspnet_state - ok
16:33:21.0779 7044 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:33:21.0781 7044 AsyncMac - ok
16:33:21.0811 7044 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:33:21.0812 7044 atapi - ok
16:33:21.0871 7044 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:33:21.0880 7044 AudioEndpointBuilder - ok
16:33:21.0896 7044 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:33:21.0904 7044 AudioSrv - ok
16:33:21.0935 7044 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:33:21.0938 7044 AxInstSV - ok
16:33:21.0974 7044 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:33:21.0982 7044 b06bdrv - ok
16:33:22.0010 7044 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:33:22.0013 7044 b57nd60a - ok
16:33:22.0050 7044 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:33:22.0052 7044 BDESVC - ok
16:33:22.0078 7044 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:33:22.0079 7044 Beep - ok
16:33:22.0138 7044 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:33:22.0148 7044 BITS - ok
16:33:22.0170 7044 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
16:33:22.0171 7044 blbdrive - ok
16:33:22.0260 7044 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:33:22.0265 7044 Bonjour Service - ok
16:33:22.0313 7044 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:33:22.0315 7044 bowser - ok
16:33:22.0331 7044 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:33:22.0333 7044 BrFiltLo - ok
16:33:22.0351 7044 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:33:22.0352 7044 BrFiltUp - ok
16:33:22.0377 7044 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:33:22.0379 7044 Browser - ok
16:33:22.0410 7044 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:33:22.0417 7044 Brserid - ok
16:33:22.0439 7044 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:33:22.0441 7044 BrSerWdm - ok
16:33:22.0457 7044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:33:22.0458 7044 BrUsbMdm - ok
16:33:22.0469 7044 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:33:22.0473 7044 BrUsbSer - ok
16:33:22.0501 7044 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
16:33:22.0503 7044 BTCFilterService - ok
16:33:22.0521 7044 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:33:22.0524 7044 BTHMODEM - ok
16:33:22.0559 7044 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:33:22.0561 7044 bthserv - ok
16:33:22.0579 7044 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:33:22.0582 7044 cdfs - ok
16:33:22.0639 7044 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:33:22.0641 7044 cdrom - ok
16:33:22.0672 7044 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:33:22.0674 7044 CertPropSvc - ok
16:33:22.0691 7044 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:33:22.0693 7044 circlass - ok
16:33:22.0726 7044 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:33:22.0731 7044 CLFS - ok
16:33:22.0842 7044 clr_optimization_v2.0.50215_32 (5f22132c9153639762708909f156b33d) C:\Windows\system32\NeroMediaHomeService.4.dll
16:33:22.0844 7044 clr_optimization_v2.0.50215_32 ( Backdoor.Multi.ZAccess.gen ) - infected
16:33:22.0845 7044 clr_optimization_v2.0.50215_32 - detected Backdoor.Multi.ZAccess.gen (0)
16:33:22.0906 7044 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:33:22.0909 7044 clr_optimization_v2.0.50727_32 - ok
16:33:22.0970 7044 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:33:22.0971 7044 clr_optimization_v2.0.50727_64 - ok
16:33:23.0019 7044 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:33:23.0021 7044 clr_optimization_v4.0.30319_32 - ok
16:33:23.0064 7044 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:33:23.0067 7044 clr_optimization_v4.0.30319_64 - ok
16:33:23.0096 7044 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
16:33:23.0098 7044 clwvd - ok
16:33:23.0128 7044 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:33:23.0130 7044 CmBatt - ok
16:33:23.0146 7044 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:33:23.0147 7044 cmdide - ok
16:33:23.0193 7044 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:33:23.0197 7044 CNG - ok
16:33:23.0248 7044 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:33:23.0250 7044 Compbatt - ok
16:33:23.0285 7044 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:33:23.0286 7044 CompositeBus - ok
16:33:23.0310 7044 COMSysApp - ok
16:33:23.0365 7044 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:33:23.0367 7044 crcdisk - ok
16:33:23.0416 7044 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:33:23.0419 7044 CryptSvc - ok
16:33:23.0461 7044 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:33:23.0469 7044 DcomLaunch - ok
16:33:23.0533 7044 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:33:23.0538 7044 defragsvc - ok
16:33:23.0560 7044 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:33:23.0562 7044 DfsC - ok
16:33:23.0603 7044 DFUBTUSB (b49e99c0860e73cd3d54ecba1f236dfd) C:\Windows\system32\Drivers\frmupgr.sys
16:33:23.0604 7044 DFUBTUSB - ok
16:33:23.0631 7044 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:33:23.0636 7044 Dhcp - ok
16:33:23.0649 7044 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:33:23.0651 7044 discache - ok
16:33:23.0686 7044 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:33:23.0688 7044 Disk - ok
16:33:23.0757 7044 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:33:23.0760 7044 Dnscache - ok
16:33:23.0816 7044 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:33:23.0822 7044 dot3svc - ok
16:33:23.0881 7044 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:33:23.0884 7044 DPS - ok
16:33:23.0916 7044 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:33:23.0917 7044 drmkaud - ok
16:33:23.0997 7044 DTSRVC (104e07194c5761dc3991fd03112238a2) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
16:33:23.0999 7044 DTSRVC - ok
16:33:24.0056 7044 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:33:24.0065 7044 DXGKrnl - ok
16:33:24.0093 7044 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:33:24.0095 7044 EapHost - ok
16:33:24.0244 7044 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:33:24.0272 7044 ebdrv - ok
16:33:24.0356 7044 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:33:24.0359 7044 EFS - ok
16:33:24.0441 7044 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:33:24.0451 7044 ehRecvr - ok
16:33:24.0489 7044 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:33:24.0491 7044 ehSched - ok
16:33:24.0549 7044 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:33:24.0558 7044 elxstor - ok
16:33:24.0605 7044 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:33:24.0606 7044 ErrDev - ok
16:33:24.0654 7044 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:33:24.0659 7044 EventSystem - ok
16:33:24.0707 7044 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:33:24.0711 7044 exfat - ok
16:33:24.0733 7044 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:33:24.0738 7044 fastfat - ok
16:33:24.0750 7044 FastUserSwitchingCompatibility - ok
16:33:24.0801 7044 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:33:24.0808 7044 Fax - ok
16:33:24.0849 7044 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:33:24.0854 7044 fdc - ok
16:33:24.0889 7044 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:33:24.0891 7044 fdPHost - ok
16:33:24.0914 7044 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:33:24.0915 7044 FDResPub - ok
16:33:24.0940 7044 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:33:24.0941 7044 FileInfo - ok
16:33:24.0950 7044 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:33:24.0951 7044 Filetrace - ok
16:33:24.0969 7044 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:33:24.0971 7044 flpydisk - ok
16:33:25.0005 7044 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:33:25.0009 7044 FltMgr - ok
16:33:25.0076 7044 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:33:25.0087 7044 FontCache - ok
16:33:25.0176 7044 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:33:25.0177 7044 FontCache3.0.0.0 - ok
16:33:25.0201 7044 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:33:25.0203 7044 FsDepends - ok
16:33:25.0243 7044 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:33:25.0245 7044 Fs_Rec - ok
16:33:25.0268 7044 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:33:25.0272 7044 fvevol - ok
16:33:25.0312 7044 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:33:25.0313 7044 gagp30kx - ok
16:33:25.0375 7044 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:33:25.0378 7044 GamesAppService - ok
16:33:25.0408 7044 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:33:25.0409 7044 GEARAspiWDM - ok
16:33:25.0470 7044 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:33:25.0480 7044 gpsvc - ok
16:33:25.0523 7044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:33:25.0525 7044 hcw85cir - ok
16:33:25.0569 7044 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:33:25.0575 7044 HdAudAddService - ok
16:33:25.0622 7044 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:33:25.0624 7044 HDAudBus - ok
16:33:25.0645 7044 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:33:25.0646 7044 HidBatt - ok
16:33:25.0673 7044 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:33:25.0682 7044 HidBth - ok
16:33:25.0710 7044 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:33:25.0711 7044 HidIr - ok
16:33:25.0732 7044 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:33:25.0734 7044 hidserv - ok
16:33:25.0753 7044 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:33:25.0754 7044 HidUsb - ok
16:33:25.0773 7044 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:33:25.0776 7044 hkmsvc - ok
16:33:25.0822 7044 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:33:25.0826 7044 HomeGroupListener - ok
16:33:25.0861 7044 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:33:25.0866 7044 HomeGroupProvider - ok
16:33:25.0990 7044 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:33:25.0992 7044 HP Support Assistant Service - ok
16:33:26.0067 7044 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
16:33:26.0073 7044 HPAuto - ok
16:33:26.0134 7044 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
16:33:26.0138 7044 HPClientSvc - ok
16:33:26.0185 7044 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:33:26.0187 7044 HPDrvMntSvc.exe - ok
16:33:26.0244 7044 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
16:33:26.0255 7044 hpqwmiex - ok
16:33:26.0349 7044 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:33:26.0351 7044 HpSAMD - ok
16:33:26.0406 7044 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:33:26.0416 7044 HTTP - ok
16:33:26.0430 7044 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:33:26.0432 7044 hwpolicy - ok
16:33:26.0473 7044 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:33:26.0477 7044 i8042prt - ok
16:33:26.0540 7044 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:33:26.0547 7044 iaStorV - ok
16:33:26.0739 7044 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
16:33:26.0763 7044 IconMan_R - ok
16:33:26.0862 7044 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:33:26.0876 7044 idsvc - ok
16:33:27.0274 7044 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:33:27.0410 7044 igfx - ok
16:33:27.0541 7044 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:33:27.0543 7044 iirsp - ok
16:33:27.0615 7044 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:33:27.0627 7044 IKEEXT - ok
16:33:27.0798 7044 IntcAzAudAddService (392d5c87f282e8e36df5154418a7bb20) C:\Windows\system32\drivers\RTKVHD64.sys
16:33:27.0824 7044 IntcAzAudAddService - ok
16:33:27.0941 7044 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:33:27.0943 7044 intelide - ok
16:33:27.0961 7044 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
16:33:27.0963 7044 intelppm - ok
16:33:27.0982 7044 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:33:27.0985 7044 IPBusEnum - ok
16:33:28.0013 7044 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:33:28.0015 7044 IpFilterDriver - ok
16:33:28.0046 7044 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:33:28.0049 7044 IPMIDRV - ok
16:33:28.0067 7044 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:33:28.0070 7044 IPNAT - ok
16:33:28.0145 7044 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
16:33:28.0154 7044 iPod Service - ok
16:33:28.0179 7044 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:33:28.0180 7044 IRENUM - ok
16:33:28.0198 7044 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:33:28.0200 7044 isapnp - ok
16:33:28.0230 7044 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:33:28.0236 7044 iScsiPrt - ok
16:33:28.0277 7044 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:33:28.0279 7044 kbdclass - ok
16:33:28.0293 7044 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:33:28.0295 7044 kbdhid - ok
16:33:28.0319 7044 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:28.0322 7044 KeyIso - ok
16:33:28.0387 7044 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
16:33:28.0393 7044 Kodak AiO Network Discovery Service - ok
16:33:28.0440 7044 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:33:28.0443 7044 KSecDD - ok
16:33:28.0464 7044 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:33:28.0466 7044 KSecPkg - ok
16:33:28.0480 7044 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:33:28.0482 7044 ksthunk - ok
16:33:28.0522 7044 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:33:28.0530 7044 KtmRm - ok
16:33:28.0569 7044 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:33:28.0576 7044 LanmanServer - ok
16:33:28.0632 7044 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:33:28.0638 7044 LanmanWorkstation - ok
16:33:28.0732 7044 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
16:33:28.0737 7044 LBTServ - ok
16:33:28.0792 7044 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:33:28.0794 7044 LHidFilt - ok
16:33:28.0823 7044 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:33:28.0825 7044 lltdio - ok
16:33:28.0866 7044 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:33:28.0873 7044 lltdsvc - ok
16:33:28.0891 7044 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:33:28.0894 7044 lmhosts - ok
16:33:28.0912 7044 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:33:28.0914 7044 LMouFilt - ok
16:33:28.0945 7044 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:33:28.0948 7044 LSI_FC - ok
16:33:28.0968 7044 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:33:28.0971 7044 LSI_SAS - ok
16:33:28.0991 7044 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:33:28.0993 7044 LSI_SAS2 - ok
16:33:29.0015 7044 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:33:29.0018 7044 LSI_SCSI - ok
16:33:29.0037 7044 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:33:29.0040 7044 luafv - ok
16:33:29.0072 7044 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:33:29.0073 7044 MBAMProtector - ok
16:33:29.0127 7044 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:33:29.0143 7044 MBAMService - ok
16:33:29.0181 7044 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:33:29.0184 7044 Mcx2Svc - ok
16:33:29.0199 7044 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:33:29.0201 7044 megasas - ok
16:33:29.0228 7044 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:33:29.0233 7044 MegaSR - ok
16:33:29.0294 7044 Microsoft SharePoint Workspace Audit Service - ok
16:33:29.0318 7044 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:33:29.0322 7044 MMCSS - ok
16:33:29.0337 7044 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:33:29.0339 7044 Modem - ok
16:33:29.0366 7044 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:33:29.0367 7044 monitor - ok
16:33:29.0402 7044 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
16:33:29.0404 7044 motccgp - ok
16:33:29.0431 7044 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
16:33:29.0432 7044 motccgpfl - ok
16:33:29.0472 7044 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
16:33:29.0473 7044 motmodem - ok
16:33:29.0535 7044 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
16:33:29.0539 7044 MotoHelper - ok
16:33:29.0565 7044 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
16:33:29.0567 7044 MotoSwitchService - ok
16:33:29.0601 7044 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
16:33:29.0602 7044 Motousbnet - ok
16:33:29.0659 7044 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
16:33:29.0661 7044 motusbdevice - ok
16:33:29.0701 7044 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:33:29.0703 7044 mouclass - ok
16:33:29.0720 7044 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:33:29.0722 7044 mouhid - ok
16:33:29.0747 7044 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:33:29.0750 7044 mountmgr - ok
16:33:29.0772 7044 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:33:29.0775 7044 mpio - ok
16:33:29.0804 7044 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:33:29.0807 7044 mpsdrv - ok
16:33:29.0838 7044 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:33:29.0841 7044 MRxDAV - ok
16:33:29.0867 7044 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:33:29.0870 7044 mrxsmb - ok
16:33:29.0895 7044 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:33:29.0900 7044 mrxsmb10 - ok
16:33:29.0921 7044 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:33:29.0924 7044 mrxsmb20 - ok
16:33:29.0959 7044 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:33:29.0960 7044 msahci - ok
16:33:29.0987 7044 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:33:29.0991 7044 msdsm - ok
16:33:30.0016 7044 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:33:30.0021 7044 MSDTC - ok
16:33:30.0063 7044 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:33:30.0064 7044 Msfs - ok
16:33:30.0089 7044 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:33:30.0090 7044 mshidkmdf - ok
16:33:30.0110 7044 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:33:30.0111 7044 msisadrv - ok
16:33:30.0148 7044 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:33:30.0153 7044 MSiSCSI - ok
16:33:30.0160 7044 msiserver - ok
16:33:30.0194 7044 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:33:30.0196 7044 MSKSSRV - ok
16:33:30.0214 7044 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:33:30.0216 7044 MSPCLOCK - ok
16:33:30.0231 7044 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:33:30.0233 7044 MSPQM - ok
16:33:30.0264 7044 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:33:30.0270 7044 MsRPC - ok
16:33:30.0293 7044 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:33:30.0294 7044 mssmbios - ok
16:33:30.0303 7044 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:33:30.0305 7044 MSTEE - ok
16:33:30.0326 7044 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:33:30.0328 7044 MTConfig - ok
16:33:30.0349 7044 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:33:30.0351 7044 Mup - ok
16:33:30.0401 7044 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:33:30.0410 7044 napagent - ok
16:33:30.0457 7044 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:33:30.0463 7044 NativeWifiP - ok
16:33:30.0530 7044 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:33:30.0542 7044 NDIS - ok
16:33:30.0569 7044 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:33:30.0571 7044 NdisCap - ok
16:33:30.0587 7044 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:33:30.0589 7044 NdisTapi - ok
16:33:30.0602 7044 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:33:30.0604 7044 Ndisuio - ok
16:33:30.0623 7044 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:33:30.0627 7044 NdisWan - ok
16:33:30.0639 7044 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:33:30.0641 7044 NDProxy - ok
16:33:30.0656 7044 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:33:30.0657 7044 NetBIOS - ok
16:33:30.0683 7044 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:33:30.0689 7044 NetBT - ok
16:33:30.0708 7044 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:30.0710 7044 Netlogon - ok
16:33:30.0745 7044 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:33:30.0753 7044 Netman - ok
16:33:30.0813 7044 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:33:30.0816 7044 NetMsmqActivator - ok
16:33:30.0824 7044 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:33:30.0826 7044 NetPipeActivator - ok
16:33:30.0886 7044 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:33:30.0895 7044 netprofm - ok
16:33:30.0972 7044 netr28x (8b5d2d7cb0ef5b1967860b8ab742a46c) C:\Windows\system32\DRIVERS\netr28x.sys
16:33:30.0985 7044 netr28x - ok
16:33:31.0027 7044 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:33:31.0029 7044 NetTcpActivator - ok
16:33:31.0039 7044 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:33:31.0042 7044 NetTcpPortSharing - ok
16:33:31.0104 7044 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:33:31.0107 7044 nfrd960 - ok
16:33:31.0150 7044 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:33:31.0157 7044 NlaSvc - ok
16:33:31.0324 7044 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
16:33:31.0379 7044 NOBU - ok
16:33:31.0480 7044 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:33:31.0482 7044 Npfs - ok
16:33:31.0506 7044 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:33:31.0509 7044 nsi - ok
16:33:31.0528 7044 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:33:31.0529 7044 nsiproxy - ok
16:33:31.0644 7044 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:33:31.0680 7044 Ntfs - ok
16:33:31.0799 7044 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:33:31.0800 7044 Null - ok
16:33:31.0834 7044 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:33:31.0837 7044 nvraid - ok
16:33:31.0858 7044 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:33:31.0862 7044 nvstor - ok
16:33:31.0882 7044 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:33:31.0886 7044 nv_agp - ok
16:33:31.0904 7044 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:33:31.0906 7044 ohci1394 - ok
16:33:31.0987 7044 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:33:31.0989 7044 ose64 - ok
16:33:32.0268 7044 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:33:32.0310 7044 osppsvc - ok
16:33:32.0415 7044 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:33:32.0424 7044 p2pimsvc - ok
16:33:32.0487 7044 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:33:32.0496 7044 p2psvc - ok
16:33:32.0558 7044 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:33:32.0561 7044 Parport - ok
16:33:32.0578 7044 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:33:32.0580 7044 partmgr - ok
16:33:32.0612 7044 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:33:32.0617 7044 PcaSvc - ok
16:33:32.0657 7044 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:33:32.0660 7044 pci - ok
16:33:32.0704 7044 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:33:32.0706 7044 pciide - ok
16:33:32.0735 7044 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:33:32.0739 7044 pcmcia - ok
16:33:32.0772 7044 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:33:32.0774 7044 pcw - ok
16:33:32.0804 7044 pdfcDispatcher - ok
16:33:32.0841 7044 PdiService (c7801def1c78747996a52c1f4c473e6f) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
16:33:32.0844 7044 PdiService - ok
16:33:32.0893 7044 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:33:32.0902 7044 PEAUTH - ok
16:33:32.0989 7044 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:33:32.0992 7044 PerfHost - ok
16:33:33.0115 7044 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:33:33.0144 7044 pla - ok
16:33:33.0196 7044 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:33:33.0210 7044 PlugPlay - ok
16:33:33.0261 7044 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:33:33.0265 7044 PNRPAutoReg - ok
16:33:33.0294 7044 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:33:33.0299 7044 PNRPsvc - ok
16:33:33.0354 7044 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
16:33:33.0356 7044 Point64 - ok
16:33:33.0406 7044 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:33:33.0415 7044 PolicyAgent - ok
16:33:33.0468 7044 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:33:33.0474 7044 Power - ok
16:33:33.0501 7044 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:33:33.0504 7044 PptpMiniport - ok
16:33:33.0536 7044 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:33:33.0538 7044 Processor - ok
16:33:33.0566 7044 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:33:33.0571 7044 ProfSvc - ok
16:33:33.0597 7044 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:33.0599 7044 ProtectedStorage - ok
16:33:33.0616 7044 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:33:33.0620 7044 Psched - ok
16:33:33.0722 7044 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:33:33.0762 7044 ql2300 - ok
16:33:33.0870 7044 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:33:33.0876 7044 ql40xx - ok
16:33:33.0904 7044 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:33:33.0910 7044 QWAVE - ok
16:33:33.0922 7044 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:33:33.0924 7044 QWAVEdrv - ok
16:33:33.0963 7044 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:33:33.0965 7044 RasAcd - ok
16:33:33.0997 7044 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:33:33.0999 7044 RasAgileVpn - ok
16:33:34.0035 7044 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:33:34.0039 7044 RasAuto - ok
16:33:34.0062 7044 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:33:34.0066 7044 Rasl2tp - ok
16:33:34.0095 7044 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:33:34.0103 7044 RasMan - ok
16:33:34.0138 7044 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:33:34.0141 7044 RasPppoe - ok
16:33:34.0162 7044 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:33:34.0164 7044 RasSstp - ok
16:33:34.0215 7044 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:33:34.0220 7044 rdbss - ok
16:33:34.0267 7044 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
16:33:34.0269 7044 rdpbus - ok
16:33:34.0294 7044 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:33:34.0296 7044 RDPCDD - ok
16:33:34.0341 7044 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:33:34.0343 7044 RDPENCDD - ok
16:33:34.0372 7044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:33:34.0374 7044 RDPREFMP - ok
16:33:34.0412 7044 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:33:34.0416 7044 RDPWD - ok
16:33:34.0442 7044 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:33:34.0446 7044 rdyboost - ok
16:33:34.0476 7044 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:33:34.0479 7044 RemoteAccess - ok
16:33:34.0496 7044 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:33:34.0501 7044 RemoteRegistry - ok
16:33:34.0570 7044 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
16:33:34.0576 7044 RoxioNow Service - ok
16:33:34.0616 7044 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:33:34.0620 7044 RpcEptMapper - ok
16:33:34.0638 7044 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:33:34.0641 7044 RpcLocator - ok
16:33:34.0683 7044 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:33:34.0691 7044 RpcSs - ok
16:33:34.0772 7044 RSPCIESTOR (f8fea7764348c59262b340916cbfeb40) C:\Windows\system32\DRIVERS\RtsPStor.sys
16:33:34.0776 7044 RSPCIESTOR - ok
16:33:34.0792 7044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:33:34.0794 7044 rspndr - ok
16:33:34.0845 7044 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:33:34.0850 7044 RTL8167 - ok
16:33:34.0870 7044 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:34.0873 7044 SamSs - ok
16:33:34.0896 7044 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:33:34.0899 7044 sbp2port - ok
16:33:34.0928 7044 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:33:34.0934 7044 SCardSvr - ok
16:33:34.0978 7044 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:33:34.0980 7044 scfilter - ok
16:33:35.0054 7044 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:33:35.0081 7044 Schedule - ok
16:33:35.0109 7044 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:33:35.0112 7044 SCPolicySvc - ok
16:33:35.0133 7044 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:33:35.0139 7044 SDRSVC - ok
16:33:35.0168 7044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:33:35.0169 7044 secdrv - ok
16:33:35.0180 7044 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:33:35.0184 7044 seclogon - ok
16:33:35.0237 7044 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:33:35.0241 7044 SENS - ok
16:33:35.0280 7044 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:33:35.0284 7044 SensrSvc - ok
16:33:35.0315 7044 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:33:35.0317 7044 Serenum - ok
16:33:35.0356 7044 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:33:35.0359 7044 Serial - ok
16:33:35.0402 7044 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:33:35.0404 7044 sermouse - ok
16:33:35.0468 7044 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:33:35.0473 7044 SessionEnv - ok
16:33:35.0504 7044 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:33:35.0506 7044 sffdisk - ok
16:33:35.0525 7044 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:33:35.0528 7044 sffp_mmc - ok
16:33:35.0542 7044 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:33:35.0544 7044 sffp_sd - ok
16:33:35.0560 7044 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:33:35.0563 7044 sfloppy - ok
16:33:35.0606 7044 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:33:35.0613 7044 SharedAccess - ok
16:33:35.0665 7044 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:33:35.0672 7044 ShellHWDetection - ok
16:33:35.0692 7044 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:33:35.0694 7044 SiSRaid2 - ok
16:33:35.0712 7044 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:33:35.0714 7044 SiSRaid4 - ok
16:33:35.0744 7044 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:33:35.0747 7044 Smb - ok
16:33:35.0780 7044 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:33:35.0784 7044 SNMPTRAP - ok
16:33:35.0803 7044 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:33:35.0804 7044 spldr - ok
16:33:35.0851 7044 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:33:35.0862 7044 Spooler - ok
16:33:36.0094 7044 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:33:36.0164 7044 sppsvc - ok
16:33:36.0244 7044 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:33:36.0249 7044 sppuinotify - ok
16:33:36.0296 7044 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:33:36.0304 7044 srv - ok
16:33:36.0352 7044 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:33:36.0359 7044 srv2 - ok
16:33:36.0418 7044 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:33:36.0421 7044 srvnet - ok
16:33:36.0445 7044 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:33:36.0451 7044 SSDPSRV - ok
16:33:36.0483 7044 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:33:36.0487 7044 SstpSvc - ok
16:33:36.0503 7044 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:33:36.0505 7044 stexstor - ok
16:33:36.0567 7044 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:33:36.0577 7044 stisvc - ok
16:33:36.0607 7044 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:33:36.0608 7044 swenum - ok
16:33:36.0637 7044 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:33:36.0647 7044 swprv - ok
16:33:36.0769 7044 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:33:36.0813 7044 SysMain - ok
16:33:36.0888 7044 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:33:36.0893 7044 TabletInputService - ok
16:33:36.0922 7044 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:33:36.0930 7044 TapiSrv - ok
16:33:36.0948 7044 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:33:36.0953 7044 TBS - ok
16:33:37.0076 7044 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:33:37.0133 7044 Tcpip - ok
16:33:37.0296 7044 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:33:37.0313 7044 TCPIP6 - ok
16:33:37.0392 7044 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:33:37.0394 7044 tcpipreg - ok
16:33:37.0421 7044 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:33:37.0423 7044 TDPIPE - ok
16:33:37.0464 7044 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:33:37.0466 7044 TDTCP - ok
16:33:37.0511 7044 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:33:37.0514 7044 tdx - ok
16:33:37.0533 7044 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:33:37.0534 7044 TermDD - ok
16:33:37.0588 7044 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:33:37.0600 7044 TermService - ok
16:33:37.0619 7044 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:33:37.0622 7044 Themes - ok
16:33:37.0641 7044 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:33:37.0644 7044 THREADORDER - ok
16:33:37.0666 7044 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:33:37.0671 7044 TrkWks - ok
16:33:37.0724 7044 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:33:37.0727 7044 TrustedInstaller - ok
16:33:37.0757 7044 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:33:37.0759 7044 tssecsrv - ok
16:33:37.0776 7044 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:33:37.0779 7044 TsUsbFlt - ok
16:33:37.0823 7044 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:33:37.0825 7044 TsUsbGD - ok
16:33:37.0869 7044 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:33:37.0872 7044 tunnel - ok
16:33:37.0900 7044 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:33:37.0902 7044 uagp35 - ok
16:33:37.0938 7044 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:33:37.0943 7044 udfs - ok
16:33:38.0005 7044 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:33:38.0009 7044 UI0Detect - ok
16:33:38.0033 7044 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:33:38.0036 7044 uliagpkx - ok
16:33:38.0077 7044 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:33:38.0079 7044 umbus - ok
16:33:38.0098 7044 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:33:38.0101 7044 UmPass - ok
16:33:38.0138 7044 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:33:38.0146 7044 upnphost - ok
16:33:38.0179 7044 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:33:38.0182 7044 USBAAPL64 - ok
16:33:38.0237 7044 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:33:38.0240 7044 usbaudio - ok
16:33:38.0262 7044 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:33:38.0265 7044 usbccgp - ok
16:33:38.0293 7044 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:33:38.0296 7044 usbcir - ok
16:33:38.0320 7044 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:33:38.0322 7044 usbehci - ok
16:33:38.0341 7044 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\drivers\usbfilter.sys
16:33:38.0343 7044 usbfilter - ok
16:33:38.0382 7044 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:33:38.0388 7044 usbhub - ok
16:33:38.0426 7044 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:33:38.0428 7044 usbohci - ok
16:33:38.0443 7044 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:33:38.0444 7044 usbprint - ok
16:33:38.0463 7044 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:33:38.0466 7044 usbscan - ok
16:33:38.0498 7044 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:33:38.0501 7044 USBSTOR - ok
16:33:38.0529 7044 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:33:38.0531 7044 usbuhci - ok
16:33:38.0588 7044 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:33:38.0592 7044 usbvideo - ok
16:33:38.0616 7044 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:33:38.0620 7044 UxSms - ok
16:33:38.0649 7044 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:33:38.0652 7044 VaultSvc - ok
16:33:38.0674 7044 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:33:38.0675 7044 vdrvroot - ok
16:33:38.0714 7044 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:33:38.0724 7044 vds - ok
16:33:38.0745 7044 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:33:38.0747 7044 vga - ok
16:33:38.0771 7044 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:33:38.0773 7044 VgaSave - ok
16:33:38.0801 7044 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:33:38.0806 7044 vhdmp - ok
16:33:38.0829 7044 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:33:38.0831 7044 viaide - ok
16:33:38.0853 7044 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:33:38.0855 7044 volmgr - ok
16:33:38.0888 7044 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:33:38.0893 7044 volmgrx - ok
16:33:38.0926 7044 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
16:33:38.0931 7044 volsnap - ok
16:33:38.0965 7044 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:33:38.0969 7044 vsmraid - ok
16:33:39.0063 7044 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:33:39.0103 7044 VSS - ok
16:33:39.0210 7044 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:33:39.0213 7044 vwifibus - ok
16:33:39.0250 7044 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:33:39.0254 7044 vwififlt - ok
16:33:39.0283 7044 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:33:39.0292 7044 W32Time - ok
16:33:39.0325 7044 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:33:39.0327 7044 WacomPen - ok
16:33:39.0372 7044 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:33:39.0375 7044 WANARP - ok
16:33:39.0382 7044 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:33:39.0387 7044 Wanarpv6 - ok
16:33:39.0478 7044 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:33:39.0507 7044 WatAdminSvc - ok
16:33:39.0591 7044 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:33:39.0624 7044 wbengine - ok
16:33:39.0694 7044 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:33:39.0700 7044 WbioSrvc - ok
16:33:39.0732 7044 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:33:39.0741 7044 wcncsvc - ok
16:33:39.0769 7044 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:33:39.0774 7044 WcsPlugInService - ok
16:33:39.0807 7044 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:33:39.0809 7044 Wd - ok
16:33:39.0877 7044 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:33:39.0886 7044 Wdf01000 - ok
16:33:39.0908 7044 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:33:39.0912 7044 WdiServiceHost - ok
16:33:39.0929 7044 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:33:39.0933 7044 WdiSystemHost - ok
16:33:39.0964 7044 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:33:39.0971 7044 WebClient - ok
16:33:40.0026 7044 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:33:40.0032 7044 Wecsvc - ok
16:33:40.0061 7044 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:33:40.0065 7044 wercplsupport - ok
16:33:40.0086 7044 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:33:40.0090 7044 WerSvc - ok
16:33:40.0119 7044 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:33:40.0121 7044 WfpLwf - ok
16:33:40.0139 7044 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:33:40.0141 7044 WIMMount - ok
16:33:40.0159 7044 WinHttpAutoProxySvc - ok
16:33:40.0216 7044 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:33:40.0220 7044 Winmgmt - ok
16:33:40.0339 7044 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:33:40.0383 7044 WinRM - ok
16:33:40.0507 7044 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:33:40.0510 7044 WinUsb - ok
16:33:40.0578 7044 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:33:40.0592 7044 Wlansvc - ok
16:33:40.0645 7044 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:33:40.0647 7044 wlcrasvc - ok
16:33:40.0774 7044 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:33:40.0819 7044 wlidsvc - ok
16:33:40.0887 7044 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:33:40.0889 7044 WmiAcpi - ok
16:33:40.0929 7044 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:33:40.0933 7044 wmiApSrv - ok
16:33:40.0959 7044 WMPNetworkSvc - ok
16:33:40.0981 7044 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:33:40.0985 7044 WPCSvc - ok
16:33:41.0006 7044 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:33:41.0011 7044 WPDBusEnum - ok
16:33:41.0050 7044 WRkrn (e9c67f61d9addbc2404f1f72479d12ab) C:\Windows\system32\drivers\WRkrn.sys
16:33:41.0053 7044 WRkrn - ok
16:33:41.0114 7044 WRSVC (f4cc61ac7d597a228fdb0ab850c17724) C:\Program Files\Webroot\WRSA.exe
16:33:41.0120 7044 WRSVC - ok
16:33:41.0146 7044 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:33:41.0148 7044 ws2ifsl - ok
16:33:41.0165 7044 WSearch - ok
16:33:41.0295 7044 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:33:41.0348 7044 wuauserv - ok
16:33:41.0417 7044 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:33:41.0420 7044 WudfPf - ok
16:33:41.0446 7044 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:33:41.0450 7044 WUDFRd - ok
16:33:41.0474 7044 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:33:41.0479 7044 wudfsvc - ok
16:33:41.0515 7044 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:33:41.0522 7044 WwanSvc - ok
16:33:41.0581 7044 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:33:41.0711 7044 \Device\Harddisk0\DR0 - ok
16:33:41.0719 7044 Boot (0x1200) (5c10f28c4717727767f2f742f678cd7d) \Device\Harddisk0\DR0\Partition0
16:33:41.0721 7044 \Device\Harddisk0\DR0\Partition0 - ok
16:33:41.0767 7044 Boot (0x1200) (e178a9c6f2310a647cfadbc303d896fa) \Device\Harddisk0\DR0\Partition1
16:33:41.0769 7044 \Device\Harddisk0\DR0\Partition1 - ok
16:33:41.0799 7044 Boot (0x1200) (ab24b5a819537b1337404e4fdd128ca1) \Device\Harddisk0\DR0\Partition2
16:33:41.0802 7044 \Device\Harddisk0\DR0\Partition2 - ok
16:33:41.0809 7044 ============================================================
16:33:41.0809 7044 Scan finished
16:33:41.0809 7044 ============================================================
16:33:41.0830 5224 Detected object count: 1
16:33:41.0830 5224 Actual detected object count: 1
16:33:53.0758 5224 C:\Windows\system32\NeroMediaHomeService.4.dll - copied to quarantine
16:33:53.0774 5224 HKLM\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50215_32 - will be deleted on reboot
16:33:53.0823 5224 HKLM\SYSTEM\ControlSet002\services\clr_optimization_v2.0.50215_32 - will be deleted on reboot
16:33:53.0928 5224 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
16:33:53.0980 5224 C:\Windows\system32\NeroMediaHomeService.4.dll - will be deleted on reboot
16:33:53.0980 5224 clr_optimization_v2.0.50215_32 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
16:34:15.0041 4960 Deinitialize success


Here's the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-09 18:07:54
-----------------------------
18:07:54.733 OS Version: Windows x64 6.1.7601 Service Pack 1
18:07:54.733 Number of processors: 2 586 0x200
18:07:54.733 ComputerName: LIZSCOMPUTER-HP UserName: Liz's Computer
18:07:57.151 Initialize success
18:08:40.289 AVAST engine defs: 12050901
18:37:31.904 The log file has been saved successfully to "C:\Users\Liz's Computer\Documents\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-09 18:40:54
-----------------------------
18:40:54.907 OS Version: Windows x64 6.1.7601 Service Pack 1
18:40:54.907 Number of processors: 2 586 0x200
18:40:54.907 ComputerName: LIZSCOMPUTER-HP UserName: Liz's Computer
18:40:57.699 Initialize success
18:41:05.796 AVAST engine defs: 12050901
18:41:24.001 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
18:41:24.001 Disk 0 Vendor: ST310005 HP63 Size: 953869MB BusType: 11
18:41:24.016 Disk 0 MBR read successfully
18:41:24.032 Disk 0 MBR scan
18:41:24.032 Disk 0 Windows 7 default MBR code
18:41:24.048 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:41:24.063 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941706 MB offset 206848
18:41:24.110 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12061 MB offset 1928820736
18:41:24.157 Disk 0 scanning C:\Windows\system32\drivers
18:41:37.872 Service scanning
18:41:45.501 Service hwpsgt C:\Windows\system32\iap.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:42:07.733 Modules scanning
18:42:07.764 Disk 0 trace - called modules:
18:42:07.779 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:42:07.795 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd7060]
18:42:07.795 3 CLASSPNP.SYS[fffff8800195243f] -> nt!IofCallDriver -> [0xfffffa80046aba30]
18:42:07.811 5 amd_xata.sys[fffff880010b08f7] -> nt!IofCallDriver -> \Device\00000059[0xfffffa80046a7460]
18:42:11.836 AVAST engine scan C:\Windows
18:42:16.096 AVAST engine scan C:\Windows\system32
18:42:28.905 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
18:42:46.393 File: C:\Windows\system32\iap.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:44:19.232 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
18:44:20.902 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
18:46:15.019 File: C:\Windows\assembly\temp\U\00000002.@ **INFECTED** Win32:BitCoinMiner-R [Trj]
18:46:15.222 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
18:46:15.269 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
18:46:17.999 AVAST engine scan C:\Windows\system32\drivers
18:46:34.465 AVAST engine scan C:\Users\Liz's Computer
18:47:55.777 Disk 0 MBR has been saved successfully to "C:\Users\Liz's Computer\Documents\Downloads\MBR.dat"
18:47:55.808 The log file has been saved successfully to "C:\Users\Liz's Computer\Documents\Downloads\aswMBR.txt"

#10 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 May 2012 - 05:49 PM

Do I hit the fixMBR button in aswMBR?

#11 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 May 2012 - 05:51 PM

Sorry, not done with aswMBR yet. My bad.

#12 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 May 2012 - 06:03 PM

Ok, here's the full log.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-09 18:40:54
-----------------------------
18:40:54.907 OS Version: Windows x64 6.1.7601 Service Pack 1
18:40:54.907 Number of processors: 2 586 0x200
18:40:54.907 ComputerName: LIZSCOMPUTER-HP UserName: Liz's Computer
18:40:57.699 Initialize success
18:41:05.796 AVAST engine defs: 12050901
18:41:24.001 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
18:41:24.001 Disk 0 Vendor: ST310005 HP63 Size: 953869MB BusType: 11
18:41:24.016 Disk 0 MBR read successfully
18:41:24.032 Disk 0 MBR scan
18:41:24.032 Disk 0 Windows 7 default MBR code
18:41:24.048 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:41:24.063 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941706 MB offset 206848
18:41:24.110 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12061 MB offset 1928820736
18:41:24.157 Disk 0 scanning C:\Windows\system32\drivers
18:41:37.872 Service scanning
18:41:45.501 Service hwpsgt C:\Windows\system32\iap.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:42:07.733 Modules scanning
18:42:07.764 Disk 0 trace - called modules:
18:42:07.779 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:42:07.795 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd7060]
18:42:07.795 3 CLASSPNP.SYS[fffff8800195243f] -> nt!IofCallDriver -> [0xfffffa80046aba30]
18:42:07.811 5 amd_xata.sys[fffff880010b08f7] -> nt!IofCallDriver -> \Device\00000059[0xfffffa80046a7460]
18:42:11.836 AVAST engine scan C:\Windows
18:42:16.096 AVAST engine scan C:\Windows\system32
18:42:28.905 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
18:42:46.393 File: C:\Windows\system32\iap.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:44:19.232 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
18:44:20.902 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
18:46:15.019 File: C:\Windows\assembly\temp\U\00000002.@ **INFECTED** Win32:BitCoinMiner-R [Trj]
18:46:15.222 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
18:46:15.269 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
18:46:17.999 AVAST engine scan C:\Windows\system32\drivers
18:46:34.465 AVAST engine scan C:\Users\Liz's Computer
18:47:55.777 Disk 0 MBR has been saved successfully to "C:\Users\Liz's Computer\Documents\Downloads\MBR.dat"
18:47:55.808 The log file has been saved successfully to "C:\Users\Liz's Computer\Documents\Downloads\aswMBR.txt"
18:50:35.844 File: C:\Users\Liz's Computer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\2f4e28b5-6a96165b **INFECTED** Win32:Dropper-gen [Drp]
18:53:43.881 AVAST engine scan C:\ProgramData
18:55:41.743 Scan finished successfully
19:01:48.390 Disk 0 MBR has been saved successfully to "C:\Users\Liz's Computer\Documents\Downloads\MBR.dat"
19:01:48.410 The log file has been saved successfully to "C:\Users\Liz's Computer\Documents\Downloads\aswMBR.txt"


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:23 PM

Posted 09 May 2012 - 06:42 PM

Is it redirecting now?
This shpuld kill those infections.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.

Edited by boopme, 09 May 2012 - 08:13 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 10 May 2012 - 12:36 PM

Sorry. I'm back. I could not scan originally with ESET. Something about a proxy server. So i did a Kapersky Virus Scan, followed by a F-Secure scan. That allowed me to use the ESET. I am still getting redirected, not only on google, but on bleepingcomputer links. So, let me know if you have any more suggestions. This is starting to look hopeless. I'll let you know when the ESET is done.

#15 airdelivery

airdelivery
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 10 May 2012 - 12:40 PM

Here's the scan from F-Secure:

Scanning Report
Thursday, May 10, 2012 08:51:08 - 09:32:50
Computer name: LIZSCOMPUTER-HP
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

2 malware found
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 73809
System: 6204
Not scanned: 72
Actions:
Disinfected: 2
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\1A7EBEB58FCF82B267D0A64CCCFDD30A502B6F87.HOMEGROUPCLASSIFIER\2749FA2F1A73DEF6A1534C3D642FD3EA\GROUPING\DB.MDB
C:\USERS\LIZ'S COMPUTER\APPDATA\LOCAL\TEMP\~DF4CD3ABB913D6373D.TMP
C:\USERS\LIZ'S COMPUTER\APPDATA\LOCAL\TEMP\~DF804AD995E93FD8D6.TMP
C:\USERS\LIZ'S COMPUTER\APPDATA\LOCAL\TEMP\~DFCF6EA9F047233D75.TMP
C:\USERS\LIZ'S COMPUTER\APPDATA\LOCAL\TEMP\HSPERFDATA_LIZ'S COMPUTER\1008
C:\USERS\LIZ'S COMPUTER\APPDATA\LOCAL\TEMP\HSPERFDATA_LIZ'S COMPUTER\5580
C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
C:\SYSTEM VOLUME INFORMATION\{264C8776-8471-11E1-AAF9-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{264C8BA0-8471-11E1-AAF9-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{264C8C72-8471-11E1-AAF9-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{264C8FB6-8471-11E1-AAF9-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{264C9252-8471-11E1-AAF9-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E835BBE1-6E1F-11E1-AD86-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E835C7AC-6E1F-11E1-AD86-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E835C3E5-6E1F-11E1-AD86-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E835CB21-6E1F-11E1-AD86-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E835CCFE-6E1F-11E1-AD86-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E835CD18-6E1F-11E1-AD86-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{E835CCC8-6E1F-11E1-AD86-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{EBB948BD-9866-11E1-B7D6-E89A8FB1DF77}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\067E979A199A8D27D8AC03A519FEB9C1_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\090468EC0D73B4428AF6A718704EA8F0_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\181266AC4AD10D30D000F3A7270E3685_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1ED9A293928BBA7E0337088AD3DE6581_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F28D379C167C1D10941333D64B39B11_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E0F4F5F3D54627B292F5B715AC68F06_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3693BC3506A36B9F9E09432CA3C6ECBC_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\30341062A6BF787E3F75A7DE4D10D18F_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4546210406C1F6D169CC895808A4AFDC_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5062BAB28DB4C19F6D18BA4CD0991DD9_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\553B164E5BAF53D030B861604C9DEE41_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\385D0F2031897E09FC28AF61A514347D_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4034F17AC2775A60DD5A683D00323255_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55C48ABA674CCF4DA9C206EC5BCBEC8C_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58C27280EAAF1C727D702BE945F58AFD_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7328A3D7007F28351404DA332B956514_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\750C6609EA9CA8EBE648EA891EA1D080_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\578878E322BA7587E2BFF69ABD6E38C6_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7AEE892AB449CDAE499406EC787BC936_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0D917EB6B2CCB2F276DEB167D3FE25E_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9EAA0082CFEE1375ADF7CF30D4E43F62_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0957F4DE49E8A4CCC5868539164EA29_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B1163CFB22529A79E93F115139FB29B_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7A2BB5F69E80D7BE4B5527103D6ABA2_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF6CEECA7DBA163EE2CA162D6BAEAEFC_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D169FA727D930A3FB6D6F15C127D6F53_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B92FE38D4120C8992EE8979AEE0574C7_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D75C0CE76F389F33F065AF3130A3755B_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E65ECAA5777EB6BAA1753CABBD941414_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5A28D5B9FDEEFC146584B941A1CEE65_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EFD7AD7A337F4FED3FCA6D680E6308F0_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F5FAB9CA10913ECAF1249D94F77782F7_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F7B1B07875F3573770A9F2BD2A17762C_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FABA15227399BF262F0D4B6C48B482F2_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF8B2AA5BB4D8E152E05300E21F98DB6_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FA8E6CB59E6010A9DC33D0B50AA9E981_9E44A645-9B20-4BD7-A99D-6AD51FD792E3
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB7A8283A986F720A75C22B9D8E2EAAD_9E44A645-9B20-4BD7-A99D-6AD51FD792E3

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
Use advanced heuristics




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users