Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Invisible" Viruses!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! URGENT!!!!!!!


  • This topic is locked This topic is locked
48 replies to this topic

#1 maske3344

maske3344

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 11 July 2014 - 09:11 PM

Hi, I have been having a serious trouble with various viruses that are hidden somewhere in my computer!
First, there's the "You may also like..." ad virus.
Second, there are Monkeytize pop-up ads.
Third, whenever I click a link or renew a page, another window (ad) pops up, telling me to download sh*t (sorry, got me angry talking about it).
Fourth, virus keeps bothering the proxy setting on Chrome.
And fifth, new files download on there own on my drive.
 
I have downloaded and used the stuff this website has recommended, but they didn't do anything, especially the AdwCleaner. The computer says that it cannot open the file.
 
Malwarebyte, Ahnlab and Spypot don't find anything either....
 
I downloaded Freefixer to get rid of a virus, but the virus keeps appearing again and again!
 
HELP!!!!!!!!!!!!! :(
 
 
 
FRST log:
 
can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by 구정애 (administrator) on 구정애-PC on 11-07-2014 20:44:43
Running from C:\Users\구정애\Downloads
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: 한국어(대한민국)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Kephyr) C:\Program Files\FreeFixer\freefixer.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\V3Lite30\ASDSvc.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\V3Lite30\V3Lite.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Google Inc.) C:\Users\구정애\Downloads\ChromeSetup.exe
(Google Inc) C:\Users\구정애\AppData\Local\Temp\GUMF604.tmp\GoogleUpdate.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE [43808 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [V3 Application] => C:\Program Files\AhnLab\V3Lite30\V3Lite.exe [1994992 2014-04-02] (AhnLab, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HOfficeViewerUpdate] => C:\Program Files (x86)\HNC\HOfficeViewer80\HncUtils\HncViewerChecker.exe [714096 2011-12-19] (Hancom Inc(HNC).)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Korean IME Migration] => C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3555321914-2000873654-4226455716-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3555321914-2000873654-4226455716-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3555321914-2000873654-4226455716-1001\...\MountPoints2: {e4c094cf-f152-11e1-99ac-0024e822ba67} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\TL-Bootstrap.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://naver.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38} 
DPF: HKLM-x32 {054BF5DC-6052-4235-9DB4-7CCDC28CF8B4} https://nxpartners.okcashbag.com/itrs/meps/ITRSClient.cab
DPF: HKLM-x32 {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.epostbank.go.kr/js/scriptx/smsx.cab
DPF: HKLM-x32 {23670005-6E8F-4387-9C5D-E896EB25B898} http://www.iros.go.kr/iris/axbee/AXBeeLauncher.cab
DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} https://plugin.inicis.com/wallet61/INIwallet61_vista.cab
DPF: HKLM-x32 {27640517-0513-4D81-A61E-228DC51680F8} http://ck.softforum.co.kr/CKFW/seouletax/CKFW.cab
DPF: HKLM-x32 {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} http://download.banktown.com/kfcc/plugin/down/INIS60.cab
DPF: HKLM-x32 {325A2282-C738-4265-B43D-587926879609} http://www.iros.go.kr/iris/TrustedZoneCtrl.cab
DPF: HKLM-x32 {39461460-2552-4D51-A062-3AB6A7B902E9} http://img.shinhan.com/shttp/install/7209/down/INIS70.cab
DPF: HKLM-x32 {39FC0CF9-86F3-4502-B773-D16706EDEC83} http://img.shinhan.com/rib/common/keyStroke/SoftCamp/403174/SCSK4_WOW64.cab
DPF: HKLM-x32 {3A76E2A8-F8E8-432F-B0C1-91073F128D8E} http://pimg.hanmail.net/uploader/PlanetUpload.cab
DPF: HKLM-x32 {477D5B9A-6479-44F8-9718-9340119B0308} http://www.hanabank.com/resource/download/veraport/down/veraport20.cab
DPF: HKLM-x32 {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} http://update.nprotect.net/nprotect2007/kfcc/npstarter_0812131.cab
DPF: HKLM-x32 {55218724-9E0F-4A9A-858C-B5E6F5A9C65E} http://kings.cachenet.com/idefense/shinhanlife_20110615/idefense.cab
DPF: HKLM-x32 {56C415FF-EA88-4624-8559-A5D50AA38C19} http://pimg.hanmail.net/cafeOneshot_1099/OneShotEditor.cab
DPF: HKLM-x32 {5DF725B0-23C1-11DB-868D-000D87559872} http://www.mbest.co.kr/helper/mstart/mhelper.CAB
DPF: HKLM-x32 {646232F1-8C70-4806-9499-BA01A59FDA74} http://www.giro.or.kr/html/yessign/cab/yessign7.cab
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\구정애\AppData\Local\Temp\2011930\TouchEnKey_Installer_x86.exe
DPF: HKLM-x32 {6FE760D3-7851-4879-8838-62D9881D7177} http://img.shinhan.com/ums/initech/IniMasPlugin.cab
DPF: HKLM-x32 {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg8.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: HKLM-x32 {938527D1-CDB7-4147-998A-B20FCA5CC976} http://cafeimg.daum-img.net/cab9_1/dmcc2.cab?Version=1,0,0,10
DPF: HKLM-x32 {99277D5A-52B3-4B2E-AC38-B0065575FC55} http://ocx.mbest.gscdn.com/get/starplayer/starplayer-0.0.2.46.cab
DPF: HKLM-x32 {B6F3B726-C827-4EAF-848D-CEF4D4FC5E25} http://www.samsunglife.com/cab/SecuiBohumDKIE.cab
DPF: HKLM-x32 {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_4/DaumActiveX.cab?ver=2,0,1,4
DPF: HKLM-x32 {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/kfcc/e2e/npkcx_1209191.cab
DPF: HKLM-x32 {DFFD6203-ACAF-4AE3-92EA-E0323FBF4BF3} http://www.samsungfire.com/download/secui/SecuiFireIE.cab
DPF: HKLM-x32 {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} https://plugin.inicis.com/banktown/wallet/plugin/BtPmntClient.cab
DPF: HKLM-x32 {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} http://update.nprotect.net/netizenv55/card/samsungcard/81/npenkIEInstall5.cab
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Handler-x32: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nprotect.com/npEfdsWPlugin - C:\Users\구정애\AppData\LocalLow\nProtect\npEfdsWCtrl\npEfdsWPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wizvera.com/npdolphin - C:\Program Files (x86)\Wizvera\Delfino\npdelfinoplugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 0\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - error\extensions\{jid1-vS7biDmom8YxhA@jetpack}
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.kr/
CHR StartupUrls: "hxxp://www.google.co.kr/"
CHR Extension: (Noc Security Antivirus) - C:\Users\구정애\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoogemgbiefclmdfbchneiejjmkjjifa [2014-05-05]
CHR Extension: (Google Wallet) - C:\Users\구정애\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKCU\...\Chrome\Extension: [cepjofekolhpdankoembdgfbpehkfkjm] - C:\Users\구정애\AppData\Local\CRE\cepjofekolhpdankoembdgfbpehkfkjm.crx [2013-10-31]
CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\Users\구정애\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx [2013-10-31]
CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\구정애\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com.crx [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [cepjofekolhpdankoembdgfbpehkfkjm] - C:\Users\구정애\AppData\Local\CRE\cepjofekolhpdankoembdgfbpehkfkjm.crx [2013-10-31]
CHR HKLM-x32\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\Users\구정애\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx [2013-10-31]
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\구정애\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-10-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] () [File not signed]
R2 V3 Service; C:\Program Files\AhnLab\V3Lite30\ASDSvc.exe [634088 2014-03-24] (AhnLab, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 AhnFlt2k; C:\Windows\system32\Drivers\AhnFlt2k.sys [74488 2013-04-16] (AhnLab, Inc.)
S3 AhnRec2k; C:\Windows\system32\Drivers\AhnRec2k.sys [27384 2013-04-16] (AhnLab, Inc.)
R3 AhnRghNt; C:\Windows\system32\Drivers\AhnRghNt.sys [58032 2014-02-10] (AhnLab, Inc.)
R1 AMonLWLH; C:\Windows\System32\DRIVERS\amonlwlh.sys [51960 2013-06-04] (AhnLab, Inc.)
R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [141528 2014-04-18] (AhnLab, Inc.)
S3 AntiStealth_V3LITE30; C:\Program Files\AhnLab\V3Lite30\AHAWKENT.sys [42208 2014-04-04] (AhnLab, Inc.)
S3 AntiStealth_V3LITE30F; C:\Program Files\AhnLab\V3Lite30\TfFRegNt.sys [176864 2014-04-04] (AhnLab, Inc.)
R1 ascrts_V3LITE30; C:\Program Files\AhnLab\V3Lite30\asc\ascrts.sys [3641560 2014-07-03] (AhnLab, Inc.)
R1 ATamptNt_V3LITE30; C:\Program Files\AhnLab\V3Lite30\AtamptNt.sys [304864 2014-04-03] (AhnLab, Inc.)
R3 Cdm2DrNt; C:\Windows\system32\Drivers\Cdm2DrNt.sys [89824 2014-02-18] (AhnLab, Inc.)
S3 ISMgr; C:\Windows\system32\ImageSAFERDrv64.sys [11256 2009-11-25] ()
S3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [19888 2013-04-25] (lumensoft Corporation)
S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2013-04-25] (Kings Information & Network)
S3 kcrtx86; C:\Windows\SysWOW64\kcrtx86.sys [126048 2012-10-02] (Kings Information & Network)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-07-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 MeDCoreD_V3LITE30; C:\Program Files\AhnLab\V3Lite30\MeDCoreD.sys [915696 2014-05-22] (AhnLab, Inc.)
R3 MeDVpDrv_V3LITE30; C:\Program Files\AhnLab\V3Lite30\MeDVpDrv.sys [492784 2014-05-22] (AhnLab, Inc.)
S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [98104 2012-08-17] (AhnLab, Inc.)
S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [107832 2012-08-17] (AhnLab, Inc.)
S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [166200 2012-08-23] (AhnLab, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 NPFW; C:\Windows\system32\NPFWVT64.sys [154376 2013-09-08] (INCA Internet Co.,Ltd.)
S3 NPFW; C:\Windows\SysWOW64\NPFWVT64.sys [154376 2013-09-08] (INCA Internet Co.,Ltd.)
S3 NPIDS; C:\Windows\system32\NpIdsVt64.sys [89352 2013-09-08] (INCA Internet Co.,Ltd.)
S3 NPIDS; C:\Windows\SysWOW64\NpIdsVt64.sys [89352 2013-09-08] (INCA Internet Co.,Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-07] ()
S3 SynUSB64; C:\Windows\System32\DRIVERS\SynUSB64.sys [29432 2007-10-24] (SIA Syncrosoft)
R1 TSFLTDRV_V3LITE30; C:\Program Files\AhnLab\V3Lite30\TSFltDrv.sys [263896 2014-03-05] (AhnLab, Inc.)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 BinGuardDrv; \??\C:\Windows\syswow64\BinGuardDrv.sys [X]
S3 cpuz134; \??\C:\Users\구정애\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 JRTDIFW; \??\C:\Windows\system32\JRTDIFW.SYS [X]
S3 npkcft64; \??\C:\Windows\SysWOW64\npkcft64.sys [X]
S3 npkuft64; \??\C:\Windows\SysWOW64\npkuft64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 x64kdss; syswow64\Drivers\x64kdss.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-11 20:44 - 2014-07-11 20:45 - 00000000 ____D () C:\Program Files (x86)\GUM5285.tmp
2014-07-11 20:44 - 2014-07-11 20:44 - 06010880 _____ () C:\Program Files (x86)\GUT5286.tmp
2014-07-11 17:37 - 2014-07-11 17:37 - 00000000 ____D () C:\Users\횄혘횂짧횄혗횂쨉횄혗횂짭횄혘횂짭횄혗횂혻횄혗횂혮횄혘횂짭횄혗횂혮횄혗횂혻
2014-07-11 17:20 - 2014-07-11 17:20 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 14:55 - 2014-07-11 20:12 - 00091513 _____ () C:\Windows\WindowsUpdate.log
2014-07-11 10:31 - 2014-07-11 10:31 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-10 22:13 - 2014-07-10 23:43 - 00000304 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-07-10 22:13 - 2014-07-10 22:13 - 00002964 _____ () C:\Windows\System32\Tasks\FreeFixer background scan
2014-07-10 22:12 - 2014-07-11 16:19 - 00000000 ____D () C:\Program Files\FreeFixer
2014-07-08 23:35 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 23:35 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 23:35 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 23:35 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 23:35 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 23:35 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 23:35 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 23:35 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 23:35 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 23:35 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 23:35 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 23:35 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 23:35 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 23:35 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 23:35 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 23:35 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 23:35 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 23:34 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 23:34 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 23:34 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 23:34 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 23:34 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 23:34 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 23:34 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 23:34 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 23:33 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 23:33 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 23:33 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 23:33 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 23:33 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 23:33 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 23:33 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 23:33 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 23:33 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 23:33 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 23:33 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 23:33 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 23:33 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 23:33 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 23:33 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 23:33 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 23:33 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 23:33 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 23:33 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 23:33 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 23:33 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 23:33 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 23:33 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 23:33 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 23:33 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 23:33 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 23:33 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 23:33 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 23:33 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 23:33 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 23:33 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 23:33 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 23:33 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 23:33 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 23:33 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 23:33 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 23:33 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 23:33 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 23:33 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 23:33 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 23:33 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 23:33 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 23:33 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 23:33 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 23:33 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 23:33 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 23:33 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 23:33 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 23:33 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 23:33 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 23:33 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 23:33 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 23:33 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 23:33 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 23:33 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 23:33 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-02 23:15 - 2014-07-02 23:15 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-02 23:13 - 2014-07-02 23:13 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-06-30 10:51 - 2013-03-25 10:46 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio.sys
2014-06-29 22:45 - 2014-06-29 22:45 - 00274920 _____ () C:\Windows\Minidump\062914-21496-01.dmp
2014-06-29 21:40 - 2014-06-29 21:40 - 00003114 _____ () C:\Windows\System32\Tasks\{4953AA8C-231C-407B-893F-E3EA688115C1}
2014-06-12 09:12 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 09:12 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 09:12 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 09:12 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 09:12 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 09:12 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 09:12 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 09:12 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 09:12 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 09:12 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 09:12 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 09:12 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 09:11 - 2014-05-08 04:32 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
 
==================== One Month Modified Files and Folders =======
 
2014-07-11 20:45 - 2014-07-11 20:44 - 00000000 ____D () C:\Program Files (x86)\GUM5285.tmp
2014-07-11 20:45 - 2012-09-15 16:25 - 00003674 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-11 20:45 - 2012-09-15 16:25 - 00003422 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-11 20:45 - 2012-09-15 16:25 - 00000678 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-11 20:45 - 2012-09-15 16:25 - 00000674 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-11 20:44 - 2014-07-11 20:44 - 06010880 _____ () C:\Program Files (x86)\GUT5286.tmp
2014-07-11 20:42 - 2012-08-02 19:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-11 20:12 - 2014-07-11 14:55 - 00091513 _____ () C:\Windows\WindowsUpdate.log
2014-07-11 19:35 - 2009-07-14 04:32 - 00000000 ____D () C:\Windows\ShellNew
2014-07-11 19:34 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-07-11 18:51 - 2014-05-06 01:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 18:34 - 2009-07-13 23:45 - 00016784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-11 18:34 - 2009-07-13 23:45 - 00016784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-11 18:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-11 18:29 - 2012-08-01 18:38 - 00000000 ____D () C:\Program Files (x86)\EBS
2014-07-11 18:26 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-11 18:14 - 2012-11-27 11:48 - 00000000 ____D () C:\Program Files (x86)\naver
2014-07-11 18:13 - 2012-08-24 12:42 - 00000000 ____D () C:\Program Files (x86)\Initech
2014-07-11 18:12 - 2012-10-10 20:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-11 17:37 - 2014-07-11 17:37 - 00000000 ____D () C:\Users\횄혘횂짧횄혗횂쨉횄혗횂짭횄혘횂짭횄혗횂혻횄혗횂혮횄혘횂짭횄혗횂혮횄혗횂혻
2014-07-11 17:20 - 2014-07-11 17:20 - 00000000 ____D () C:\Windows\ERUNT
2014-07-11 16:19 - 2014-07-10 22:12 - 00000000 ____D () C:\Program Files\FreeFixer
2014-07-11 10:31 - 2014-07-11 10:31 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-07-11 08:37 - 2012-08-16 10:50 - 00003876 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0ED2A745-2A78-4582-9550-FBC64779F2DF}
2014-07-10 23:43 - 2014-07-10 22:13 - 00000304 _____ () C:\Windows\Tasks\FreeFixer background scan.job
2014-07-10 22:13 - 2014-07-10 22:13 - 00002964 _____ () C:\Windows\System32\Tasks\FreeFixer background scan
2014-07-08 23:44 - 2009-07-13 23:45 - 00610840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-08 23:42 - 2014-05-06 20:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-08 23:42 - 2009-07-14 04:33 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 23:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-08 23:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-08 23:40 - 2013-08-14 10:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 23:38 - 2013-01-20 22:54 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-07 21:24 - 2012-07-31 12:10 - 03610840 _____ (AhnLab, Inc.) C:\Windows\system32\btscan.exe
2014-07-02 23:15 - 2014-07-02 23:15 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-02 23:15 - 2012-07-31 11:14 - 00000000 ____D () C:\Users\구정애
2014-07-02 23:13 - 2014-07-02 23:13 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-06-30 23:48 - 2014-05-15 00:20 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-06-29 22:45 - 2014-06-29 22:45 - 00274920 _____ () C:\Windows\Minidump\062914-21496-01.dmp
2014-06-29 22:45 - 2012-10-02 15:34 - 266164971 _____ () C:\Windows\MEMORY.DMP
2014-06-29 22:45 - 2012-10-02 15:34 - 00000000 ____D () C:\Windows\Minidump
2014-06-29 21:40 - 2014-06-29 21:40 - 00003114 _____ () C:\Windows\System32\Tasks\{4953AA8C-231C-407B-893F-E3EA688115C1}
2014-06-29 21:09 - 2014-07-08 23:34 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 21:04 - 2014-07-08 23:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-20 15:14 - 2014-07-08 23:33 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 14:39 - 2014-07-08 23:33 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-18 20:39 - 2014-07-08 23:33 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 20:06 - 2014-07-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 20:06 - 2014-07-08 23:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 19:48 - 2014-07-08 23:33 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 19:42 - 2014-07-08 23:33 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 19:42 - 2014-07-08 23:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 19:41 - 2014-07-08 23:33 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 19:41 - 2014-07-08 23:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 19:32 - 2014-07-08 23:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 19:31 - 2014-07-08 23:33 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 19:26 - 2014-07-08 23:33 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 19:24 - 2014-07-08 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 19:24 - 2014-07-08 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 19:23 - 2014-07-08 23:33 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 19:16 - 2014-07-08 23:33 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 19:14 - 2014-07-08 23:33 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 19:09 - 2014-07-08 23:33 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 18:59 - 2014-07-08 23:33 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 18:56 - 2014-07-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 18:53 - 2014-07-08 23:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 18:51 - 2014-07-08 23:33 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 18:50 - 2014-07-08 23:33 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 18:48 - 2014-07-08 23:33 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 18:39 - 2014-07-08 23:33 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 18:38 - 2014-07-08 23:33 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 18:37 - 2014-07-08 23:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 18:36 - 2014-07-08 23:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 18:35 - 2014-07-08 23:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 18:33 - 2014-07-08 23:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 18:32 - 2014-07-08 23:33 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 18:28 - 2014-07-08 23:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 18:28 - 2014-07-08 23:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 18:27 - 2014-07-08 23:33 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 18:27 - 2014-07-08 23:33 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 18:25 - 2014-07-08 23:33 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 18:23 - 2014-07-08 23:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 18:22 - 2014-07-08 23:33 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 18:12 - 2014-07-08 23:33 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 18:06 - 2014-07-08 23:33 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 18:01 - 2014-07-08 23:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 17:59 - 2014-07-08 23:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 17:58 - 2014-07-08 23:33 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 17:58 - 2014-07-08 23:33 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 17:52 - 2014-07-08 23:33 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 17:51 - 2014-07-08 23:33 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 17:49 - 2014-07-08 23:33 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 17:46 - 2014-07-08 23:33 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 17:45 - 2014-07-08 23:33 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 17:35 - 2014-07-08 23:33 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 17:34 - 2014-07-08 23:33 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 17:15 - 2014-07-08 23:33 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 17:13 - 2014-07-08 23:33 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 17:09 - 2014-07-08 23:33 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 17:07 - 2014-07-08 23:33 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 21:18 - 2014-07-08 23:34 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 20:51 - 2014-07-08 23:34 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 20:10 - 2014-07-08 23:34 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-30 19:54
 
==================== End Of Log ============================
 
 
 
 
 
 
Addition log:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014
Ran by 구정애 at 2014-07-11 20:47:06
Running from C:\Users\구정애\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: V3 Lite (Enabled - Up to date) {E5865943-7D93-B425-140C-3E676A98873E}
AS: V3 Lite (Enabled - Up to date) {5EE7B8A7-5BA9-BBAB-2EBC-0515111FCD83}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe Reader X (10.1.10) - Korean (HKLM-x32\...\{AC76BA86-7AD7-1042-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Camtasia Studio 8 (HKLM-x32\...\{45F34E54-DAD9-405B-A4F6-B12B0A46B984}) (Version: 8.4.1.1745 - TechSmith Corporation)
Delfino-x86 버전 1.1.0.1 (HKLM-x32\...\{E48E2437-FB9B-4596-9525-00DAFC7AABED}_is1) (Version: 1.1.0.1 - Wizvera)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
FreeFixer (HKLM-x32\...\FreeFixer1.11) (Version: 1.11 - Kephyr)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.43.5119 - Gretech Corporation)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (KOR) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1(한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden
V3 Lite (HKLM\...\{5FC548FC_0888_4832_B037_835C34A0B599}) (Version: 3.1.4.314 - AhnLab, Inc.)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Wondershare Video Editor(Build 3.6.2) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
네이트온 (HKLM-x32\...\{697E41EA-AEBE-4B5F-884E-87B5CD6C70AC}) (Version:  - )
한컴오피스 뷰어 2010 SE (HKLM-x32\...\Hancom HOffice 2010 Viewer Korean) (Version: 8.0.1 - Hancom)
한컴오피스 뷰어 2010 SE (x32 Version: 8.0.1 - Haansoft) Hidden
 
==================== Restore Points  =========================
 
02-07-2014 05:09:38 Windows Update
03-07-2014 04:12:28 Installed Camtasia Studio 8
06-07-2014 02:05:04 Windows Update
07-07-2014 00:02:23 Windows 백업
09-07-2014 04:35:55 Windows Update
09-07-2014 07:35:26 Windows Update
11-07-2014 22:26:31 Microsoft Office File Validation Add-In 제거됨
11-07-2014 23:30:05 Removed Microsoft Office Professional Plus 2007
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {120C9854-8824-46AA-82D7-A5A2B5DBD166} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {1E0AB571-704A-49BC-AAAC-36D9F67E7179} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {2F655ED2-32E8-4F68-BB3F-07FA3432AB25} - System32\Tasks\FreeFixer background scan => C:\Program Files\FreeFixer\freefixer.exe [2014-05-15] (Kephyr)
Task: {864CE647-AFAB-43F3-BE08-F8765A8738BD} - \DealPly No Task File <==== ATTENTION
Task: {9EE3E6EC-7193-4600-A012-B1FD116ABCBE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9FF55CC4-57BB-4464-8158-4F7381E52D08} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {ABAD2D1D-54D1-4E68-8866-74C35220C9B5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc)
Task: {D08E5612-4685-4A2C-BCBA-A9D05EFB596A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-15] (Google Inc)
Task: {EE1F2040-95AE-43EF-ADEF-D929E928C308} - System32\Tasks\NSManager => C:\Users\구정애\AppData\Local\NSManager\manager.exe [2014-04-04] ()
Task: {EF7D7E4E-0A7B-42F7-A745-5055B79CEA00} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: C:\Windows\Tasks\FreeFixer background scan.job => C:\Program Files\FreeFixer\freefixer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-02 20:47 - 2011-02-17 20:25 - 00136704 _____ () C:\Windows\System32\zlhp1600.dll
2014-05-05 00:07 - 2014-04-23 17:42 - 00016384 _____ () C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
2014-05-06 23:00 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-06 23:00 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-06 23:00 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-06 23:00 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-06 23:00 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-05-05 00:07 - 2014-04-23 17:42 - 00033792 _____ () C:\Windows\Microsoft\System Update kb70007\InstallerLibrary.dll
2014-05-05 00:07 - 2014-04-23 17:42 - 00015360 _____ () C:\Windows\Microsoft\System Update kb70007\Installer.dll
2014-05-04 16:10 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-05-04 16:10 - 2014-02-15 11:48 - 00295936 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/11/2014 06:26:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: mbamservice.exe, 버전: 2.1.9.0, 타임스탬프: 0x530619b7
오류 있는 모듈 이름: mbamservice.exe, 버전: 2.1.9.0, 타임스탬프: 0x530619b7
예외 코드: 0x40000015
오류 오프셋: 0x0007d28a
오류 있는 프로세스 ID: 0x750
오류 있는 응용 프로그램 시작 시간: 0xmbamservice.exe0
오류 있는 응용 프로그램 경로: mbamservice.exe1
오류 있는 모듈 경로: mbamservice.exe2
보고서 ID: mbamservice.exe3
 
Error: (07/11/2014 06:14:54 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL, 설명 = Removed Microsoft Office Professional Plus 2007, 오류 = 0x8007043c).
 
Error: (07/11/2014 06:12:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe -Embedding, 설명 = Removed Epson Connect, 오류 = 0x8007043c).
 
 
System errors:
=============
Error: (07/11/2014 08:12:31 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (07/11/2014 08:12:31 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (07/11/2014 08:12:12 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (07/11/2014 08:12:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (07/11/2014 08:12:12 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (07/11/2014 08:12:11 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (07/11/2014 07:41:41 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (07/11/2014 07:41:40 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (07/11/2014 07:41:40 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (07/11/2014 06:26:44 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2012-10-02 18:58:14.472
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\BinGuardDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-02 18:58:14.394
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\BinGuardDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-02 18:58:13.583
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\BinGuardDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-02 18:58:13.443
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\BinGuardDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-02 18:57:03.911
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\BinGuardDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-02 18:57:03.867
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\BinGuardDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-02 18:54:44.286
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\BinGuardDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-02 18:54:44.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\BinGuardDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-02 18:27:27.923
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\BinGuardDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-02 18:27:27.876
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\BinGuardDrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 52%
Total physical RAM: 4095.12 MB
Available physical RAM: 1962.16 MB
Total Pagefile: 8188.41 MB
Available Pagefile: 5494.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.73 GB) (Free:365.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.74 GB) (Free:0.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: BD2B9AAE)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=466 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=466 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

Edit: Moved topic from Introductions to the more appropriate forum. Two other duplicates of this topic deleted.~ Animal

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 AM

Posted 16 July 2014 - 01:44 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38}
DPF: HKLM-x32 {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} http://update.nprotect.net/keycrypt/kfcc/e2e/npkcx_1209191.cab
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Handler-x32: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nprotect.com/npEfdsWPlugin - C:\Users\???\AppData\LocalLow\nProtect\npEfdsWCtrl\npEfdsWPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @wizvera.com/npdolphin - C:\Program Files (x86)\Wizvera\Delfino\npdelfinoplugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 0\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM-x32\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - error\extensions\{jid1-vS7biDmom8YxhA@jetpack}
CHR HKCU\...\Chrome\Extension: [cepjofekolhpdankoembdgfbpehkfkjm] - C:\Users\???\AppData\Local\CRE\cepjofekolhpdankoembdgfbpehkfkjm.crx [2013-10-31]
CHR HKCU\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\Users\???\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx [2013-10-31]
CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\???\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [cepjofekolhpdankoembdgfbpehkfkjm] - C:\Users\???\AppData\Local\CRE\cepjofekolhpdankoembdgfbpehkfkjm.crx [2013-10-31]
CHR HKLM-x32\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\Users\???\AppData\Local\Temp\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.3.0.0_0\ValueApps.crx [2013-10-31]
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\???\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2013-10-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] () [File not signed]
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed]
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed]
S3 BinGuardDrv; \??\C:\Windows\syswow64\BinGuardDrv.sys [X]
S3 cpuz134; \??\C:\Users\???\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 JRTDIFW; \??\C:\Windows\system32\JRTDIFW.SYS [X]
S3 npkcft64; \??\C:\Windows\SysWOW64\npkcft64.sys [X]
S3 npkuft64; \??\C:\Windows\SysWOW64\npkuft64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 x64kdss; syswow64\Drivers\x64kdss.sys [X]
C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
C:\Users\???\AppData\Local\Temp\GUMF604.tmp\GoogleUpdate.exe

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#3 maske3344

maske3344
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 16 July 2014 - 03:37 PM

Um...I don't have a FRST folder...all I have is notepad full of the things I have copied and pasted on previous message. Do I make a new folder?

And how do you run FRST (sorry for making this hard)?

Thank you.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 AM

Posted 17 July 2014 - 07:11 AM

You are Running FRST from C:\Users\구정애\Downloads

Create the fixlist.txt and place it in the folder.
Run the FRST tool as suggested.

#5 maske3344

maske3344
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 17 July 2014 - 02:35 PM

I couldn't run FRST tool because "the version of FRST is not compatible with your OS." Then I clicked on FRST 64, but it says that I can't use it. What should I do now?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 AM

Posted 18 July 2014 - 08:10 AM

Try this.

Create a folder on your desktop and name it My_FRST

Copy the Farbar .exe file to that folder.

Copy also to that folder the fixlist.txt file you created from my fix.

Run the FRST tool and select the fix button.

How is it now?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 AM

Posted 24 July 2014 - 07:23 AM

Are you still with me?

#8 maske3344

maske3344
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 24 July 2014 - 03:05 PM

Sorry, but my computer doesn't send messages :(

I am using my Mom's laptop to send this to you...

Even after pressing "post" button for thousands of time, my message didn't post. So I tried to use gmail, but it said that it had problems sending the message. What should I do?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 AM

Posted 25 July 2014 - 07:16 AM

Find out from your Internet Provider why you cannot send E-mail messages?
===

#10 maske3344

maske3344
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 25 July 2014 - 08:59 AM

Something weird happened...

When I open websites, I see no pop-up ads...but the CPU and RAM usage are still high (both almost 100).

And Malwarebytes keep shutting down by itself (except when the computer is in safe mode; actually, it detected 2 malware----trojan and Pupoptional).

Did viruses go "dorment" or something?



#11 maske3344

maske3344
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 25 July 2014 - 09:44 AM

I think I get it now.

I went to the setting to see if Proxy is still infected, and under the LAN setting, it says that part of the setting is monitored by system administrator.

Does this mean this person can see everything I do with this computer?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 AM

Posted 25 July 2014 - 10:57 AM


Lets check the boot process.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#13 maske3344

maske3344
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 25 July 2014 - 08:47 PM

20:27:07.0135 0x0144  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:27:11.0915 0x0144  ============================================================
20:27:11.0915 0x0144  Current date / time: 2014/07/25 20:27:11.0915
20:27:11.0915 0x0144  SystemInfo:
20:27:11.0915 0x0144  
20:27:11.0915 0x0144  OS Version: 6.1.7601 ServicePack: 1.0
20:27:11.0915 0x0144  Product type: Workstation
20:27:11.0915 0x0144  ComputerName: 구정애-PC
20:27:11.0915 0x0144  UserName: 구정애
20:27:11.0915 0x0144  Windows directory: C:\Windows
20:27:11.0915 0x0144  System windows directory: C:\Windows
20:27:11.0915 0x0144  Running under WOW64
20:27:11.0915 0x0144  Processor architecture: Intel x64
20:27:11.0915 0x0144  Number of processors: 2
20:27:11.0916 0x0144  Page size: 0x1000
20:27:11.0916 0x0144  Boot type: Normal boot
20:27:11.0916 0x0144  ============================================================
20:27:13.0901 0x0144  KLMD registered as C:\Windows\system32\drivers\63558368.sys
20:27:15.0489 0x0144  System UUID: {4A9DA379-5B69-5CDF-1C23-D171D3A9E63E}
20:27:16.0752 0x0144  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:27:16.0756 0x0144  ============================================================
20:27:16.0756 0x0144  \Device\Harddisk0\DR0:
20:27:16.0756 0x0144  MBR partitions:
20:27:16.0756 0x0144  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x3A37513D
20:27:16.0779 0x0144  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A388B41, BlocksNum 0x3A378FBF
20:27:16.0779 0x0144  ============================================================
20:27:16.0797 0x0144  C: <-> \Device\Harddisk0\DR0\Partition1
20:27:16.0841 0x0144  D: <-> \Device\Harddisk0\DR0\Partition2
20:27:16.0842 0x0144  ============================================================
20:27:16.0842 0x0144  Initialize success
20:27:16.0842 0x0144  ============================================================
20:27:18.0716 0x17f4  ============================================================
20:27:18.0716 0x17f4  Scan started
20:27:18.0716 0x17f4  Mode: Manual; 
20:27:18.0716 0x17f4  ============================================================
20:27:18.0716 0x17f4  KSN ping started
20:27:23.0062 0x17f4  KSN ping finished: true
20:27:24.0921 0x17f4  ================ Scan system memory ========================
20:27:24.0921 0x17f4  System memory - ok
20:27:24.0922 0x17f4  ================ Scan services =============================
20:27:25.0163 0x17f4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:27:25.0169 0x17f4  1394ohci - ok
20:27:25.0241 0x17f4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:27:25.0256 0x17f4  ACPI - ok
20:27:25.0274 0x17f4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:27:25.0274 0x17f4  AcpiPmi - ok
20:27:25.0397 0x17f4  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:27:25.0399 0x17f4  AdobeARMservice - ok
20:27:25.0438 0x17f4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:27:25.0451 0x17f4  adp94xx - ok
20:27:25.0476 0x17f4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:27:25.0484 0x17f4  adpahci - ok
20:27:25.0506 0x17f4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:27:25.0510 0x17f4  adpu320 - ok
20:27:25.0539 0x17f4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:27:25.0542 0x17f4  AeLookupSvc - ok
20:27:25.0593 0x17f4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:27:25.0606 0x17f4  AFD - ok
20:27:25.0623 0x17f4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:27:25.0624 0x17f4  agp440 - ok
20:27:25.0661 0x17f4  [ 6C6C9F386A0611B223DB942A8675AD91, AE18D3098A02C7DDABAE678EB024875763EB03D603524BD377CDA367714234B8 ] AhnFlt2k        C:\Windows\system32\Drivers\AhnFlt2k.sys
20:27:25.0663 0x17f4  AhnFlt2k - ok
20:27:25.0672 0x17f4  [ FB262E785208D837FD0D9BF5966553B2, CFE82D5994EBF7CD9560630A13D4567515531A9818F8FF3A29ED43F6A8229102 ] AhnRec2k        C:\Windows\system32\Drivers\AhnRec2k.sys
20:27:25.0673 0x17f4  AhnRec2k - ok
20:27:25.0686 0x17f4  [ 41F22BA495CFD3664CA7DBBA6D6D570A, 1A8EAE413304B0ED1CD9B609761DBE3A4084819DC93FB3C6332155A9488F11A7 ] AhnRghNt        C:\Windows\system32\Drivers\AhnRghNt.sys
20:27:25.0688 0x17f4  AhnRghNt - ok
20:27:25.0698 0x17f4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:27:25.0701 0x17f4  ALG - ok
20:27:25.0729 0x17f4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:27:25.0730 0x17f4  aliide - ok
20:27:25.0772 0x17f4  [ D696F317BD465A602566F8E1DCCE15F7, 6CE77CD4221C0854986F760D1944DF9F4255192D99630D43A0527A6D58D83406 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:27:25.0778 0x17f4  AMD External Events Utility - ok
20:27:25.0805 0x17f4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:27:25.0806 0x17f4  amdide - ok
20:27:25.0821 0x17f4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:27:25.0823 0x17f4  AmdK8 - ok
20:27:25.0844 0x17f4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:27:25.0846 0x17f4  AmdPPM - ok
20:27:25.0863 0x17f4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:27:25.0866 0x17f4  amdsata - ok
20:27:25.0880 0x17f4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:27:25.0886 0x17f4  amdsbs - ok
20:27:25.0897 0x17f4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:27:25.0899 0x17f4  amdxata - ok
20:27:25.0938 0x17f4  [ B083338B0170D3F503265532D6DFC20A, D90C865B5FF677A145ACCA0842E81F422E595B5D2EB60FB785E808A4C0993262 ] AMonLWLH        C:\Windows\system32\DRIVERS\amonlwlh.sys
20:27:25.0939 0x17f4  AMonLWLH - ok
20:27:25.0969 0x17f4  [ DED925AF87F5FFE386E45674013AB919, BE489DC6F99F156917A13A3C5C4CAA13C5AB34C508F1C5DBBBF13BBDFF7C8D45 ] AMonTDLH        C:\Windows\system32\Drivers\AMonTDLH.sys
20:27:25.0972 0x17f4  AMonTDLH - ok
20:27:26.0051 0x17f4  [ DDAB71288BAE692A98B83F7598619F08, 86907DDB054C88C8D5DDB87BCA90072BEB6DF63BE51F328FE056C36FB98EEF77 ] AntiStealth_V3LITE30 C:\Program Files\AhnLab\V3Lite30\AHAWKENT.sys
20:27:26.0052 0x17f4  AntiStealth_V3LITE30 - ok
20:27:26.0094 0x17f4  [ 4883BA0D907A88599E7728250964F6AF, 2F9E96AE22016C9DE19F6309D173AD0DBF5A962C298B64804D77FBFDF7E05E09 ] AntiStealth_V3LITE30F C:\Program Files\AhnLab\V3Lite30\TfFRegNt.sys
20:27:26.0098 0x17f4  AntiStealth_V3LITE30F - ok
20:27:26.0133 0x17f4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
20:27:26.0135 0x17f4  AppID - ok
20:27:26.0182 0x17f4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:27:26.0184 0x17f4  AppIDSvc - ok
20:27:26.0215 0x17f4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:27:26.0218 0x17f4  Appinfo - ok
20:27:26.0241 0x17f4  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:27:26.0246 0x17f4  AppMgmt - ok
20:27:26.0262 0x17f4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:27:26.0265 0x17f4  arc - ok
20:27:26.0283 0x17f4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:27:26.0285 0x17f4  arcsas - ok
20:27:26.0466 0x17f4  [ 30B2DDCB3FE72D225BB19ADFB5F84396, F10A398EAD259EA69410EE7046E51AFB226E5753870A2ACAF5E660182D4732A1 ] ascrts_V3LITE30 C:\Program Files\AhnLab\V3Lite30\asc\ascrts.sys
20:27:26.0546 0x17f4  ascrts_V3LITE30 - ok
20:27:26.0747 0x17f4  [ 861840092584593BE3FC1EA7F13F39DE, DC9E5B7E193EB6E0B134669A7F9708F237285B89743FA8FFC5F582FD048A7260 ] ASD2Svc         C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe
20:27:26.0791 0x17f4  ASD2Svc - ok
20:27:26.0899 0x17f4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:27:26.0906 0x17f4  aspnet_state - ok
20:27:26.0927 0x17f4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:27:26.0928 0x17f4  AsyncMac - ok
20:27:26.0986 0x17f4  [ 064E1824135572069408FEA840230286, 766582400E72A4EC91E6C6886923745E34B9FB64CE7E8E26FCDFD1CCA01BE59E ] ATamptNt_V3LITE30 C:\PROGRA~1\AhnLab\V3Lite30\ATamptNt.sys
20:27:26.0993 0x17f4  ATamptNt_V3LITE30 - ok
20:27:27.0019 0x17f4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:27:27.0020 0x17f4  atapi - ok
20:27:27.0362 0x17f4  [ 52BD95CAA9CAE8977FE043E9AD6D2D0E, E96DD29A2FCE1403340CB29D34F657DF17F483F62A2E8E24890F9BC4812B2971 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:27:27.0529 0x17f4  atikmdag - ok
20:27:27.0691 0x17f4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:27:27.0711 0x17f4  AudioEndpointBuilder - ok
20:27:27.0740 0x17f4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:27:27.0757 0x17f4  AudioSrv - ok
20:27:27.0819 0x17f4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:27:27.0858 0x17f4  AxInstSV - ok
20:27:27.0955 0x17f4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:27:28.0024 0x17f4  b06bdrv - ok
20:27:28.0077 0x17f4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:27:28.0084 0x17f4  b57nd60a - ok
20:27:28.0167 0x17f4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:27:28.0178 0x17f4  BDESVC - ok
20:27:28.0262 0x17f4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:27:28.0263 0x17f4  Beep - ok
20:27:28.0330 0x17f4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:27:28.0353 0x17f4  BFE - ok
20:27:28.0425 0x17f4  BinGuardDrv - ok
20:27:28.0462 0x17f4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:27:28.0488 0x17f4  BITS - ok
20:27:28.0516 0x17f4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:27:28.0517 0x17f4  blbdrive - ok
20:27:28.0551 0x17f4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:27:28.0554 0x17f4  bowser - ok
20:27:28.0570 0x17f4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:27:28.0571 0x17f4  BrFiltLo - ok
20:27:28.0584 0x17f4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:27:28.0585 0x17f4  BrFiltUp - ok
20:27:28.0618 0x17f4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:27:28.0622 0x17f4  Browser - ok
20:27:28.0647 0x17f4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:27:28.0655 0x17f4  Brserid - ok
20:27:28.0670 0x17f4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:27:28.0671 0x17f4  BrSerWdm - ok
20:27:28.0682 0x17f4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:27:28.0683 0x17f4  BrUsbMdm - ok
20:27:28.0689 0x17f4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:27:28.0690 0x17f4  BrUsbSer - ok
20:27:28.0701 0x17f4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:27:28.0703 0x17f4  BTHMODEM - ok
20:27:28.0720 0x17f4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:27:28.0723 0x17f4  bthserv - ok
20:27:28.0763 0x17f4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:27:28.0766 0x17f4  cdfs - ok
20:27:28.0815 0x17f4  [ 598CE503343703A278FDD6CC19822637, 8075D9347B1D85BEBA091740CA1AE15EC6086A3D21B4FC72F0995927D6BC133E ] Cdm2DrNt        C:\Windows\system32\Drivers\Cdm2DrNt.sys
20:27:28.0818 0x17f4  Cdm2DrNt - ok
20:27:28.0844 0x17f4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:27:28.0848 0x17f4  cdrom - ok
20:27:28.0889 0x17f4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:27:28.0893 0x17f4  CertPropSvc - ok
20:27:28.0906 0x17f4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:27:28.0908 0x17f4  circlass - ok
20:27:28.0932 0x17f4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:27:28.0943 0x17f4  CLFS - ok
20:27:29.0009 0x17f4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:27:29.0013 0x17f4  clr_optimization_v2.0.50727_32 - ok
20:27:29.0052 0x17f4  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:27:29.0057 0x17f4  clr_optimization_v2.0.50727_64 - ok
20:27:29.0133 0x17f4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:27:29.0152 0x17f4  clr_optimization_v4.0.30319_32 - ok
20:27:29.0197 0x17f4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:27:29.0206 0x17f4  clr_optimization_v4.0.30319_64 - ok
20:27:29.0232 0x17f4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:27:29.0233 0x17f4  CmBatt - ok
20:27:29.0265 0x17f4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:27:29.0266 0x17f4  cmdide - ok
20:27:29.0378 0x17f4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
20:27:29.0394 0x17f4  CNG - ok
20:27:29.0407 0x17f4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:27:29.0408 0x17f4  Compbatt - ok
20:27:29.0457 0x17f4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:27:29.0459 0x17f4  CompositeBus - ok
20:27:29.0462 0x17f4  COMSysApp - ok
20:27:29.0617 0x17f4  cpuz134 - ok
20:27:29.0635 0x17f4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:27:29.0636 0x17f4  crcdisk - ok
20:27:29.0676 0x17f4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:27:29.0682 0x17f4  CryptSvc - ok
20:27:29.0726 0x17f4  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
20:27:29.0740 0x17f4  CSC - ok
20:27:29.0776 0x17f4  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
20:27:29.0797 0x17f4  CscService - ok
20:27:29.0845 0x17f4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:27:29.0860 0x17f4  DcomLaunch - ok
20:27:29.0897 0x17f4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:27:29.0905 0x17f4  defragsvc - ok
20:27:29.0933 0x17f4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:27:29.0935 0x17f4  DfsC - ok
20:27:29.0970 0x17f4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:27:29.0979 0x17f4  Dhcp - ok
20:27:29.0997 0x17f4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:27:29.0998 0x17f4  discache - ok
20:27:30.0026 0x17f4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:27:30.0028 0x17f4  Disk - ok
20:27:30.0072 0x17f4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:27:30.0077 0x17f4  Dnscache - ok
20:27:30.0143 0x17f4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:27:30.0152 0x17f4  dot3svc - ok
20:27:30.0202 0x17f4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:27:30.0207 0x17f4  DPS - ok
20:27:30.0274 0x17f4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:27:30.0275 0x17f4  drmkaud - ok
20:27:30.0337 0x17f4  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:27:30.0362 0x17f4  DXGKrnl - ok
20:27:30.0398 0x17f4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:27:30.0403 0x17f4  EapHost - ok
20:27:30.0525 0x17f4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:27:30.0613 0x17f4  ebdrv - ok
20:27:30.0642 0x17f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
20:27:30.0644 0x17f4  EFS - ok
20:27:30.0706 0x17f4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:27:30.0727 0x17f4  ehRecvr - ok
20:27:30.0763 0x17f4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:27:30.0777 0x17f4  ehSched - ok
20:27:30.0812 0x17f4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:27:30.0826 0x17f4  elxstor - ok
20:27:30.0922 0x17f4  [ 757305C7AD34222F4A46D86FE0BEE241, 94540DC1EA19821EACC796EF4FE247005B02E417B30E91383D1260E9D9A8B747 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
20:27:30.0943 0x17f4  EpsonCustomerParticipation - ok
20:27:30.0976 0x17f4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:27:30.0977 0x17f4  ErrDev - ok
20:27:31.0002 0x17f4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:27:31.0012 0x17f4  EventSystem - ok
20:27:31.0051 0x17f4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:27:31.0055 0x17f4  exfat - ok
20:27:31.0072 0x17f4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:27:31.0077 0x17f4  fastfat - ok
20:27:31.0127 0x17f4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:27:31.0143 0x17f4  Fax - ok
20:27:31.0155 0x17f4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:27:31.0156 0x17f4  fdc - ok
20:27:31.0206 0x17f4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:27:31.0207 0x17f4  fdPHost - ok
20:27:31.0244 0x17f4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:27:31.0246 0x17f4  FDResPub - ok
20:27:31.0262 0x17f4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:27:31.0264 0x17f4  FileInfo - ok
20:27:31.0277 0x17f4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:27:31.0279 0x17f4  Filetrace - ok
20:27:31.0295 0x17f4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:27:31.0296 0x17f4  flpydisk - ok
20:27:31.0319 0x17f4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:27:31.0326 0x17f4  FltMgr - ok
20:27:31.0398 0x17f4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:27:31.0427 0x17f4  FontCache - ok
20:27:31.0479 0x17f4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:27:31.0481 0x17f4  FontCache3.0.0.0 - ok
20:27:31.0494 0x17f4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:27:31.0496 0x17f4  FsDepends - ok
20:27:31.0523 0x17f4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:27:31.0526 0x17f4  Fs_Rec - ok
20:27:31.0575 0x17f4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:27:31.0581 0x17f4  fvevol - ok
20:27:31.0599 0x17f4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:27:31.0601 0x17f4  gagp30kx - ok
20:27:31.0661 0x17f4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:27:31.0681 0x17f4  gpsvc - ok
20:27:31.0796 0x17f4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:27:31.0799 0x17f4  gupdate - ok
20:27:31.0805 0x17f4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:27:31.0808 0x17f4  gupdatem - ok
20:27:31.0819 0x17f4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:27:31.0821 0x17f4  hcw85cir - ok
20:27:31.0883 0x17f4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:27:31.0892 0x17f4  HdAudAddService - ok
20:27:31.0942 0x17f4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:27:31.0945 0x17f4  HDAudBus - ok
20:27:31.0980 0x17f4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:27:31.0981 0x17f4  HidBatt - ok
20:27:32.0012 0x17f4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:27:32.0014 0x17f4  HidBth - ok
20:27:32.0052 0x17f4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:27:32.0054 0x17f4  HidIr - ok
20:27:32.0085 0x17f4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:27:32.0087 0x17f4  hidserv - ok
20:27:32.0125 0x17f4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:27:32.0126 0x17f4  HidUsb - ok
20:27:32.0160 0x17f4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:27:32.0164 0x17f4  hkmsvc - ok
20:27:32.0219 0x17f4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:27:32.0225 0x17f4  HomeGroupListener - ok
20:27:32.0238 0x17f4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:27:32.0246 0x17f4  HomeGroupProvider - ok
20:27:32.0263 0x17f4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:27:32.0265 0x17f4  HpSAMD - ok
20:27:32.0308 0x17f4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:27:32.0328 0x17f4  HTTP - ok
20:27:32.0358 0x17f4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:27:32.0359 0x17f4  hwpolicy - ok
20:27:32.0385 0x17f4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:27:32.0388 0x17f4  i8042prt - ok
20:27:32.0418 0x17f4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:27:32.0428 0x17f4  iaStorV - ok
20:27:32.0493 0x17f4  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:27:32.0526 0x17f4  idsvc - ok
20:27:32.0551 0x17f4  IEEtwCollectorService - ok
20:27:32.0564 0x17f4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:27:32.0566 0x17f4  iirsp - ok
20:27:32.0622 0x17f4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:27:32.0643 0x17f4  IKEEXT - ok
20:27:32.0679 0x17f4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:27:32.0680 0x17f4  intelide - ok
20:27:32.0702 0x17f4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:27:32.0704 0x17f4  intelppm - ok
20:27:32.0730 0x17f4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:27:32.0735 0x17f4  IPBusEnum - ok
20:27:32.0749 0x17f4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:27:32.0751 0x17f4  IpFilterDriver - ok
20:27:32.0791 0x17f4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:27:32.0804 0x17f4  iphlpsvc - ok
20:27:32.0830 0x17f4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:27:32.0832 0x17f4  IPMIDRV - ok
20:27:32.0851 0x17f4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:27:32.0854 0x17f4  IPNAT - ok
20:27:32.0883 0x17f4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:27:32.0884 0x17f4  IRENUM - ok
20:27:32.0899 0x17f4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:27:32.0900 0x17f4  isapnp - ok
20:27:32.0939 0x17f4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:27:32.0946 0x17f4  iScsiPrt - ok
20:27:32.0986 0x17f4  [ 0FE4C8C09BB6FC6CB075962E96C36AA9, 39BF6327A0F66A248336399970B59A8F7906A9533178CBC9FBCD045F4F720ECD ] ISMgr           C:\Windows\system32\ImageSAFERDrv64.sys
20:27:32.0987 0x17f4  ISMgr - ok
20:27:33.0001 0x17f4  JRSKD24 - ok
20:27:33.0033 0x17f4  [ 36DCCB2B8F276794A57DABE1C224452C, 3C46DBC3A4B5211EB1F9E1B86BB01B49242C3D2854F6954249A626E8D0D6EE1D ] JRSUKD25        C:\Windows\system32\JRSUKD25.SYS
20:27:33.0034 0x17f4  JRSUKD25 - ok
20:27:33.0038 0x17f4  JRTDIFW - ok
20:27:33.0067 0x17f4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:27:33.0069 0x17f4  kbdclass - ok
20:27:33.0096 0x17f4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:27:33.0097 0x17f4  kbdhid - ok
20:27:33.0139 0x17f4  [ B2023B8C0ACA7A4FF75A69E877DFB2D4, D8628B1C2B9103F80447B28082D7E59AAB1D763C740AB9C4A5269B49651A300B ] kcrtx64         C:\Windows\system32\kcrtx64.sys
20:27:33.0143 0x17f4  kcrtx64 - ok
20:27:33.0146 0x17f4  kcrtx86 - ok
20:27:33.0163 0x17f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
20:27:33.0165 0x17f4  KeyIso - ok
20:27:33.0208 0x17f4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:27:33.0211 0x17f4  KSecDD - ok
20:27:33.0305 0x17f4  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:27:33.0309 0x17f4  KSecPkg - ok
20:27:33.0333 0x17f4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:27:33.0334 0x17f4  ksthunk - ok
20:27:33.0370 0x17f4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:27:33.0382 0x17f4  KtmRm - ok
20:27:33.0420 0x17f4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:27:33.0429 0x17f4  LanmanServer - ok
20:27:33.0485 0x17f4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:27:33.0508 0x17f4  LanmanWorkstation - ok
20:27:33.0521 0x17f4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:27:33.0523 0x17f4  lltdio - ok
20:27:33.0557 0x17f4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:27:33.0565 0x17f4  lltdsvc - ok
20:27:33.0582 0x17f4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:27:33.0584 0x17f4  lmhosts - ok
20:27:33.0614 0x17f4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:27:33.0617 0x17f4  LSI_FC - ok
20:27:33.0648 0x17f4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:27:33.0651 0x17f4  LSI_SAS - ok
20:27:33.0682 0x17f4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:27:33.0684 0x17f4  LSI_SAS2 - ok
20:27:33.0734 0x17f4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:27:33.0737 0x17f4  LSI_SCSI - ok
20:27:33.0769 0x17f4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:27:33.0772 0x17f4  luafv - ok
20:27:33.0832 0x17f4  [ 07389F6925E490D2DB7882110E99921C, AD316EE8A47B6EDD1AB1E1E7DDE2BC69DC0E342144F5B74C96E9494F847B1B7E ] lvpepf64        C:\Windows\system32\DRIVERS\lv302a64.sys
20:27:33.0833 0x17f4  lvpepf64 - ok
20:27:33.0866 0x17f4  [ 7F0BA3A6E8996F15693C6B7D81DA049E, 96925ABA3A9C5FD2CF9ECBDC4ED8E94033EB1C53DD03F28102E83EEF327777E6 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
20:27:33.0886 0x17f4  LVRS64 - ok
20:27:33.0913 0x17f4  [ 5C3FF68267A5D242EE79EE01B993D6CE, 853637AC30A16698F2F583693E98B67104ECE5B8F80C6FB88266665162623B92 ] LVUSBS64        C:\Windows\system32\drivers\LVUSBS64.sys
20:27:33.0915 0x17f4  LVUSBS64 - ok
20:27:33.0970 0x17f4  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
20:27:33.0973 0x17f4  MBAMSwissArmy - ok
20:27:34.0045 0x17f4  [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
20:27:34.0046 0x17f4  MBAMWebAccessControl - ok
20:27:34.0088 0x17f4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:27:34.0092 0x17f4  Mcx2Svc - ok
20:27:34.0249 0x17f4  [ 651AD9C735145107E1A1F69D8494E595, AB4E40334BBC79650647DC1F4CE7FED93DB3FFE2B221AA5D7895F3A476382DA6 ] MeDCoreD_V3LITE30 C:\Program Files\AhnLab\V3Lite30\MeDCoreD.sys
20:27:34.0277 0x17f4  MeDCoreD_V3LITE30 - ok
20:27:34.0334 0x17f4  [ B5B49B91B33489F3BC63813B43BCEB30, B2E922DAF4854AF5D46C7AF954DABECF80C566254C10EF154E4DC0FA7371E20D ] MeDVpDrv_V3LITE30 C:\Program Files\AhnLab\V3Lite30\MeDVpDrv.sys
20:27:34.0346 0x17f4  MeDVpDrv_V3LITE30 - ok
20:27:34.0361 0x17f4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:27:34.0362 0x17f4  megasas - ok
20:27:34.0386 0x17f4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:27:34.0393 0x17f4  MegaSR - ok
20:27:34.0435 0x17f4  [ 340B62D29A5D6C5B9C2C48D080C951F4, 4788A38274713E941C38EBFEC2968FC966A3DDF02D9D63D74A3325CC764437F4 ] Mkd2Bthf        C:\Windows\system32\drivers\Mkd2Bthf.sys
20:27:34.0438 0x17f4  Mkd2Bthf - ok
20:27:34.0453 0x17f4  [ 750344EEF8B54865B4F8B25B39F22CC0, 9FA0E0B56F260A280EBE0EC422235BFF663CE30F59B7699B5C565F2412BE3406 ] Mkd2Nadr        C:\Windows\system32\drivers\Mkd2Nadr.sys
20:27:34.0456 0x17f4  Mkd2Nadr - ok
20:27:34.0487 0x17f4  [ DB7A9FD8221E0E40E960D8F96833AA07, 90F701974E67672E2F56E546CC280D8A7F3D5607057873D43614423BDBC5381B ] Mkd3kfNt        C:\Windows\system32\drivers\Mkd3kfNt.sys
20:27:34.0491 0x17f4  Mkd3kfNt - ok
20:27:34.0521 0x17f4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:27:34.0524 0x17f4  MMCSS - ok
20:27:34.0548 0x17f4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:27:34.0549 0x17f4  Modem - ok
20:27:34.0561 0x17f4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:27:34.0563 0x17f4  monitor - ok
20:27:34.0591 0x17f4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:27:34.0593 0x17f4  mouclass - ok
20:27:34.0612 0x17f4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:27:34.0614 0x17f4  mouhid - ok
20:27:34.0644 0x17f4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:27:34.0646 0x17f4  mountmgr - ok
20:27:34.0680 0x17f4  [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:27:34.0689 0x17f4  MpFilter - ok
20:27:34.0744 0x17f4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:27:34.0748 0x17f4  mpio - ok
20:27:34.0785 0x17f4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:27:34.0787 0x17f4  mpsdrv - ok
20:27:34.0907 0x17f4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:27:34.0931 0x17f4  MpsSvc - ok
20:27:34.0967 0x17f4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:27:34.0971 0x17f4  MRxDAV - ok
20:27:34.0998 0x17f4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:27:35.0001 0x17f4  mrxsmb - ok
20:27:35.0021 0x17f4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:27:35.0028 0x17f4  mrxsmb10 - ok
20:27:35.0056 0x17f4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:27:35.0059 0x17f4  mrxsmb20 - ok
20:27:35.0095 0x17f4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:27:35.0096 0x17f4  msahci - ok
20:27:35.0114 0x17f4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:27:35.0117 0x17f4  msdsm - ok
20:27:35.0136 0x17f4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:27:35.0142 0x17f4  MSDTC - ok
20:27:35.0159 0x17f4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:27:35.0160 0x17f4  Msfs - ok
20:27:35.0167 0x17f4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:27:35.0168 0x17f4  mshidkmdf - ok
20:27:35.0198 0x17f4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:27:35.0199 0x17f4  msisadrv - ok
20:27:35.0229 0x17f4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:27:35.0234 0x17f4  MSiSCSI - ok
20:27:35.0238 0x17f4  msiserver - ok
20:27:35.0266 0x17f4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:27:35.0266 0x17f4  MSKSSRV - ok
20:27:35.0333 0x17f4  [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:27:35.0335 0x17f4  MsMpSvc - ok
20:27:35.0344 0x17f4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:27:35.0345 0x17f4  MSPCLOCK - ok
20:27:35.0358 0x17f4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:27:35.0359 0x17f4  MSPQM - ok
20:27:35.0412 0x17f4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:27:35.0441 0x17f4  MsRPC - ok
20:27:35.0471 0x17f4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:27:35.0473 0x17f4  mssmbios - ok
20:27:35.0478 0x17f4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:27:35.0479 0x17f4  MSTEE - ok
20:27:35.0498 0x17f4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:27:35.0499 0x17f4  MTConfig - ok
20:27:35.0526 0x17f4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:27:35.0528 0x17f4  Mup - ok
20:27:35.0893 0x17f4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:27:35.0940 0x17f4  napagent - ok
20:27:35.0984 0x17f4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:27:35.0991 0x17f4  NativeWifiP - ok
20:27:36.0060 0x17f4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:27:36.0084 0x17f4  NDIS - ok
20:27:36.0109 0x17f4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:27:36.0110 0x17f4  NdisCap - ok
20:27:36.0120 0x17f4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:27:36.0121 0x17f4  NdisTapi - ok
20:27:36.0152 0x17f4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:27:36.0154 0x17f4  Ndisuio - ok
20:27:36.0186 0x17f4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:27:36.0190 0x17f4  NdisWan - ok
20:27:36.0223 0x17f4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:27:36.0225 0x17f4  NDProxy - ok
20:27:36.0239 0x17f4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:27:36.0240 0x17f4  NetBIOS - ok
20:27:36.0282 0x17f4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:27:36.0288 0x17f4  NetBT - ok
20:27:36.0306 0x17f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
20:27:36.0308 0x17f4  Netlogon - ok
20:27:36.0345 0x17f4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:27:36.0357 0x17f4  Netman - ok
20:27:36.0394 0x17f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:27:36.0399 0x17f4  NetMsmqActivator - ok
20:27:36.0407 0x17f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:27:36.0411 0x17f4  NetPipeActivator - ok
20:27:36.0440 0x17f4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:27:36.0454 0x17f4  netprofm - ok
20:27:36.0462 0x17f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:27:36.0466 0x17f4  NetTcpActivator - ok
20:27:36.0472 0x17f4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:27:36.0475 0x17f4  NetTcpPortSharing - ok
20:27:36.0487 0x17f4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:27:36.0489 0x17f4  nfrd960 - ok
20:27:36.0540 0x17f4  [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:27:36.0543 0x17f4  NisDrv - ok
20:27:36.0566 0x17f4  [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:27:36.0578 0x17f4  NisSrv - ok
20:27:36.0599 0x17f4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:27:36.0609 0x17f4  NlaSvc - ok
20:27:36.0618 0x17f4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:27:36.0620 0x17f4  Npfs - ok
20:27:36.0670 0x17f4  [ A10BB3892390ACDD093E3E2BF068A852, 47C0455EFEF59821B0A612B78113A777C38A7A7C826B8FD26B2FAF11B4CEF66E ] NPFW            C:\Windows\system32\NPFWVT64.sys
20:27:36.0675 0x17f4  NPFW - ok
20:27:36.0702 0x17f4  [ D2347316833CEC7A8A40F901D37D0424, 6E86C742AAB4E00BB33EB9247AA00A5AB1F74CB28CD0382D74D46DB0081CF679 ] NPIDS           C:\Windows\system32\NpIdsVt64.sys
20:27:36.0705 0x17f4  NPIDS - ok
20:27:36.0775 0x17f4  npkcft64 - ok
20:27:36.0784 0x17f4  npkuft64 - ok
20:27:36.0818 0x17f4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:27:36.0823 0x17f4  nsi - ok
20:27:36.0833 0x17f4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:27:36.0834 0x17f4  nsiproxy - ok
20:27:36.0915 0x17f4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:27:36.0960 0x17f4  Ntfs - ok
20:27:36.0980 0x17f4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:27:36.0980 0x17f4  Null - ok
20:27:37.0009 0x17f4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:27:37.0013 0x17f4  nvraid - ok
20:27:37.0043 0x17f4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:27:37.0047 0x17f4  nvstor - ok
20:27:37.0076 0x17f4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:27:37.0079 0x17f4  nv_agp - ok
20:27:37.0097 0x17f4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:27:37.0100 0x17f4  ohci1394 - ok
20:27:37.0149 0x17f4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:27:37.0166 0x17f4  p2pimsvc - ok
20:27:37.0192 0x17f4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:27:37.0223 0x17f4  p2psvc - ok
20:27:37.0244 0x17f4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:27:37.0247 0x17f4  Parport - ok
20:27:37.0292 0x17f4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:27:37.0294 0x17f4  partmgr - ok
20:27:37.0307 0x17f4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:27:37.0315 0x17f4  PcaSvc - ok
20:27:37.0328 0x17f4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:27:37.0333 0x17f4  pci - ok
20:27:37.0361 0x17f4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:27:37.0362 0x17f4  pciide - ok
20:27:37.0383 0x17f4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:27:37.0389 0x17f4  pcmcia - ok
20:27:37.0405 0x17f4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:27:37.0407 0x17f4  pcw - ok
20:27:37.0454 0x17f4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:27:37.0470 0x17f4  PEAUTH - ok
20:27:37.0530 0x17f4  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:27:37.0571 0x17f4  PeerDistSvc - ok
20:27:37.0605 0x17f4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:27:37.0608 0x17f4  PerfHost - ok
20:27:37.0837 0x17f4  [ 087A343DFC337F37723DD7912DE6B6CD, AE11C28A01D4FC2CCB36C5956D9414AEBA8AFC4A868047CC691F32CF31E44AAC ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V64.SYS
20:27:37.0955 0x17f4  PID_PEPI - ok
20:27:38.0037 0x17f4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:27:38.0078 0x17f4  pla - ok
20:27:38.0133 0x17f4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:27:38.0147 0x17f4  PlugPlay - ok
20:27:38.0152 0x17f4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:27:38.0156 0x17f4  PNRPAutoReg - ok
20:27:38.0171 0x17f4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:27:38.0179 0x17f4  PNRPsvc - ok
20:27:38.0208 0x17f4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:27:38.0221 0x17f4  PolicyAgent - ok
20:27:38.0258 0x17f4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:27:38.0264 0x17f4  Power - ok
20:27:38.0362 0x17f4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:27:38.0365 0x17f4  PptpMiniport - ok
20:27:38.0410 0x17f4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:27:38.0412 0x17f4  Processor - ok
20:27:38.0463 0x17f4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:27:38.0472 0x17f4  ProfSvc - ok
20:27:38.0488 0x17f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:27:38.0489 0x17f4  ProtectedStorage - ok
20:27:38.0538 0x17f4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:27:38.0541 0x17f4  Psched - ok
20:27:38.0618 0x17f4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:27:38.0659 0x17f4  ql2300 - ok
20:27:38.0682 0x17f4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:27:38.0685 0x17f4  ql40xx - ok
20:27:38.0715 0x17f4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:27:38.0725 0x17f4  QWAVE - ok
20:27:38.0734 0x17f4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:27:38.0736 0x17f4  QWAVEdrv - ok
20:27:38.0752 0x17f4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:27:38.0753 0x17f4  RasAcd - ok
20:27:38.0787 0x17f4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:27:38.0789 0x17f4  RasAgileVpn - ok
20:27:38.0799 0x17f4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:27:38.0805 0x17f4  RasAuto - ok
20:27:38.0820 0x17f4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:27:38.0823 0x17f4  Rasl2tp - ok
20:27:38.0845 0x17f4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:27:38.0858 0x17f4  RasMan - ok
20:27:38.0873 0x17f4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:27:38.0876 0x17f4  RasPppoe - ok
20:27:38.0890 0x17f4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:27:38.0892 0x17f4  RasSstp - ok
20:27:38.0915 0x17f4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:27:38.0922 0x17f4  rdbss - ok
20:27:38.0934 0x17f4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:27:38.0935 0x17f4  rdpbus - ok
20:27:38.0949 0x17f4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:27:38.0950 0x17f4  RDPCDD - ok
20:27:38.0992 0x17f4  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:27:38.0996 0x17f4  RDPDR - ok
20:27:39.0010 0x17f4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:27:39.0011 0x17f4  RDPENCDD - ok
20:27:39.0022 0x17f4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:27:39.0023 0x17f4  RDPREFMP - ok
20:27:39.0093 0x17f4  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:27:39.0094 0x17f4  RdpVideoMiniport - ok
20:27:39.0126 0x17f4  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:27:39.0131 0x17f4  RDPWD - ok
20:27:39.0169 0x17f4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:27:39.0174 0x17f4  rdyboost - ok
20:27:39.0207 0x17f4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:27:39.0212 0x17f4  RemoteAccess - ok
20:27:39.0245 0x17f4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:27:39.0252 0x17f4  RemoteRegistry - ok
20:27:39.0270 0x17f4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:27:39.0274 0x17f4  RpcEptMapper - ok
20:27:39.0302 0x17f4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:27:39.0303 0x17f4  RpcLocator - ok
20:27:39.0349 0x17f4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:27:39.0363 0x17f4  RpcSs - ok
20:27:39.0377 0x17f4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:27:39.0379 0x17f4  rspndr - ok
20:27:39.0439 0x17f4  [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:27:39.0444 0x17f4  RTL8167 - ok
20:27:39.0473 0x17f4  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:27:39.0474 0x17f4  s3cap - ok
20:27:39.0491 0x17f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
20:27:39.0493 0x17f4  SamSs - ok
20:27:39.0509 0x17f4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:27:39.0513 0x17f4  sbp2port - ok
20:27:39.0558 0x17f4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:27:39.0567 0x17f4  SCardSvr - ok
20:27:39.0603 0x17f4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:27:39.0604 0x17f4  scfilter - ok
20:27:39.0688 0x17f4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:27:39.0722 0x17f4  Schedule - ok
20:27:39.0754 0x17f4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:27:39.0756 0x17f4  SCPolicySvc - ok
20:27:39.0802 0x17f4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:27:39.0809 0x17f4  SDRSVC - ok
20:27:40.0036 0x17f4  [ 11D94599270AA1603F75CB5ACBBD266F, 950746109BD7AA5BCF2F4320F40CFD268B34CB3DBE6073616B75A5254FE00469 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:27:40.0083 0x17f4  SDScannerService - ok
20:27:40.0311 0x17f4  [ D91D8344E73283999777083BF17D54E2, 018F500DD49A192617E57998A2E9833C5C9EB72A2B186AF25B5CB91329B1E267 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:27:40.0367 0x17f4  SDUpdateService - ok
20:27:40.0407 0x17f4  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:27:40.0411 0x17f4  SDWSCService - ok
20:27:40.0454 0x17f4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:27:40.0455 0x17f4  secdrv - ok
20:27:40.0470 0x17f4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:27:40.0474 0x17f4  seclogon - ok
20:27:40.0509 0x17f4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:27:40.0513 0x17f4  SENS - ok
20:27:40.0533 0x17f4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:27:40.0536 0x17f4  SensrSvc - ok
20:27:40.0547 0x17f4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:27:40.0548 0x17f4  Serenum - ok
20:27:40.0569 0x17f4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:27:40.0572 0x17f4  Serial - ok
20:27:40.0593 0x17f4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:27:40.0595 0x17f4  sermouse - ok
20:27:40.0631 0x17f4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:27:40.0638 0x17f4  SessionEnv - ok
20:27:40.0668 0x17f4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:27:40.0669 0x17f4  sffdisk - ok
20:27:40.0676 0x17f4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:27:40.0677 0x17f4  sffp_mmc - ok
20:27:40.0685 0x17f4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:27:40.0686 0x17f4  sffp_sd - ok
20:27:40.0696 0x17f4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:27:40.0697 0x17f4  sfloppy - ok
20:27:40.0748 0x17f4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:27:40.0760 0x17f4  SharedAccess - ok
20:27:40.0792 0x17f4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:27:40.0804 0x17f4  ShellHWDetection - ok
20:27:40.0821 0x17f4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:27:40.0823 0x17f4  SiSRaid2 - ok
20:27:40.0844 0x17f4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:27:40.0846 0x17f4  SiSRaid4 - ok
20:27:40.0874 0x17f4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:27:40.0877 0x17f4  Smb - ok
20:27:40.0913 0x17f4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:27:40.0917 0x17f4  SNMPTRAP - ok
20:27:40.0924 0x17f4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:27:40.0925 0x17f4  spldr - ok
20:27:40.0974 0x17f4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:27:40.0994 0x17f4  Spooler - ok
20:27:41.0116 0x17f4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:27:41.0212 0x17f4  sppsvc - ok
20:27:41.0261 0x17f4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:27:41.0266 0x17f4  sppuinotify - ok
20:27:41.0313 0x17f4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:27:41.0325 0x17f4  srv - ok
20:27:41.0349 0x17f4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:27:41.0363 0x17f4  srv2 - ok
20:27:41.0395 0x17f4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:27:41.0400 0x17f4  srvnet - ok
20:27:41.0454 0x17f4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:27:41.0462 0x17f4  SSDPSRV - ok
20:27:41.0475 0x17f4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:27:41.0479 0x17f4  SstpSvc - ok
20:27:41.0513 0x17f4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:27:41.0514 0x17f4  stexstor - ok
20:27:41.0565 0x17f4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:27:41.0584 0x17f4  stisvc - ok
20:27:41.0618 0x17f4  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:27:41.0620 0x17f4  storflt - ok
20:27:41.0641 0x17f4  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
20:27:41.0644 0x17f4  StorSvc - ok
20:27:41.0685 0x17f4  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:27:41.0686 0x17f4  storvsc - ok
20:27:41.0719 0x17f4  [ 2E3ACFDA0B792707C59B307ABB6A6E95, 6D8C5636B44A1702C0B1ED7CC0B70B1EE1FBFDDF7283996E464DF3FFE8407935 ] SWDUMon         C:\Windows\system32\DRIVERS\SWDUMon.sys
20:27:41.0720 0x17f4  SWDUMon - ok
20:27:41.0777 0x17f4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:27:41.0779 0x17f4  swenum - ok
20:27:42.0124 0x17f4  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:27:42.0139 0x17f4  SwitchBoard - ok
20:27:42.0179 0x17f4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:27:42.0199 0x17f4  swprv - ok
20:27:42.0219 0x17f4  Synth3dVsc - ok
20:27:42.0258 0x17f4  [ 7C24FA401C5BBFEA8553ABC4DB983E83, 3E09224654415E98AB7542A0EC1E4ED8F15044A777F0A89773C1336AF4664E97 ] SynUSB64        C:\Windows\system32\DRIVERS\SynUSB64.sys
20:27:42.0259 0x17f4  SynUSB64 - ok
20:27:42.0342 0x17f4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:27:42.0394 0x17f4  SysMain - ok
20:27:42.0457 0x17f4  [ 90EF46C5E48B21087B6B4D07EDFDF6E3, EA3475774DB9269BBC7AE6E88984B0506EFEC8BCB30E5164FFEC6B2B95E2FB19 ] System Update kb70007 C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
20:27:42.0458 0x17f4  System Update kb70007 - ok
20:27:42.0490 0x17f4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:27:42.0496 0x17f4  TabletInputService - ok
20:27:42.0522 0x17f4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:27:42.0533 0x17f4  TapiSrv - ok
20:27:42.0562 0x17f4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:27:42.0565 0x17f4  TBS - ok
20:27:42.0650 0x17f4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:27:42.0701 0x17f4  Tcpip - ok
20:27:42.0776 0x17f4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:27:42.0821 0x17f4  TCPIP6 - ok
20:27:42.0865 0x17f4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:27:42.0867 0x17f4  tcpipreg - ok
20:27:42.0908 0x17f4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:27:42.0909 0x17f4  TDPIPE - ok
20:27:42.0941 0x17f4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:27:42.0943 0x17f4  TDTCP - ok
20:27:42.0988 0x17f4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:27:42.0991 0x17f4  tdx - ok
20:27:43.0026 0x17f4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:27:43.0028 0x17f4  TermDD - ok
20:27:43.0154 0x17f4  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
20:27:43.0173 0x17f4  TermService - ok
20:27:43.0189 0x17f4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:27:43.0193 0x17f4  Themes - ok
20:27:43.0230 0x17f4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:27:43.0233 0x17f4  THREADORDER - ok
20:27:43.0266 0x17f4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:27:43.0272 0x17f4  TrkWks - ok
20:27:43.0331 0x17f4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:27:43.0337 0x17f4  TrustedInstaller - ok
20:27:43.0407 0x17f4  [ 49A7B6FA85922256A0FB9C6BF4378A5A, 007B10516E9ABDAAA473331E9A479C47747C8817FDA3820CC5755BFE0E7281B8 ] TSFLTDRV_V3LITE30 C:\PROGRA~1\AhnLab\V3Lite30\TSFLTDRV.sys
20:27:43.0414 0x17f4  TSFLTDRV_V3LITE30 - ok
20:27:43.0463 0x17f4  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:27:43.0465 0x17f4  tssecsrv - ok
20:27:43.0482 0x17f4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:27:43.0484 0x17f4  TsUsbFlt - ok
20:27:43.0488 0x17f4  tsusbhub - ok
20:27:43.0551 0x17f4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:27:43.0554 0x17f4  tunnel - ok
20:27:43.0586 0x17f4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:27:43.0588 0x17f4  uagp35 - ok
20:27:43.0630 0x17f4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:27:43.0638 0x17f4  udfs - ok
20:27:43.0663 0x17f4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:27:43.0667 0x17f4  UI0Detect - ok
20:27:43.0682 0x17f4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:27:43.0684 0x17f4  uliagpkx - ok
20:27:43.0702 0x17f4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
20:27:43.0704 0x17f4  umbus - ok
20:27:43.0718 0x17f4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:27:43.0719 0x17f4  UmPass - ok
20:27:43.0737 0x17f4  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:27:43.0745 0x17f4  UmRdpService - ok
20:27:43.0758 0x17f4  Update trolatunt - ok
20:27:43.0799 0x17f4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:27:43.0812 0x17f4  upnphost - ok
20:27:43.0849 0x17f4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:27:43.0852 0x17f4  usbaudio - ok
20:27:43.0881 0x17f4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:27:43.0884 0x17f4  usbccgp - ok
20:27:43.0917 0x17f4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:27:43.0920 0x17f4  usbcir - ok
20:27:43.0948 0x17f4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:27:43.0950 0x17f4  usbehci - ok
20:27:43.0997 0x17f4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:27:44.0006 0x17f4  usbhub - ok
20:27:44.0017 0x17f4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:27:44.0018 0x17f4  usbohci - ok
20:27:44.0051 0x17f4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:27:44.0052 0x17f4  usbprint - ok
20:27:44.0068 0x17f4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:27:44.0071 0x17f4  USBSTOR - ok
20:27:44.0110 0x17f4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:27:44.0111 0x17f4  usbuhci - ok
20:27:44.0126 0x17f4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:27:44.0129 0x17f4  UxSms - ok
20:27:44.0189 0x17f4  [ 964FBF81EB341DB7F819A5548690ED32, 0B0CE08FCCAB2B7F86A5CFAE8C657D0C97A4973110150691B0FF91677A4831AE ] V3 Service      C:\Program Files\AhnLab\V3Lite30\ASDSvc.exe
20:27:44.0206 0x17f4  V3 Service - ok
20:27:44.0228 0x17f4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
20:27:44.0230 0x17f4  VaultSvc - ok
20:27:44.0245 0x17f4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:27:44.0249 0x17f4  vdrvroot - ok
20:27:44.0297 0x17f4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:27:44.0315 0x17f4  vds - ok
20:27:44.0327 0x17f4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:27:44.0328 0x17f4  vga - ok
20:27:44.0342 0x17f4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:27:44.0344 0x17f4  VgaSave - ok
20:27:44.0348 0x17f4  VGPU - ok
20:27:44.0385 0x17f4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:27:44.0391 0x17f4  vhdmp - ok
20:27:44.0414 0x17f4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:27:44.0415 0x17f4  viaide - ok
20:27:44.0451 0x17f4  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:27:44.0456 0x17f4  vmbus - ok
20:27:44.0473 0x17f4  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:27:44.0474 0x17f4  VMBusHID - ok
20:27:44.0494 0x17f4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:27:44.0496 0x17f4  volmgr - ok
20:27:44.0534 0x17f4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:27:44.0543 0x17f4  volmgrx - ok
20:27:44.0562 0x17f4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:27:44.0570 0x17f4  volsnap - ok
20:27:44.0598 0x17f4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:27:44.0602 0x17f4  vsmraid - ok
20:27:44.0665 0x17f4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:27:44.0714 0x17f4  VSS - ok
20:27:44.0731 0x17f4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:27:44.0733 0x17f4  vwifibus - ok
20:27:44.0798 0x17f4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:27:44.0811 0x17f4  W32Time - ok
20:27:44.0831 0x17f4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:27:44.0832 0x17f4  WacomPen - ok
20:27:44.0845 0x17f4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:27:44.0848 0x17f4  WANARP - ok
20:27:44.0860 0x17f4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:27:44.0863 0x17f4  Wanarpv6 - ok
20:27:44.0936 0x17f4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:27:44.0972 0x17f4  WatAdminSvc - ok
20:27:45.0052 0x17f4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:27:45.0096 0x17f4  wbengine - ok
20:27:45.0116 0x17f4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:27:45.0125 0x17f4  WbioSrvc - ok
20:27:45.0154 0x17f4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:27:45.0167 0x17f4  wcncsvc - ok
20:27:45.0181 0x17f4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:27:45.0187 0x17f4  WcsPlugInService - ok
20:27:45.0193 0x17f4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:27:45.0194 0x17f4  Wd - ok
20:27:45.0244 0x17f4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:27:45.0267 0x17f4  Wdf01000 - ok
20:27:45.0297 0x17f4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:27:45.0301 0x17f4  WdiServiceHost - ok
20:27:45.0307 0x17f4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:27:45.0311 0x17f4  WdiSystemHost - ok
20:27:45.0350 0x17f4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClien


#14 maske3344

maske3344
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 25 July 2014 - 10:11 PM

The first one was the tdsskiller.
Now, it's mbr. (4 files infected)

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-25 20:52:50
-----------------------------
20:52:50.898 OS Version: Windows x64 6.1.7601 Service Pack 1
20:52:50.898 Number of processors: 2 586 0x203
20:52:50.899 ComputerName: ±¸Á¤¾Ö-PC UserName: ±¸Á¤¾Ö
20:52:53.782 Initialize success
20:52:54.163 VM: initialized successfully
20:52:54.167 VM: Amd CPU supported
20:53:03.319 VM: supported disk I/O ataport.SYS
21:27:39.485 AVAST engine defs: 14072501
21:28:11.162 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:28:11.165 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01117 Size: 953869MB BusType: 3
21:28:11.292 Disk 0 MBR read successfully
21:28:11.296 Disk 0 MBR scan
21:28:11.352 Disk 0 Windows 7 default MBR code
21:28:11.356 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:28:11.376 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 476906 MB offset 80325
21:28:11.381 Disk 0 default boot code
21:28:11.416 Disk 0 Partition - 00 0F Extended LBA 476913 MB offset 976784130
21:28:11.436 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 476913 MB offset 976784193
21:28:11.541 Disk 0 scanning C:\Windows\system32\drivers
21:28:31.170 Service scanning
21:29:07.075 Modules scanning
21:29:07.076 Disk 0 trace - called modules:
21:29:07.084 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:29:07.084 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004901060]
21:29:07.085 3 CLASSPNP.SYS[fffff8800194043f] -> nt!IofCallDriver -> [0xfffffa8003ab2670]
21:29:07.085 5 ACPI.sys[fffff88000f9a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003ac0060]
21:29:08.893 AVAST engine scan C:\Windows
21:29:25.274 AVAST engine scan C:\Windows\system32
21:39:23.599 AVAST engine scan C:\Windows\system32\drivers
21:40:12.909 AVAST engine scan C:\Users\±¸Á¤¾Ö
21:41:34.093 File: C:\Users\±¸Á¤¾Ö\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000c7b **INFECTED** Win32:Malware-gen
21:42:03.796 File: C:\Users\±¸Á¤¾Ö\AppData\Local\Google\Chrome\User Data\Default\File System\015\t\00\00000000 **INFECTED** Win32:Malware-gen
21:46:38.677 File: C:\Users\±¸Á¤¾Ö\AppData\Local\Temp\ms.exe **INFECTED** Win32:Dropper-gen [Drp]
21:46:46.449 File: C:\Users\±¸Á¤¾Ö\AppData\Local\Temp\qms.exe **INFECTED** Win32:Dropper-gen [Drp]
21:47:12.239 File: C:\Users\±¸Á¤¾Ö\AppData\Local\Temp\VOPackage.exe **INFECTED** Win32:Dropper-gen [Drp]
21:49:09.423 File: C:\Users\±¸Á¤¾Ö\AppData\Roaming\VOPackage\VOPackage.exe **INFECTED** Win32:Dropper-gen [Drp]
21:52:20.756 AVAST engine scan C:\ProgramData
22:02:52.274 Scan finished successfully
22:06:50.334 Disk 0 MBR has been saved successfully to "C:\Users\±¸Á¤¾Ö\Videos\MBR.dat"
22:06:50.432 The log file has been saved successfully to "C:\Users\±¸Á¤¾Ö\Videos\aswMBR.txt"

Attached Files


Edited by nasdaq, 26 July 2014 - 06:31 AM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 AM

Posted 31 July 2014 - 10:10 AM

Run the aswMBR tool one more time and just let me know which options are available to your.

FixMBR,Fix or both.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users